Upload
educause
View
215
Download
0
Embed Size (px)
Citation preview
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 1/48
1
2015 Security Professionals Conference
BREACHES:PLANNING + RECOVERY
=RESILIENCY
!"#$ &'"&()"*+,-"( ./01*$'2 340/* 5 6($7/*8$'2 ") 9,:,$;$
<"#$=>,:,$$?/#1 5 @ABAC DEFGHIBB
2015 Security Professionals Conference
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 2/48
2
2015 Security Professionals Conference
Session Outline
• J*/7/(-"( K J*/L,*,-"(
– M>*/,' N,(#80,L/
– 6(#/*8',(#$(O 2"1* *$8P8
– 6($7/*8$'2 ") 9,:,$$ Q0,8/ 8'1#2R
• S,0PO*"1(#
•
S*/,0>/8
•
TU,88 V0-"( N,:81$'
•
&(8-'1-"(,U W/8L"(8/ @.28'/+XT,+L18C
2015 Security Professionals Conference
Agenda - continued
• JU,(($(O –
&#/(-)2 Y/2 JU,2/*8 K Z/0$8$"( [,P/*8
–
6(#/*8',(#$(O '>/ QJU,$(-\R
– &()"*+,-"( ./01*$'2 J*"O*,+
– &(0$#/(' W/8L"(8/ JU,(
–
S*/,0> W/8L"(8/ K ]"-^0,-"( JU,(
–
T"++1($0,-"(8 JU,( –
T"('*,0'8X&(81*,(0/_
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 3/48
3
2015 Security Professionals Conference
Current Trends
2015 Security Professionals Conference
“2015 is predicted to be as
bad or worse as more
sensitive and confidential
information and transactions
are moved to the digital
space and becomevulnerable to attack.”
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 4/48
4
2015 Security Professionals Conference
2015 Security Professionals Conference
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 5/48
5
2015 Security Professionals Conference
2015 Security Professionals Conference
Verizon’s DBIR Indicators
of Compromise (IoC)
• J>$8>$(O
• `1U(/*,a$U$-/8
• ["a$U/
• [,U:,*/
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 6/48
6
2015 Security Professionals Conference
2015 Security Professionals Conference
THE RISK FACTOR
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 7/48
7
2015 Security Professionals Conference
Assets & Vulnerabilities
• b>,' ,*/ 2"1* $(8-'1-"(c8
,88/'8_
• 9": #" 2"1 QL*$"*$-d/R '>"8/
,88/'8_
• b>,' ,*/ '>/ '>*/,'8 '" '>"8/
,88/'8_
2015 Security Professionals Conference
UNIVERSITY OF HAWAII: “CASE STUDY”
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 8/48
8
2015 Security Professionals Conference
University of Hawaii System
•
eB 0,+L18/8
• 3(/ W/8/,*0>
6($7/*8$'2
– [f(", @g,O8>$L 0,+L18C
– HBhBBB 8'1#/('8
• M:" S,00,U,1*/,'/
6($7/*8$-/8
– 69 b/8' 3,>1i HFBB
– 69 9$U"i IBBB
•
./7/( T"++1($'2
T"UU/O/8
– 9,:,$;$ TTi jHBB
– 9"("U1U1 TTi IHBB
– Y,L$;"U,($ TTi ABBB
–
Y,1,$ TTi eEBB
–
N//:,*# TTi kkBB
–
