researchsoc iu edu thank you for attending the webinar
play

researchsoc.iu.edu Thank you for attending. The webinar will begin - PowerPoint PPT Presentation

Jul 04, 2023 •190 likes •458 views

researchsoc.iu.edu Thank you for attending. The webinar will begin shortly. JUNE 25, 2020 Strategies for Better Incident Response ResearchSOC Webinar Series Research Security Operations Center The NSF Collaborative Security Response Center

  1. researchsoc.iu.edu Thank you for attending. The webinar will begin shortly.

  2. JUNE 25, 2020 Strategies for Better Incident Response ResearchSOC Webinar Series Research Security Operations Center The NSF Collaborative Security Response Center

  3. Housekeeping All participants are on mute. ● Ask your questions via the Q&A feature. ● We will record this webinar and ● provide a link. Slides will also be made available. ●

  4. Who is ResearchSOC? Project leadership REN-ISAC Threat intelligence Project liaison OmniSOC 24x7x365 Virtual Security Teams* Eyes on Glass SOC Training for STINGAR decoy Vulnerability scanning Higher Ed infosec computers (honeypots)

  5. JUNE 25, 2020 Strategies for Better Incident Response Joshua Drake Senior Security Analyst IU Center for Applied Cybersecurity Research

  6. Security Incidents and Response Defining an incident • Series of events resulting in compromise or threat of compromise to your physical or digital assets Functions of incident response • Minimize the negative impact • Gather and protect information • Communicate and coordinate with stakeholders • Maintain or recover operational availability

  7. Elements of effective incident response Prepared Define in advance methods for: • assigning roles and responsibilities • documenting the incident and the response actions Systematic • communicating information to stakeholders • validating an incident has occured Iterative • containing malicious behaviors • maintaining operational security

  8. Elements of effective incident response Prepared Covers response across many areas crucial to your organizational objectives Systematic • aligns with organizational objectives • prioritizes the most important response functions: • Minimize the negative impact Iterative • Gather and protect information • Communicate and coordinate with stakeholders • Maintain or recover operational availabilit y

  9. Elements of effective incident response Response procedures should be tested and updated Prepared regularly • easy to find for all stakeholders Systematic • easy to read • frequently referenced continually refined • Iterative

  10. A Little Preparation Incident Response Checklist Key responsibilities Define organizational objectives Who can declare an incident? ❏ ❏ Define roles and responsibilities Who can form an incident response ❏ ❏ Maintain inventory of assets and risks team? ❏ Create a MISPP Who can communicate with external ❏ ❏ Create an Incident Response Policy stakeholders? ❏ Who can close an incident? ❏

  11. A Little Preparation Incident Response Checklist Key responsibilities Define organizational objectives Who can declare an incident? ❏ ❏ Define roles and responsibilities Who can form an incident response ❏ ❏ Maintain inventory of assets/liabilities team? ❏ Create a MISPP Who can communicate with external ❏ ❏ Create an Incident Response Policy stakeholders? ❏ Who can close an incident? ❏

  12. Poll Questions Q1. Do you have a Master Information Security Policy in place today? Q2. Do you have an incident response policy in place today? TrustedCI.org/guide MISPP and Incident Response Templates

  13. Response Workflow- Filling out the framework

  14. Response Workflow- Identification Strategies for identification Who all staff and stakeholders Train and educate staff on reporting ❏ ➔ Tools indicators of compromise (IoC) Make IoC easy to report security controls - antivirus, IDS/IPS ❏ ➔ Have adequate controls in place system Logs and reports ❏ ➔ Conduct regular security exercises human reporting of unusual activity ❏ ➔ Have effective threat intelligence ❏ Actions capture and review log data (automation!) ➔ gather relevant information for analysis ➔ triage and Escalate potential events ➔

  15. Response Workflow- Documentation Effective documentation strategies Who help desk, analysts, incident response team Take analog notes if possible ❏ ➔ Tools Record date and time for all discoveries ❏ and actions taken notebooks, paper and pens ➔ Backup documentation collaborative note taking software ❏ ➔ Conduct interview/note taking asap cold storage ❏ ➔ Continue to document during all steps ❏ Actions of response record the timeline of events ➔ capture images of affected machines ➔ protect evidence by maintaining chain of custody ➔

