SlideShare una empresa de Scribd logo

Proactive incident response

Brian Honan
Brian Honan

Presentation on Proactive Incident Response with links to some interesting material to help improve your incident response capabilities

Tecnología
1 de 102
Helping You Piece IT Together http://www.bhconsulting.ie info@bhconsulting.ie Proactive Incident Response ISACA Ireland
Who is Brian Honan?
Who is Brian Honan?
Infosec Certainties
Why Care?
Business Drivers
More than Half of US Companies Rate Data Security As a Major Concern - 12th annual Law and the Boardroom Study 2012 Cybersecurity has become the top global technological issue Source: Deloitte 2012 Global Financial Services Industry Security Study “IT security is no longer a trivial issue and is now becoming part of a company’s boardroom discussion” Source: IBM Boardroom Agenda Item
IT Critical
Systems Under Constant Threat
Threats Are Evolving
Modern Attackers
Resurgence of Hacktivism WE DO NOT FORGIVE. WE DO NOT FORGET. EXPECT US
Faces Behind the Masks
Crime As A Service
Crime As A Service
Malware As A Service
Criminal Marketplaces
DDOS As A Service
Irish Ransomware Victims What if This Was Your Office?
Irish Themed Ransomware
As Gaeilge What if This Was Your Office?
Greater Insider Threat
Impact
Espionage
Anatomy of an Attack
Natanz
Recognised Threat
Recognised Threat “the cyber threat to our nation is one of the most serious economic and national security challenges we face.” "industrial-scale processes involving many thousands of people lying behind both state sponsored cyber espionage and organised cyber crime".
Pyramid Of Pain Courtesy Tripwire
Traditional IT Security
Ancient Security
Ancient Security
Fortified Perimeter
Ingress/Egress Points
Layered Security
Perimeter Defences
Good Against
And
But Not Against
Or
Or
So In Reality Is Like
Crack the Outer Shell
Verizon DBIR
Breach Detection 69% 22% 9% Detected by 3rd Party Detected by Org Detected by Customer Source: Verizon DBIR 2013
Time To Discover Breach 34% 4% 62% Less than A month Years or More Months or More Source: Verizon DBIR 2013
Difficulty 78% 22% Not Difficult Moderate to Difficult Source: Verizon DBIR 2013
2012 – IRISSCERT Incidents
Phishing, 74% Malware, 19% Other, 7% 2012 – IRISSCERT Incidents
Org Crime, 95% Other, 5% 2012 – IRISSCERT Incidents
 Increase in Targeted Attacks  Increase in DDOS Attacks  Increase in Activism  Ransomware Attacks 2012 – IRISSCERT Incidents
 Root Cause  Poor Passwords  Missing Patches  Vulnerabilities  Web Platforms  Out of Data Anti-Virus Software  Lack of Monitoring 2012 – IRISSCERT Incidents
Why Are We Bad in Detecting Incidents?
Are Tools Fit For Purpose?
Volume of Information
Drowning In Data
Dealing With The Future
Information Security
Continuous Cycle Identify critical information and Systems Conduct Assessment to Identify Risks and Threats Implement Security Controls to Manage Risks & Threats Monitor Effectiveness of Security Controls Analyze and Identify Improvements to Security Controls
Identify Information Assets
Risk Management Strategies
Select Appropriate Controls
Preventive Controls
Detective Controls
Security Tradeoffs
Positive Incident Response
Establish Team Information Security Operations Human Resources Legal Public Relations Facilities Management
Understand Your Business
Establish Relationships
Agree Roles & Responsibilities
Agree Policies & Procedures
Alarms in Place
Monitor Logs
Harden Systems
Use Security Tools
Segment Your Information
Analyse Network Patterns
Love Your Auditor
Ensure Controls Effective
Train Staff & Partners
Use Open Source Data
Use IOCs
Use IOCs
Use Blacklists
Break the Attack Chain
Agree Jurisdictional Issues
Agree Disclosure Rules
Don’t Forget The Basics
Patching
Strong Passwords (2FA?)
Anti-Virus
Set Traps
Dealing With The Cloud
Consumer Tech
Ensure IR Requirements in T&Cs
Encrypt Data
Share with Peers http://www.veriscommunity.net/doku.php
Questions ? Brian.honan@bhconsulting.ie www.bhconsulting.ie www.twitter.com/brianhonan www.bhconsulting.ie/securitywatch Tel : +353 – 1 - 4404065
 CSIRT Handbook http://www.cert.org/archive/pdf/csirt-handbook.pdf  Forming an Incident Response Team http://www.auscert.org.au/render.html?it=2252  Incident Response White Paper – BH Consulting http://www.bhconsulting.ie/Incident%20Response%20White%20Paper.pdf  RFC2350: Expectations for Computer Security Incident Response http://www.rfc-archive.org/getrfc.php?rfc=2350  Organisational Models for Computer Security Incident Response Teams http://www.cert.org/archive/pdf/03hb001.pdf  The SANS Institute’s Reading Room http://www.sans.org/reading_room Appendices
 Guidelines for Evidence Collection and Archiving (RFC 3227) http://www.ietf.org/rfc/rfc3227.txt  Resources for Computer Security Incident Response Teams (CSIRTs) http://www.cert.org/csirts/resources.html  RFC 2196: Site Security Handbook http://www.faqs.org/rfcs/rfc2196.html  ENISA Step by Step Guide for setting up CERTS http://enisa.europa.eu/doc/pdf/deliverables/enisa_csirt_setting_up_guide.pdf  CSIRT Case Classification (Example for enterprise CSIRT) http://www.first.org/resources/guides/csirt_case_classification.html Appendices
 ENISA Honeypot Paper http://www.enisa.europa.eu/media/press-releases/new-report-by-eu-agency-enisa- on-digital-trap-honeypots-to-detect-cyber-attacks  The HoneyNet Project http://www.honeynet.org  Verizon DBIR http://www.verizonenterprise.com/DBIR/2013/  BH Consulting Whitepaper on “Best Practises for Log Management” http://bhconsulting.ie/Best%20Practises%20for%20Log%20Management.pdf  The SANS reading room http://www.sans.org/rr/whitepapers/logging/  Event ID website given explanations to MS events http://www.eventid.net/ Appendices
 Local Logon Attempt Failures  Event IDs 529, 530, 531, 532, 533, 534 & 537.  Domain Logon Account Failures  Event IDs 675, 677  Account Misuse  Event IDs 530, 531, 532, 533  Account lockout  Event ID 539  Terminal Services  Event IDs 682, 683  Creation of a User Account  Event IDs 624, 626  User Account password Change  Event IDs 627, 628  User Account Status Change  Event IDs 626, 629, 630  Modification of Security Groups  Event IDs 632, 633, 636, 637  Modification of Security Log  Event IDs 612, 517  Policy Change  Event IDs 608, 609  Process Tracking  Event IDs 592, 593 (note due to volume of log entries only monitor process tracking during an investigation.) Appendices