[,1$ T"UU/O/i jABB
–
b$(#:,*# TTi HkBB
2015 Security Professionals Conference
Information Technology Services
• .28'/+ 340/
• W/L"*' '" '>/ `$0/ J*/8$#/(' ") &()"*+,-"(
M/0>("U"O2 K T>$/) &()"*+,-"( 340/*
• eFBl )1UU -+/ 8',\
• eHB 8'1#/(' /+LU"2//8
•
I O*"1L8i – M/0>("U"O2 &()*,8'*10'1*/
– V0,#/+$0 M/0>("U"O$/8
–
[,(,O/+/(' &()"*+,-"( .28'/+8
– V#+$($8'*,-7/ m*"1L
•
&.3 #$*/0' */L"*' '" `J &M K T&3
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 9/48
9
2015 Security Professionals Conference
ITS Responsibilities
• .28'/+G:$#/ $()"*+,-"( 828'/+8 K
8/*7$0/8 – .'1#/(' $()"*+,-"( 828'/+
–
J/*8"((/U 828'/+
–
n$(,(0$,U 828'/+
– Z,', :,*/>"18/ X "L/*,-"(,U #,', 8'"*/
– N/,*($(O +,(,O/+/(' 828'/+
–
o+,$Uh :/ah !"#$%&' )*$*+#)#$& ,',&#)h
0"('*,0' 8/*7$0/8h >/UL #/8Ph #/8P'"L 81LL"*'h
L>"(/ 828'/+h 8$'/ U$0/(8$(O• ]/':"*P &()*,8'*10'1*/
• &()"*+,-"( ./01*$'2
2015 Security Professionals Conference
Characteristics & Complexities• o,0> 0,+L18X#/L,*'+/('X1($' $8 Q1($p1/R
• 9$O>U2 #/0/('*,U$d/# – T,+L18/8X#/L,*'+/('8 8/' 1L '>/$* ":( 8/*7/*8 ,(#
8/*7$0/8
– T,( */p1/8' 18/ ") $(8-'1-"(,U #,',
• ]" #$*/0' ,1'>"*$'2 "7/* 0,+L18/8
•
-.& "/ )*$*+# 0 )*!$&*!$ &1# ,',&#)23!"# ,#45!6#, *$" $#&3/47 !$84*,&4.6&.4#
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 10/48
10
2015 Security Professionals Conference
The Big Stick!
2015 Security Professionals Conference
HAWAI !I STATE LAWS
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 11/48
11
2015 Security Professionals Conference
Hawai !i Revised Statutes 487-N
•
Z/^($-"( ") J/*8"(,U &()"*+,-"(i
&(#$7$#1,Uc8 ^*8' (,+/ "* ^*8' $($-,U ,(# U,8'
(,+/ $( 0"+a$(,-"( :$'> ,(2 "(/ "* +"*/
") '>/ )"UU":$(O #,', /U/+/('8h :>/( /$'>/*
'>/ (,+/ "* '>/ #,', /U/+/('8 ,*/ ("'
/(0*2L'/#i –
."0$,U ./01*$'2 ]1+a/*q
–
Z*$7/*c8 U$0/(8/ (1+a/* "* 9,:,$;$ &#/(-^0,-"( ]1+a/*q
–
V00"1(' (1+a/*h 0*/#$' "* #/a$' 0,*# (1+a/*h ,00/880"#/h "* L,88:"*# '>,' :"1U# L/*+$' ,00/88 '" ,($(#$7$#1,Uc8 ̂ (,(0$,U ,00"1('q
2015 Security Professionals Conference
HRS Definition of “Breach”Q./01*$'2 a*/,0>R +/,(8 ,( $(0$#/(' ") 1(,1'>"*$d/#
,00/88 '" ,(# ,0p1$8$-"( ") 1(/(0*2L'/# "*
1(*/#,0'/# */0"*#8 "* #,', 0"(',$($(O L/*8"(,U
$()"*+,-"( :>/*/ $UU/O,U 18/ ") '>/ L/*8"(,U
$()"*+,-"( >,8 "001**/#h "* $8 */,8"(,aU2 U$P/U2 '"
"001* ,(# '>,' 0*/,'/8 , *$8P ") >,*+ '" , L/*8"(?
V(2 $(0$#/(' ") 1(,1'>"*$d/# ,00/88 '" ,(#
,0p1$8$-"( ") /(0*2L'/# */0"*#8 "* #,', 0"(',$($(O
L/*8"(,U $()"*+,-"( ,U"(O :$'> '>/ 0"(^#/(-,U
L*"0/88 "* P/2 0"(8-'1'/8 , 8/01*$'2 a*/,0>?