  16. Response Workflow- Escalation Strategies for effective escalation Who CISO, help desk, analysts, incident response team Clearly define how to escalate a ❏ ➔ Tools potential incident in IR policy Assign the responsibility for declaring information security policies - MISPP, IRP ❏ ➔ an incident in IR policy predefined escalation channels ➔ Test escalation channels with security predefined thresholds for declaring an incident ❏ ➔ exercises Actions report and escalate incidents ➔ validate if an incident has occured ➔ declare the incident and form the incident ➔ response team

  17. Response Workflow- Containment Strategies for effective containment Who incident response team, IT Halt the breach but don’t destroy ❏ ➔ Tools crucial information Maintain operational security as network and system management ❏ ➔ defined in your IR policy sandbox environment(s) ➔ Document all actions taken with backup/imaging software ❏ ➔ timestamps Actions Gather as much info as possible from ❏ identify affected systems and isolate them from ➔ affected systems the rest of your resources backup or image affected systems for later ➔ investigation disable accounts and services ➔

  18. Response Workflow- Recovery Strategies for effective recovery Who incident response team, IT Assign resources according to ❏ ➔ Tools objectives Assess risk of restoring vs rebuilding policies ❏ ➔ compromised systems organizational objectives ➔ Carefully consider if you will involve Actions ❏ outside resources in response determine the extent of incident ➔ Have a communication strategy ❏ classify the severity of the incident ➔ Define a role to handle ❏ identify impact to operations and obligations to ➔ communications in response team develop a recovery strategy assign adequate resources to execute recovery ➔ plan

  19. Response Workflow- Eradication Strategies for effective eradication Who incident response team, IT, management, outside Catalog evidence gathered ❏ ➔ agencies Carefully remediate all sources of ❏ compromise after RCA Tools Evaluate and improve security controls incident documentation ❏ ➔ based on findings security controls ➔ Carefully test and monitor affected ❏ Actions systems after the incident verify no indicators of compromise remain ➔ perform root cause analysis ➔ remove sources of compromise ➔ verify integrity of recovered systems ➔

  20. Response Workflow- Final Steps Strategies for effective maturation Who incident response team, management, security Assess what worked and what didn’t ❏ ➔ team, legal team with the existing plan Have your final report vetted by Tools ❏ management and/or legal post-mortem ➔ Review, revise, and add security policies policy review ❏ ➔ as you use them in the field Actions Keep track of vulnerabilities and rough ❏ write narrative report based on final documentation ➔ spots in process to test in future determine if further legal/criminal action is needed ➔ security exercise distribute report to stakeholders and community as ➔ required and desired

  21. Takeaways Most incidents are not high severity ❏ Practice and experience are your most effective ❏ tools and practicing calm and organized response Security is a process, not a product, start building ❏ momentum today Build your own template and start maturing it ❏ TrustedCI.org/guide MISPP and Incident Response Templates

  22. Poll Questions Q3. Have you or your organization responded to an incident in the last 90 days? ResearchSOC Webinars More information on: • security exercises • security metrics • crisis management

  23. Thank you Joshua Drake, Senior Security Analyst @ drakejc@iu.edu researchsoc.iu.edu

  24. Contact us researchsoc.iu.edu rsoc@iu.edu @ The ResearchSOC is supported by the National Science Foundation under Grant 1840034. The views expressed do not necessarily reflect the views of the National Science Foundation or any other organization.

  26. Strategies for Better Incident Response ResearchSOC Webinar Series - June 2020 Joshua Drake Senior Security Analyst, Indiana University Center for Applied Cybersecurity Research

Recommend

researchsoc.iu.edu Thank you for attending. Our webinar will begin shortly. Building a Security

researchsoc.iu.edu Thank you for attending. Our webinar will begin shortly. Building a Security

researchsoc.iu.edu Thank you for attending. Our webinar will begin shortly. Building a Security Exercise Program Josh Drake Senior Security Analyst, Indiana University Center for Applied Cybersecurity Research Housekeeping All

461 views • 30 slides
Webinar FAQ Thank you for attending our webinar series and for submitting questions to our

Webinar FAQ Thank you for attending our webinar series and for submitting questions to our

Webinar FAQ Thank you for attending our webinar series and for submitting questions to our speakers. We are grateful to all of you for your contribution to our national effort in diagnostics. While it is not possible for all questions to be

196 views • 6 slides
2:00 PM 3:30 PM Thank you for attending! Preferred audio through computer