Recomendados

Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
Tom K
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Jason Murray
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Sergey Soldatov
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Priyanka Aash
 

Recomendados

Cyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General AudienceCyber Kill Chain Deck for General Audience
Cyber Kill Chain Deck for General Audience
Tom K
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
Iain Dickson
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
Kumar Gaurav
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
David Sweigert
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
Jason Murray
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
ZaiffiEhsan
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
Sergey Soldatov
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Priyanka Aash
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
Napier University
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
n|u - The Open Security Community
 
Mobile security
Mobile securityMobile security
Mobile security
priyanka pandey
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
ReZa AdineH
 
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptxCapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapitolTechU
 
Threat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxThreat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptx
Infosec
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
Marlabs
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
Suwitcha Musijaral CISSP,CISA,GWAPT,SNORTCP
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Adam Pennington
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
Digit Oktavianto
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
LogRhythm
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
NTT Innovation Institute Inc.
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
Danny Wong
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
Ankita Ganguly
 
Incident response process
Incident response processIncident response process
Incident response process
Bhupeshkumar Nanhe
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 
Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response Program
Lancope, Inc.
 
Investigating Hackers' Tools
Investigating Hackers' ToolsInvestigating Hackers' Tools
Investigating Hackers' Tools
Israel Umana
 

Más contenido relacionado

La actualidad más candente

Threat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxThreat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptx
Infosec
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
Steve Lodin
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
 

La actualidad más candente (20)

Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Mobile security
Mobile securityMobile security
Mobile security
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptxCapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
CapTech Talks--OSINT- Dr. Kellup Charles 10--6-22.pptx
 
Threat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptxThreat hunting foundations: People, process and technology.pptx
Threat hunting foundations: People, process and technology.pptx
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
Anomali Detect 19 - Nickels & Pennington - Turning Intelligence into Action w...
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources7 Steps to Build a SOC with Limited Resources
7 Steps to Build a SOC with Limited Resources
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Incident response
Incident responseIncident response
Incident response
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
 
Cyber kill chain
Cyber kill chainCyber kill chain
Cyber kill chain
 
Incident response process
Incident response processIncident response process
Incident response process
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
 

Destacado

Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response Program
Lancope, Inc.
 