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 12/48
12
2015 Security Professionals Conference
HRS Reporting Requirements
• J*"7$#/ ("-0/ '" ,\/0'/# $(#$7$#1,U8 – Z/80*$L-"( ") $(0$#/('
–
M2L/ ") L/*8"(,U $()"*+,-"( $(7"U7/#
–
W/+/#$,-"( ,(# L*/7/(-7/ ,0-"(8 ',P/(
–
T"(',0' L>"(/ (1+a/* )"* ,##$-"(,U $()"*+,-"(
–
V#7$0/ '" ,\/0'/# $(#$7$#1,U
• b*$r/( */L"*' '" 8','/ U/O$8U,'1*/ :$'>$(
':/('2 #,28 ,s/* #$80"7/*2 ") 8/01*$'2a*/,0>
2015 Security Professionals Conference
Other Hawai !i State Reporting
Requirements
• [,(#,'"*2 W/L"*-(O ") VUU &()"*+,-"(
.28'/+8 :$'> ./(8$-7/ &()"*+,-"(
• W/L"*' ,UU 828'/+8 0"(',$($(O 8/(8$-7/
$()"*+,-"( ,(# 1L#,'/ '>/ $()"*+,-"( ,'
U/,8' ,((1,UU2
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 13/48
13
2015 Security Professionals Conference
UH Information Security Policy
• .28'/+G:$#/ /t/01-7/ L"U$02
•
oH?HeIi ./01*$'2 K J*"'/0-"( ") ./(8$-7/
&()"*+,-"(
• J*"+1UO,'/# $( HBBk
• Z/^($-"( K /t,+LU/8 ") 8/(8$-7/ $()"*+,-"(
•
Z,', 0,'/O"*$d,-"(i L1aU$0h */8'*$0'/#h 8/(8$-7/
K */O1U,'/# @*/0/('U2 /tL,(#/#C
•
W"U/8 K W/8L"(8$a$U$-/8•
n*,+/:"*P )"* 18/ K L*"'/0-"( ") 8/(8$-7/
$()"*+,-"(
2015 Security Professionals Conference
Also in UH Policy…• T>,(0/UU"*8 ,(# `$0/ J*/8$#/('8 ,*/
*/8L"(8$aU/ )"* /U$+$(,-(O ,UU
1((/0/88,*2 8'"*,O/ ") L/*8"(,U
$()"*+,-"(
• VU8" */8L"(8$aU/ )"* $+LU/+/(-(O
,LL*"L*$,'/ 8/01*$'2 +/,81*/8 )"*
828'/+8 1(#/* '>/$* L1*7$/: '>,' +18'*/',$( 8/(8$-7/ $()"*+,-"( )"* /88/(-,U
6($7/*8$'2 "L/*,-"(8
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 14/48
14
2015 Security Professionals Conference
THE BREACHES
2015 Security Professionals Conference
Breaches 1-3:
• S*/,0> uei VL*$U HBBD Y,L$;"U,($ TT v
eEhBBB ,\/0'/#
• S*/,0> uHi [,*0> HBeB 9"("U1U1 TT v jE
,\/0'/#
• S*/,0> uji !1U2 HBeB [f(", v EjhBBB
,\/0'/#
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 15/48
15
2015 Security Professionals Conference
#3: Real Costs & Time Spent
• M"',U ") jI L/"LU/ – Z$*/0'"*8h V88"0? Z$*h m/(/*,U T"1(8/Uh 91+,( W/8"1*0/8h
[/#$, W/U,-"(8h ,#+$($8'*,-7/ ,(# '/0>($0,U 8',\
• M"',U ") eDIA >"1*8
2015 Security Professionals Conference
July 2010: Executive Directive•
69 J*/8$#/(' $881/# ,( ot/01-7/ Z$*/0-7/ '"
69 ./($"* N/,#/*8>$L @`J8 K T>,(0/UU"*8C
•
j*# P(":( a*/,0> 8$(0/ /(,0'+/(' ") $#/(-'2
'>/s U,:
• Z$*/0'/# /7/*2 /t/01-7/ '" +,P/ $' , L*$"*$'2 '"
L*"'/0' 8/(8$-7/ $()"*+,-"( a/0,18/ ") '>/
>$O>U2 #/0/('*,U$d/# "*O,($d,-"(
•
[18' #/8$O(,'/ , 8$(OU/ $(#$7$#1,U '" "7/*8//1($'c8 $()"*+,-"( L*"'/0-"( ,(# 0"+LU$,(0/
L*"O*,+
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 16/48
16
2015 Security Professionals Conference
Executive Directive – cont.
