the autopsy of a data breach - webinar
DESCRIPTION
In July 2013 the US Department of Energy suffered a breach caused by a known vulnerability in one of the applications used to store personal data from employees and their family members. A total of 104,000 records were exposed. Following the incident, the department investigated the chain of events that led to the breach. The case illustrates some of the common challenges that organizations face when attempting to maintain the security of their technology environments. The challenges include: fragmented infrastructures and heterogeneous environments; competing priorities between business units; unclear lines of responsibility and undocumented processes; lack of urgency and awareness over cyber security issues and the skills to assess risk; inadequate authority; and ineffective internal communication and coordination. The in-depth scrutiny of the causes and consequences of this breach gives us the opportunity to reflect upon the challenges we face within our own organization. A case such as this shows that, while basic security principles seem obvious and easy to implement – and many of us assume they are in place – reality can sometimes prove to be very different to theory and best practice recommendations. Join us, when we analyze the case and the data showing the importance of maintaining an overview and control over IT environments. Key takeaways: -Insights into the common challenges that organizations face when implementing an IT security strategy -Data on the cost and consequences of data breaches -Best practices for implementing a security baseline -The importance of vulnerability intelligence to support risk assessment -The importance of mitigating actions to avoid security breaches - Q&A sessionTRANSCRIPT
The Autopsy of a Data Breach Learning from a real-life case
Milan Koppen
Solution Specialist, MCP, MCITP, CompTIA Security+
The Autopsy of a Data Breach 23-06-2014 2
Why do we continue to see breaches?
Our common challenges
The autopsy of a data breach
The figures
The history
Findings of the review
Recommendations
Lessons to be learnt
Back to basics with an eye on the future
Contextualizing
The importance of Vulnerability Intelligence
The criticality of decision-making based on risk assessment
Complete Patch Management and the Vulnerability Management lifecycle
Agenda
The Autopsy of a Data Breach 23-06-2014 3
Why, despite all the awareness, do we
continue to see security breaches that
exploit well-known vulnerabilities?
The Autopsy of a Data Breach 23-06-2014 4
“Compounding matters, the attack surface –
partners, suppliers, customers, and others –
has expanded as an ever-greater volume of
data flows through interconnected digital
channels.”
- PwC
Source: “Defending Yesterday – The Global State of Information Security Survey 2014”, PwC, CIO magazine, CSO magazine, 2013
http://www.pwc.com/gx/en/consulting-services/information-security-survey/download.jhtml
Our common challenges
The Autopsy of a Data Breach 23-06-2014 5
The abundance of technologies
The Autopsy of a Data Breach 23-06-2014 6
The abundance of acronyms
How to decipher the meaning
behind the letters
The Autopsy of a Data Breach 23-06-2014 7
“Building and sustaining a culture of
security awareness will also require the
full support of top executives, including
the CEO and board. This must be an
ongoing discussion.”
- PwC
Limited budget and lack of executive support
Source: “Defending Yesterday – The Global State of Information Security Survey 2014”, PwC, CIO magazine, CSO magazine, 2013
http://www.pwc.com/gx/en/consulting-services/information-security-survey/download.jhtml
The Autopsy of a Data Breach 23-06-2014 8
How much does a breach cost?
How much does it cost to remediate a
security incident?
What is the risk?
What are the possible consequences
of a breach?
How much should I invest to mitigate
such risk?
How should I prioritize my budget
distribution?
How do I prove the return on
investment for security technologies?
How to forecast the cost of a data breach?
The Autopsy of a Data Breach 9
Presenter Milan Koppen, Senior Solution Specialist
Watch the entire webinar here:
https://www.brighttalk.com/webcast/8113/98983