Can Taltavuit Ibiza. Magnificient Villa for Vacation Rentals in Ibiza
Can Taltavuit Ibiza. Magnificient Villa for Vacation Rentals in Ibiza Can Taltavuit Ibiza. Magnificient Villa for Vacation Rentals in Ibiza
Can Taltavuit Ibiza. Magnificient Villa for Vacation Rentals in Ibiza
Javier Pérez Gallego ★★★★★ The DOER Ibiza
 
International Day in Oriveden Keskuskoulu 2011
International Day in Oriveden Keskuskoulu 2011International Day in Oriveden Keskuskoulu 2011
International Day in Oriveden Keskuskoulu 2011
Tiina Sarisalmi
 
Turkey School Presentation
Turkey School PresentationTurkey School Presentation
Turkey School Presentation
Tiina Sarisalmi
 
The Moomins from Finland
The Moomins from FinlandThe Moomins from Finland
The Moomins from Finland
Tiina Sarisalmi
 
Exporting Your In Design Portfolio
Exporting Your In Design PortfolioExporting Your In Design Portfolio
Exporting Your In Design Portfolio
Sirron Carrector
 
Cineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo Malattia
Cineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo MalattiaCineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo Malattia
Cineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo Malattia
Marco Contini
 
SRI Brochure -- Boardwalk Capital
SRI Brochure -- Boardwalk CapitalSRI Brochure -- Boardwalk Capital
SRI Brochure -- Boardwalk Capital
Scott Sadler
 
Cineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo Trasporti
Cineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo TrasportiCineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo Trasporti
Cineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo Trasporti
Marco Contini
 

Destacado (20)

Needs of a Modern Incident Response Program
Needs of a Modern Incident Response ProgramNeeds of a Modern Incident Response Program
Needs of a Modern Incident Response Program
 
Investigating Hackers' Tools
Investigating Hackers' ToolsInvestigating Hackers' Tools
Investigating Hackers' Tools
 
Memory forensics and incident response
Memory forensics and incident responseMemory forensics and incident response
Memory forensics and incident response
 
Rok 09
Rok 09Rok 09
Rok 09
 
Can Taltavuit Ibiza. Magnificient Villa for Vacation Rentals in Ibiza
Can Taltavuit Ibiza. Magnificient Villa for Vacation Rentals in Ibiza Can Taltavuit Ibiza. Magnificient Villa for Vacation Rentals in Ibiza
Can Taltavuit Ibiza. Magnificient Villa for Vacation Rentals in Ibiza
 
International Day in Oriveden Keskuskoulu 2011
International Day in Oriveden Keskuskoulu 2011International Day in Oriveden Keskuskoulu 2011
International Day in Oriveden Keskuskoulu 2011
 
Turkey School Presentation
Turkey School PresentationTurkey School Presentation
Turkey School Presentation
 
Optime 8 9 E 10 Giugno Frodi Assicurative
Optime 8 9 E 10 Giugno Frodi AssicurativeOptime 8 9 E 10 Giugno Frodi Assicurative
Optime 8 9 E 10 Giugno Frodi Assicurative
 
The Moomins from Finland
The Moomins from FinlandThe Moomins from Finland
The Moomins from Finland
 
Brochure Assit V Corso Rel. 1.2
Brochure Assit V Corso Rel. 1.2Brochure Assit V Corso Rel. 1.2
Brochure Assit V Corso Rel. 1.2
 
Monitoring Student Work In Moodle Delise Fathers April 2009
Monitoring Student Work In Moodle Delise Fathers April 2009Monitoring Student Work In Moodle Delise Fathers April 2009
Monitoring Student Work In Moodle Delise Fathers April 2009
 
Layer 8 Security - Securing the Nut Between the Keyboard & Screen
Layer 8 Security - Securing the Nut Between the Keyboard & ScreenLayer 8 Security - Securing the Nut Between the Keyboard & Screen
Layer 8 Security - Securing the Nut Between the Keyboard & Screen
 
Ic Sconf2010presentation Dp Bh
Ic Sconf2010presentation Dp BhIc Sconf2010presentation Dp Bh
Ic Sconf2010presentation Dp Bh
 
Exporting Your In Design Portfolio
Exporting Your In Design PortfolioExporting Your In Design Portfolio
Exporting Your In Design Portfolio
 
Exercici11.3
Exercici11.3Exercici11.3
Exercici11.3
 
Cineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo Malattia
Cineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo MalattiaCineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo Malattia
Cineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo Malattia
 
The Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure LawsThe Case for Mandatory Data Breach Disclosure Laws
The Case for Mandatory Data Breach Disclosure Laws
 