• Z$*/0'/# '>/ #/8$O(,'/# 0,+L18
/t/01-7/ '" /(81*/ )1UU 0"+LU$,(0/
'"i
– W/L"*' J& 828'/+8 @L/* 8','/ U,:C
–
J1*O/ 1((/0/88,*2 ..]8q /(81*/ 0*/#$' 0,*#
L*"0/88$(O $( 0"+LU$,(0/ :$'> 69 L"U$02
–
W/7$/: ,(# 8'*/(O'>/( $('/*(,U 0"('*"U8,*"1(# >,(#U$(O ") 8/(8$-7/ $()"*+,-"(
2015 Security Professionals Conference
Breach #4: October 2010
UH West Oahu – 40,000 affected
• 6($7/*8$'2 ("-^/# a2 V,*"( M$'18h J*$7,02
Z$*/0'"* ") '>/ N$a/*'2 T",U$-"(h , ("(G
L*"^' O*"1L a,8/# $( b,8>$(O'"( Z?T?
•
n$U/8 :/*/ #$80"7/*/# 18$(O , m""OU/ 8$'/
8/,*0>
•
n$U/8 :/*/ 1LU",#/# '" , 69b3 ),01U'2
:/a 8/*7/* $( Z/0/+a/* HBBD a2 , ),01U'2+/+a/* :>" a/U$/7/# '>/ 8/*7/* :,8
8/01*/#
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 17/48
17
2015 Security Professionals Conference
Google Search Results
2015 Security Professionals Conference
http://www.staradvertiser.com/news/breaking/108760734.html
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 18/48
18
2015 Security Professionals Conference
http://www.staradvertiser.com/news/20101118_Data_breaches_earn_UH_an_F.html
2015 Security Professionals Conference
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 19/48
19
2015 Security Professionals Conference
“The purpose of this Act is to strengthen the safeguards for
security breaches of personal information held by government
agencies.”
2015 Security Professionals Conference
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 20/48
20
2015 Security Professionals Conference
Class Action Lawsuit
Complaint“Seeks an injunction: (a) forbidding UH from violatingthe constitutional rights of its students, faculty and
guests, as protected by the right to privacy of the
United States and Hawaii Constitutions by the
unauthorized released of private information,
including but not limited to SSN and (b) mandatingthat the University of Hawaii take appropriate
measures to ensure the protection of private
information within its possession.”
2015 Security Professionals Conference
Class Action Lawsuit – cont.
“Seeks monetary damages to compensate classmembers for expenses including but not limited to
enrollment in credit reporting monitoring
program(s), time spent in monitoring credit reports,
credit card and bank statements, and identity theft
insurance.”
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 21/48
21
2015 Security Professionals Conference
Lawsuit Progression &
Timeline•
!1(/ HBeei o()"*0/ U$-O,-"( >"U# "( ,UU
$(7"U7/# /+,$U8 @$( L*"0/88i +$O*,-"( '"
m""OU/C
•
!1(/ HBeei 69 ^U/# +"-"( '" #$8+$88
•
!1U2 HBeei 9$# )/4# :4#*61 v '>/s ")
L,L/* #"01+/('8 0"(',$($(O 0*/#$' 0,*#
(1+a/*8 v HEBB ,\/0'/#
•
!1U2XV1O HBeei T"+L$U$(O U$8' ") VNN
,\/0'/# $(#$7$#1,U8 @/8'? "7/* ABB >"1*8
v j ://P8h Al L/"LU/C
2015 Security Professionals Conference
Compiling List of Affected
Individuals• .',*'/# :$'> DkhBBBl $(#$7$#1,U */0"*#8
• `/*2 L*"aU/+,-0 v #$# ("' >,7/ /("1O>
$()"*+,-"( '" 1($p1/U2 $#/(-)2 $(#$7$#1,U8
• o,*U2 a*/,0>/8 G L1*O/# 8/(8$-7/ #,', /U/+/('8
• 9,# '" ,r/+L' '" */0*/,'/ #,', )*"+ +1U-LU/
#,', 8"1*0/8
• W/p1$*/# +,(1,U 7$81,U $(8L/0-"( ") w/,0>w
*/0"*# '" 0"**/0' $()"*+,-"( ,(# */+"7/#1LU$0,'/8
• o(#/# 1L :$'> DBhBBBl /U$O$aU/ )"* 0*/#$'
+"($'"*$(O
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 22/48
22
2015 Security Professionals Conference
Timeline – cont.