2:00 PM 3:30 PM Thank you for attending! Preferred audio through computer

Arizona Heat Season 2020 Recap Webinar December 3, 2020 2:00 PM 3:30 PM Thank you for attending! Preferred audio through computer microphone/speaker Alternate audio available through phone This webinar is being recorded. Slide

960 views • 85 slides
I would like to thank everyone for attending todays webinar presentation covering the LEP

I would like to thank everyone for attending todays webinar presentation covering the LEP

I would like to thank everyone for attending todays webinar presentation covering the LEP Program Survey, which is a data set collected during PIMS Collection 4 and also covering the ELL End of Year Counts PIMS Internal Snapshot. Before

1.25k views • 62 slides
Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your

Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your

Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your first & last name and county in the chat bar. If there are several people attending the webinar from the same conference room/office/etc.,

544 views • 28 slides
Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your

Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your

Wel elcome to o the e CCIM4C Webinar S r Seri ries! Before we begin, please type in your first & last name and county in the chat bar. If there are several people attending the webinar from the same conference room/office/etc.,

599 views • 42 slides
2016 Rural Behavioral Health Webinar Series Examining Community Schools in Rural Communities

2016 Rural Behavioral Health Webinar Series Examining Community Schools in Rural Communities

2016 Rural Behavioral Health Webinar Series Examining Community Schools in Rural Communities August 31, 2016 Thank you for attending this webinar! It will begin shortly at 3:00 pm E.T. Welcome to Todays Webinar Audio Information: Dial

1.03k views • 64 slides
Second Call for Transformative Healthcare Technologies Briefing Webinar - Thursday 10 th September

Second Call for Transformative Healthcare Technologies Briefing Webinar - Thursday 10 th September

Second Call for Transformative Healthcare Technologies Briefing Webinar - Thursday 10 th September 2020 Welcome Thank you for attending The webinar will be recorded All material will be made available on the call webpage within one

833 views • 41 slides
Linda Fischer, Im an Educational Specialist with ESE and I will be presenting the webinar

Linda Fischer, Im an Educational Specialist with ESE and I will be presenting the webinar

Webinar: Local School Wellness Policies Thank you everyone for attending our webinar on Local Wellness Policies. My name is Linda Fischer, Im an Educational Specialist with ESE and I will be presenting the webinar today. Im joined today

623 views • 51 slides
bonus slides Don ont P Panic nic or how to survive a PhD Jilles V Vreeke ken

bonus slides Don ont P Panic nic or how to survive a PhD Jilles V Vreeke ken

bonus slides Don ont P Panic nic or how to survive a PhD Jilles V Vreeke ken Attending a Conference Attending a Conference Attending a Conference Attending a Conference Talk to people at all occasions after

603 views • 37 slides
2016 Rural Behavioral Health Webinar Series Developing Partnerships Between Juvenile Justice and

2016 Rural Behavioral Health Webinar Series Developing Partnerships Between Juvenile Justice and

2016 Rural Behavioral Health Webinar Series Developing Partnerships Between Juvenile Justice and Schools: Providing Mental Health Services in Rural Communities July 27, 2016 Thank you for attending this webinar! It will begin shortly at 3:00

457 views • 41 slides
WEBINAR SERIES COVID-19 LEGISLATIVE IMPACT AND SBA RESOURCES APRIL 3, 2020 Thank you for

WEBINAR SERIES COVID-19 LEGISLATIVE IMPACT AND SBA RESOURCES APRIL 3, 2020 Thank you for

NONPROFIT WEBINAR SERIES COVID-19 LEGISLATIVE IMPACT AND SBA RESOURCES APRIL 3, 2020 Thank you for attending! All attendees have been muted. The presentation will start at 1:00pm. Direct all your questions to the Q&A box. Who We Are

765 views • 43 slides
HCBS Settings Rule New Federal Rules for Home and Community-Based Services April 30, 2015

HCBS Settings Rule New Federal Rules for Home and Community-Based Services April 30, 2015

HCBS Settings Rule New Federal Rules for Home and Community-Based Services April 30, 2015 Attendance and Sign In If attending in person, please make sure you sign in If attending via webinar, please send an email to

335 views • 10 slides
2016 Rural Behavioral Health Webinar Series Addressing Maternal and Child Health in Military and