SRI Brochure -- Boardwalk Capital
SRI Brochure -- Boardwalk CapitalSRI Brochure -- Boardwalk Capital
SRI Brochure -- Boardwalk Capital
 
Cineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo Trasporti
Cineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo TrasportiCineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo Trasporti
Cineas Corso Taylor Made Per Zurich 28 Aprile 2010 Ramo Trasporti
 
Preparing for Failure - Best Practise for Incident Response
Preparing for Failure - Best Practise for Incident ResponsePreparing for Failure - Best Practise for Incident Response
Preparing for Failure - Best Practise for Incident Response
 

Similar a Proactive incident response

Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
Ulf Mattsson
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
Ulf Mattsson
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
SolarWinds
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
IPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
IPPAI
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
mccormicknadine86
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
sleeperharwell
 
Nonprofit Security Matters: It's Not About the Network
Nonprofit Security Matters: It's Not About the NetworkNonprofit Security Matters: It's Not About the Network
Nonprofit Security Matters: It's Not About the Network
Holly Ross
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
patmisasi
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
RakeshPatel583282
 

Similar a Proactive incident response (20)

Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive securityCisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
Cisco Connect 2018 Malaysia - Risk less, achieve more with proactive security
 
Cyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & RecommendationsCyber Risk Management in 2017: Challenges & Recommendations
Cyber Risk Management in 2017: Challenges & Recommendations
 
Learning from History
Learning from HistoryLearning from History
Learning from History
 
Matt_Cyber Security Core Deck September 2016.pptx
Matt_Cyber Security Core Deck September 2016.pptxMatt_Cyber Security Core Deck September 2016.pptx
Matt_Cyber Security Core Deck September 2016.pptx
 
Information security management v2010
Information security management v2010Information security management v2010
Information security management v2010
 
Cyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & RecommendationsCyber Risk Management in 2017 - Challenges & Recommendations
Cyber Risk Management in 2017 - Challenges & Recommendations
 
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
Federal Webinar: Leverage IT Operations Monitoring and Log Data to Reduce Ins...
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
 
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docxCISSPCertified Information SystemsSecurity ProfessionalCop.docx
CISSPCertified Information SystemsSecurity ProfessionalCop.docx
 
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation StrategiesAon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
 
Nonprofit Security Matters: It's Not About the Network
Nonprofit Security Matters: It's Not About the NetworkNonprofit Security Matters: It's Not About the Network
Nonprofit Security Matters: It's Not About the Network
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
 
New Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: HowlandNew Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: Howland
 
CCA study group
CCA study groupCCA study group
CCA study group
 
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
02_Security_Audit_-_Common_Cyber_Attacks_9.pdf
 

Más de Brian Honan

How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
Brian Honan
 

Más de Brian Honan (17)

Brian honan ipexpo keynote
Brian honan ipexpo keynoteBrian honan ipexpo keynote
Brian honan ipexpo keynote
 
GDPR & Brexit - What Does the Future Hold?
GDPR & Brexit - What Does the Future Hold?GDPR & Brexit - What Does the Future Hold?
GDPR & Brexit - What Does the Future Hold?
 
Ransomware Prevention Guide
Ransomware Prevention GuideRansomware Prevention Guide
Ransomware Prevention Guide
 
Brian honan
Brian honanBrian honan
Brian honan
 
The dark side of the internet
The dark side of the internetThe dark side of the internet
The dark side of the internet
 
Data security brian honan
Data security brian honanData security brian honan
Data security brian honan
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...
 
Incident Response in the Cloud
Incident Response in the CloudIncident Response in the Cloud
Incident Response in the Cloud
 
How to Like Social Media Network Security
How to Like Social Media Network SecurityHow to Like Social Media Network Security
How to Like Social Media Network Security
 
Bridging the air gap
Bridging the air gapBridging the air gap
Bridging the air gap
 
Incident response cloud
Incident response cloudIncident response cloud
Incident response cloud
 
Best practises for log management
Best practises for log managementBest practises for log management
Best practises for log management
 
Cloud security
Cloud securityCloud security
Cloud security
 
Creating a CERT at WARP Speed
Creating a CERT at WARP SpeedCreating a CERT at WARP Speed
Creating a CERT at WARP Speed
 
Knowing Me Knowing You
Knowing Me Knowing YouKnowing Me Knowing You
Knowing Me Knowing You
 
Scare Ware From Ireland
Scare Ware From IrelandScare Ware From Ireland
Scare Ware From Ireland
 
Hot Topics For 2010
Hot Topics For 2010Hot Topics For 2010
Hot Topics For 2010
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Último (20)

How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Proactive incident response