• !,(? HBeHi b"*P$(O "( '/(',-7/ 8/rU/+/('
•
!,(? HBeHi ["-"( )"* J*/U$+$(,*2 VLL*"7,U
") ./rU/+/('
• n/a? eh HBeHi T"1*' >/,*$(O "( ["-"( )"*
J*/U$+$(,*2 VLL*"7,U
•
n/a? eEh HBeHi T*/#$' +"($'"*$(O 8/*7$0/
a/O$(8 +,$U$(O "1' ("-0/8 '" 8$O( 1L )"*
8/*7$0/8q 8/*7$0/8 :"1U# a/O$( VnMoW ^(,U0"1*' ,LL*"7,U
2015 Security Professionals Conference
FINALLY SETTLED!•
[,*0> eh HBeHi J1aU$0 ("-^0,-"(i <"$(' L*/88
*/U/,8/h /+,$U aU,8' '" ,UU 69 ),01U'2X8',\X
8'1#/('8h VU1+($ V88"0$,-"(h L"8'8 "(
0,+L18 :/a 8$'/8h (/:8L,L/*8
•
!"# %&' %(&%) *+,"- .//012"- 30",456 7,1
"//5"-8 0595+256:
• H 2/,*8 ") 0"(-(1"18 0*/#$' +"($'"*$(O K &Z
M>/s T"(81U',-"( ,(# W/8'"*,-"( @Y*"UUC•
VLL*"t$+,'/ '"',U 0"8'i xFBBY
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 23/48
23
2015 Security Professionals Conference
Lawsuit Lessons Learned
• V881+/ '>,' 0*/#$' +"($'"*$(O :$UU a/
*/p1$*/#
• o(81*/ */0"*#8 0,( a/ 0*"88G:,UP/#
a,0P '" , 1($p1/ $(#$7$#1,U
• n"* 0*/#$' +"($'"*$(O */O$8'*,-"(
L*"0/88h >,7/ ,( Q/t0/L-"(R
L*"0/#1*/ $( LU,0/ @L*"0/88 '" */8"U7/
'>"8/ '>,' '>$(P '>/2 ,*/ /U$O$aU/ K
#/+,(# '" a/ */O$8'/*/#C
2015 Security Professionals Conference
Summary Stats from Kroll• V0-7/ [/+a/*8i DeheDH
• &($-,U [/+a/* J,0P/'8i DehHkI
• W/'1*(/# [,$Ui eFheeE
• ["($'"*$(Oi ekhHDA @yeDzC
• T"(81U',-"( T,UU8i jIE
• T*/#$' W/L"*'8i j
• n*,1# T,8/8i F
• &Z .0,(i B
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 24/48
24
2015 Security Professionals Conference
Plaintiff’s Motivation?
;<=>?==<@A)
;1' "/ <#/<=# <.4,.# * =*3,.!&>
2015 Security Professionals Conference
Evaluation of Cause of
Breaches
• o,0> a*/,0> "001**/# +, 2+1-"B1, 1C ?D
/1-+9#
• T"+L1'/*X8/*7/* 3. "* ,LLU$0,-"(8 ("'
+,$(',$(/#XL,'0>/#
• ./(8$-7/ #,', ("' >,(#U/# $(
,00"*#,(0/ :$'> 69 L"U$02
•
]" #,', */'/(-"( 80>/#1U/• Q.0"L/G0*//LR )"* 18,O/ ") #,',q #,',
P/L' )"* QL"88$aU/R */G18/ U,'/*
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 25/48