2016 Rural Behavioral Health Webinar Series Addressing Maternal and Child Health in Military and

2016 Rural Behavioral Health Webinar Series Addressing Maternal and Child Health in Military and Veteran Families: The Rural Perspective September 14, 2016, 3:00 - 4:30 p.m. Eastern Thank you for attending this webinar! It will begin shortly

767 views • 27 slides
Attention-based Networks M. Malinowski Why attention? Long term memories - attending to

Attention-based Networks M. Malinowski Why attention? Long term memories - attending to

Attention-based Networks M. Malinowski Why attention? Long term memories - attending to memories Dealing with gradient vanishing problem Exceeding limitations of a global representation Attending/focusing to smaller parts of

1.42k views • 47 slides
Welcome to our Webinar EXCITING TIMES FOR PEDIATRIC EMERGENCY MEDICINE 2 Moderator

Welcome to our Webinar EXCITING TIMES FOR PEDIATRIC EMERGENCY MEDICINE 2 Moderator

Welcome to our Webinar EXCITING TIMES FOR PEDIATRIC EMERGENCY MEDICINE 2 Moderator Michael Gerardi, MD, FAAP, FACEP Director, Pediatric Emergency Services, Atlantic Health System Attending, Department of Emergency Medicine,

493 views • 7 slides
Welcome the session, please also post them in the chat box. We will do our best to address them

Welcome the session, please also post them in the chat box. We will do our best to address them

Please post your organization, location, and role in the chat box. If additional people are attending the webinar with you, please post their first and last names as well. If you have questions or comments during Welcome the

538 views • 50 slides
Presentation to analysts and investors attending Precious Metals Summit Attached is a presentation

Presentation to analysts and investors attending Precious Metals Summit Attached is a presentation

Shareholder Information / 20 September 2018 Presentation to analysts and investors attending Precious Metals Summit Attached is a presentation by Stean Barrie, General Manager Technical Services, to analysts and investors attending the Precious

876 views • 46 slides
Webinar Information All participants Use the This webinar This webinar is lines are questions

Webinar Information All participants Use the This webinar This webinar is lines are questions

2020 Point-in-Time Count Planning for Communities December 12, 2019 1 Coalition on Homelessness and Housing in Ohio | 175 S. Third St. Suite 580 Columbus, OH 43215 Webinar Information All participants Use the This webinar This webinar is

722 views • 22 slides
Welcome and thank you for attending This meeting is being recorded Agenda

Welcome and thank you for attending This meeting is being recorded Agenda

Welcome and thank you for attending This meeting is being recorded Agenda Presentation Public Comment Meeting will end by 7:30 pm Additional comments may be mailed to 1867 West Market Street, Akron, OH 44313-6901or

198 views • 18 slides
In attending this years budget process meetings, the BTA has noted a number of things to be

In attending this years budget process meetings, the BTA has noted a number of things to be

The Town Center, Unit D4, 800 Rosser Avenue, Brandon, MB R7A 6N5 204 729-3141 www.btateach.com date: 26 February 2018 subject: BTA presentation to the Brandon School Division Board of Trustees on the 2018-2019 BSD budget In attending this

259 views • 4 slides
We Welcome ome Thank you for attending! Special thank you to Dr. David A. Williams, Dr. Patrick

We Welcome ome Thank you for attending! Special thank you to Dr. David A. Williams, Dr. Patrick

We Welcome ome Thank you for attending! Special thank you to Dr. David A. Williams, Dr. Patrick Barko, and of course Madelon Hale and her friends and family. Olesia Kennedy, Pres & Founder of Epi4Dogs Foundation Inc, a 501c3 non-profit

501 views • 29 slides
Please be aware that this session is being recorded. If you are attending remotely, please be

Please be aware that this session is being recorded. If you are attending remotely, please be

Please be aware that this session is being recorded. If you are attending remotely, please be sure your microphone is on Mute . Todays Agenda Welcome and OSP Staff Introductions Uniform Guidance: Procurement Requirements IRES

596 views • 33 slides
Overlay Analysis as a Method Understanding Overlay Analysis

Overlay Analysis as a Method Understanding Overlay Analysis

Synthesis Presentation Using Overlay Analysis as a Tool to Identify Restoration Opportunities for Coho Salmon TRFRP Campbell Creek Pilot Project April 26 2018 SLIDE 2 Welcome everyone and thank you for attending this webinar. My name is

314 views • 17 slides

More recommend