Más contenido relacionado La actualidad más candente (14) Similar a Выдержит ли ваш бизнес натиск ransomware? (20) Más de Positive Hack Days (20) Выдержит ли ваш бизнес натиск ransomware?1. PROPRIETARY AND CONFIDENTIAL 1ACRONIS © 2017
WILL YOUR BUSINESS
STAND A RANSOMWARE?
Yulia Omelyanenko
Unit Manager of governance, risks and compliance
Positive Hack Days VII, Moscow
2. PROPRIETARY AND CONFIDENTIAL 2ACRONIS © 2017
Bio Overview
• 6 years in Information Security
• 3 years in GRC (before it became mainstream)
• GRC unit manager in Acronis
• Previously worked as GRC manager for multiple regions in
pharmaceuticals, security auditor and consultant
3. PROPRIETARY AND CONFIDENTIAL 3ACRONIS © 2017
Business continuity program purpose is to ensure that
business-critical assets are continuously available
5. PROPRIETARY AND CONFIDENTIAL 5ACRONIS © 2017
Leadership Commitment of
BCP
ü Understand value and purpose
ü Establish Business Continuity
Program
#1
6. PROPRIETARY AND CONFIDENTIAL 6ACRONIS © 2017
Risk Assessment and
Threat Modelling
ü Define disruptive events
ü Assess impact and analyze
risks
ü Propose risk treatment
#2
Risk Assessment for
BCP may be
performed as part of
global Risk
Management initiative
Must contain all
threats that may cause
loss of availability
7. PROPRIETARY AND CONFIDENTIAL 7ACRONIS © 2017
Conduct a Business Impact Analysis (BIA)
ü Identify critical assets and processes
ü Define recovery time and recovery point
ü Identify other parties and resources for recovery
#3
12. PROPRIETARY AND CONFIDENTIAL 12ACRONIS © 2017
The main purpose of BCP is to to ensure that an organization can
continue to operate in case of serious incidents or disasters and is
able to recover to an operational state within a reasonably short
timeline
13. PROPRIETARY AND CONFIDENTIAL 13ACRONIS © 2017
Risk Assessment and
Threat Modelling
#2 Integrate BCP or its
part with InfoSec
activities
Threat
models
Operational risks
Risk
Assessment
Loss of asset availability?
BIA
Human made disasters
Natural disasters
Third party risks
How possible it is
we will catch
ransomware?
What assets might
be damaged?
15. PROPRIETARY AND CONFIDENTIAL 15ACRONIS © 2017
Conduct a Business Impact
Analysis (BIA)
#3 BIA must include all
possible scenarios
Calculate:
● Cost of resources
for recovery
● Possible damage
caused by disaster
We have lost a number of
assets. What consequences
may this have?
16. PROPRIETARY AND CONFIDENTIAL 16ACRONIS © 2017
Disaster recovery plan#4
DRP for business
IT continuity plan
Incident
management
Backup and
recovery
Asset
management
Segregation
of duties
ITCP in SLA
17. PROPRIETARY AND CONFIDENTIAL 17ACRONIS © 2017
Ransomware recovery chain
Risk Assessment
and
Threat
Modelling
How ransomware can potentially appear in network;
How internal processes can be enhanced to minimize
this risk;
What assets might be damaged with ransomware;
Conduct a
Business Impact
Analysis (BIA)
How much can company lose if systems are encrypted;
How much downtime can the company accept;
What kind of remediation is possible and how much will
it cost
Disaster
recovery plan
Backup and restore plans;
Internal forensic lab
Equipment replacement;
Pay the hackers, etc.
18. PROPRIETARY AND CONFIDENTIAL 18ACRONIS © 2017
Hints for DRP implementation
1) You already might have enough necessary processes in place
to prepare a DRP
2) Delegate functionally on business associates (5% of daily
responsibilities)
3) Extract ITCP part if business doesn’t support solid BCP
4) Test your disaster recovery plans (e.g. perform periodic test
backup and restore)