25
2015 Security Professionals Conference
Information Security
Landscape in 2010•
J*/U$+$(,*2 ,(,U28/8 ") $(0$#/('8i –
b/,P #/8P'"L 0"+L1'/* 8/01*$'2 L*,0-0/8
– &(8/01*/ "L/*,-"(,U L*,0-0/8
– &()"*+,-"( */',$(/# U"(O/* '>,( (//#/#
– T,(("' $#/(-)2 :>" >,8 ,00/88 "* L"88/88$"( ") 69 8/(8$-7/
$()"*+,-"( @$(0U1#$(O '*,0P$(O &WS */p1/8'8C
– ./*7/*8i [$818/# "* ("' +,(,O/# ,LL*"L*$,'/U2
– 69 L"U$02 ("' )"UU":/# "* /t$8'/(0/ 1(P(":(
•
o(# ") HBeBi */',$(/# /t'/*(,U 0"(81U',(' '"
L/*)"*+ ,( $()"*+,-"( 8/01*$'2 L"8'1*/
,88/88+/('
2015 Security Professionals Conference
Need to Address• 3U#h 1(18/#h 1((//#/# */L"8$'"*$/8 ")
8/(8$-7/ $()"*+,-"(
• 6(+,(,O/#h 1(+,$(',$(/# 8/*7/*8
• J/*+$88$"( '" 18/ $(8-'1-"(,U 8/(8$-7/
$()"*+,-"( @":(/*8>$L ,(# ,1'>"*$'2C
• N,0P ") ,:,*/(/88 ") L"U$0$/8
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 26/48
26
2015 Security Professionals Conference
Already In Place:
• J>,8/# "1' 18/ ") ..]8 ,8 L*$+,*2
$#/(-^/*8
• &#/(-^/# 0,+L18 U/,#/*8>$L )"*
L*"'/0-"( ") 8/(8$-7/ $()"*+,-"(
• &#/(-^/# '/0>($0,U U/,#8 )"*
L*"'/0-"( ") 8/(8$-7/ $()"*+,-"(
•
&(8-'1'/# +,(#,'"*2 */L"*-(O ")*/L"8$'"*$/8 ") 8/(8$-7/ $()"*+,-"(
2015 Security Professionals Conference
Ongoing Efforts• V0p1$8$-"( ") &#/(-'2 n$(#/* )"*
80,(($(O )"* 8/(8$-7/ $()"*+,-"(
• .',*'/# Z,', m"7/*(,(0/ $($-,-7/
• &( 0"(',0' :$'> Q)1(0-"(,UR O*"1L8
@J3h n3h V3h +,(,O/*$,UX/t/01-7/
'/,+8h 0,+L18 O*"1L8h #/7/U"L/*8
O*"1L8h /'0?C
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 27/48
27
2015 Security Professionals Conference
Consultant: Scope of WorkQM>/ 6($7/*8$'2 ") 9,:,$$ @69C $8 0"++$r/# '"
$+LU/+/(-(O , 828'/+:$#/ $()"*+,-"( 8/01*$'2
L*"O*,+ '" */LU,0/ '>/ 01**/(' #/0/('*,U$d/#
,LL*",0>? M>$8 L*"O*,+ +18' U/7/*,O/ a/8' L*,0-0/8
'" +,t$+$d/ $()"*+,-"( 8/01*$'2 :>$U/ 0"(-(1$(O '"
81LL"*' '>/ L*$(0$LU/8 ") ,0,#/+$0 )*//#"+ ,(#
"L/((/88 0/('*,U '" , 1($7/*8$'2{8 01U'1*/ ,(# +$88$"(?
69 a/U$/7/8 $' /88/(-,U '" a/O$( :$'> ,( $+L,*-,U
/tL/*' ,88/88+/(' '" #/7/U"L , LU,( )"* , >"U$8-0
828'/+:$#/ ,LL*",0>? M>$8 ,88/88+/(' :$UU ,88/88
01**/(' L"U$0$/8h 01**/(' L*,0-0/8 ,(# 01**/(' 0,+L18,:,*/(/88 ,8 '>/ a,8$8 ") */0"++/(#,-"(8 )"*
$+L*"7/+/('8 $( 8/01*$'2 L"U$0$/8h L*,0-0/8 ,(#
/#10,-"(?R
2015 Security Professionals Conference
Services Provided:•
W/7$/: /t$8-(O $('/*(,U ,(# /t'/*(,U
#"01+/(',-"( $(0U1#$(O */L"*'8h L"U$0$/8 ,(#
U/O$8U,-"(
• &('/*7$/: P/2 8',P/>"U#/*8
• &#/(-)2 '>/ +,<"* &M 8/01*$'2 $881/8 ),0/# a2
69 ,(# a/8' L*,0-0/8 )"* 8"U1-"(8
•
J*$"*$-d/ 8"U1-"(8 )"* $++/#$,'/ ,0-"(
•
J*"7$#/ */0"++/(#,-"(8 )"* >": 69 8>"1U#$+LU/+/(' , 0"+L*/>/(8$7/ 828'/+:$#/
,LL*",0> '" $()"*+,-"( 8/01*$'2
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 28/48
28
2015 Security Professionals Conference
Summary of Findings:
• V 8$O($^0,(' 1(#/*G$(7/8'+/(' $(
$()"*+,-"( 8/01*$'2 */8"1*0/8
• M*2$(O '" "L/*,-"(,UU2 +,(,O/
$()"*+,-"( 8/01*$'2 ,8 , )1UU2 #/G
0/('*,U$d/# ,0-7$'2
2015 Security Professionals Conference
Overarching Recommendation
QZ/7/U"L , L*"L/*U2 )1(#/#h
8'*,'/O$0,UU2 "*$/('/#h 1($7/*8$'2G
:$#/ $()"*+,-"( 8/01*$'2 L*"O*,+
'>,' $8 0/('*,UU2 +,(,O/# ,(#
"L/*,'/8 $( 0"UU,a"*,-"( :$'> '>/
+,(2 #/G0/('*,U$d/# 1($'8'>*"1O>"1' '>/ 1($7/*8$'2?R
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 29/48
29
2015 Security Professionals Conference
UH Information Security
Program•
M""P :>,' :/ ,*/ ,U*/,#2 #"$(O
•
V##/# 0"(81U',('c8 8L/0$^0 */0"++/(#,-"(8
•
Z/7/U"L 8'*,'/O$0 ,*/,8i – Z,', m"7/*(,(0/ ,(# 37/*8$O>'
–
&()"*+,-"( ./01*$'2 V1#$'8 K W$8P V88/88+/('8
– &()"*+,-"( ./01*$'2 J"U$0$/8 K J*"0/#1*/8
– &#/(-'2 [,(,O/+/(' K V00/88 T"('*"U8
– &()"*+,-"( ./01*$'2 M*,$($(O ,(# V:,*/(/88
•
>rLiXX:::?>,:,$$?/#1X$()"8/0X
$()"8/0L*"O*,+?>'+U
2015 Security Professionals Conference
Resulting Projects•
Z,', m"7/*(,(0/ 8'*10'1*/ K Z,', .>,*$(O
*/p1/8' L*"0/#1*/8
– >rLiXX:::?>,:,$$?/#1X,L$8X/LX/HX/HHeE?L#)
•
./*7/* */O$8'*,-"( K 80,(($(O @*,(#"+
,1#$'8C
– >rLiXX:::?>,:,$$?/#1X$'8X8/*7/*X*/O$8'*,-"(X
•
]/':"*P 80,(8 )"* 8/*7/*8 @+,L ,O,$(8'
*/O$8'/*/# 8/*7/*8C•
W/7$/: ") L"U$0$/8
– >rLiXX:::?>,:,$$?/#1X$()"8/0XL"U$0$/8?>'+U
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 30/48
30
2015 Security Professionals Conference
Projects - continued
• V1'"+,'/# #/L*"7$8$"($(O 7$, $#/(-'2
+,(,O/+/('
• o7,U1,-"( K $+LU/+/(',-"( ")
,##$-"(,U (/':"*P 8/01*$'2
'/0>("U"O$/8
• T"+LU$,(0/ K W$8P V88/88+/('8 )"*
Q>$O> *$8PR ,*/,
2015 Security Professionals Conference
Awareness & Training•
[,(#,'"*2 $()"*+,-"( 8/01*$'2
,:,*/(/88 '*,$($(O )"* 69 /+LU"2//8
:$'> ,00/88 '" 8/(8$-7/ $()"*+,-"( @a2
)1(0-"(C
• T"(7/(/ Q"1'*/,0> O*"1L8Ri ,LLU$0,-"(h
:/ah #,',a,8/ #/7/U"L/*8 '" $()"*+ '>/+
") (/: L"U$0$/8XL*"0/#1*/8 ,(# 8"U$0$'
)//#a,0P "( 1L0"+$(O L*"</0'8•
J*"7$#/ 8L/0$^0 '*,$($(O )"* ',*O/'/#
O*"1L8
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 31/48
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 32/48
32
2015 Security Professionals Conference
Technical Security Oversight
• 69 &M ./01*$'2 N/,#8 – Z/8$O(,'/# a2 '>/ 0,+L18 Z,', ./01*$'2 N/,#/*
–
N/,# '/0>($0,U 8',\ "( , 0,+L18
–
ot0/L-"(i [f(", T,+L18 G S&m K
#/0/('*,U$d/#
–
[f(", Z/,(8 K Z$*/0'"*8 #/8$O(,'/# "(/ "*
+"*/ '/0>($0,U 8',\ )*"+ /,0> ") '>/$* 1($'8
–
W/8L"(8$aU/ )"* $+LU/+/(-(O '/0>($0,U 8/01*$'2
L*"0/#1*/8 K ,#7$8$(O '>/$* Z,', ./01*$'2N/,#/*8
–
[//' HGj -+/8 , 2/,*q 8"+/-+/8 :$'> Z.NT
2015 Security Professionals Conference
Server Registration• W/O$8'*,-"(X7,U$#,-"( */p1$*/#
,((1,UU2 – J*$+,*$U2 #,',a,8/h :/ah ^U/ 8/*7/*8
– Z"/8 8/*7/* 0"(',$( 8/(8$-7/ $()"*+,-"(_
–
.0,( )"* ..]8 K 0*/#$' 0,*# (1+a/*8 :$'> &#/(-'2
n$(#/*
– .0,( )"* 71U(/*,a$U$-/8 :$'> 3L/(`V.
–
W/+/#$,-"( 8','18 */p1$*/# –
J*"7$#/ #/L,*'+/(' K '/0>($0,U 0"(',0'
$()"*+,-"(
–
T,+L18 U/,#/*8>$L +18' Q,LL*"7/R
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 33/48
33
2015 Security Professionals Conference
Information Security
Compliance Assessments• &('/*(,U V1#$' ',P$(O U/,#
• m/(/*,U J*"0/88i
–
T"(',0' '>/ */8L/0-7/ 6($' '" #$80188 80"L/
,(# -+$(O?
– T"+LU/-"( ") !"#$%&$"$'& )* +&$,#-.&
/$*)01"-)$ +20.&3 ?
–
T"(#10' +//-(O ,(# 8$'/ 7$8$' :$'> 6($'? –
&()"*+ '>/ 6($' ") "a8/*7,-"(8 X
*/0"++/(#,-"(8
2015 Security Professionals Conference
Assessments Status•
b"*P J/*)"*+/# #1*$(O !,(1,*2 v [,*0> HBej
• ./U/0'/# Z/L,*'+/('8X.0>""U8
–
n$(,(0$,U V$# ./*7$0/8 @VUU T,+L18/8C
– T"++1($'2 T"UU/O/8 v ]"(GT*/#$' J*"O*,+8
– !">( V? S1*(8 .0>""U ") [/#$0$(/
• .1*7/28 0"+LU/'/# ,(# 8$'/ 7$8$'8 )"* 3|,>1
1($'8 0"+LU/'/#?
•
[/+" 0"(',$($(O "a8/*7,-"(8 :,8 0$*01U,'/#'" ,UU 1($'8
•
W/L"*' 81a+$r/# '" '>/ S",*# ") W/O/('8
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 34/48
34
2015 Security Professionals Conference
Assessment Observations
•
]" O1$#,(0/ "( :>/(X>": '" #"
a,0PO*"1(# 0>/0P8
•
W/0"*# */'/(-"( ") 8/(8$-7/ $()"*+,-"(
$(0"(8$8'/(' ,+"(O */8L"(#/('8
•
6($'8 8-UU 18$(O 8'*$LG01' 8>*/##/*8 "* ("'
8>*/##$(O ,' ,UU
•
]"' ,U:,28 8/01*$(O L>28$0,U L,L/* ^U/8
0"(',$($(O 8/(8$-7/ $()"*+,-"(• ]"' ,U:,28 /(0*2L-(O /U/0'*"($0
'*,(8+$88$"( ") 8/(8$-7/ $()"*+,-"(
2015 Security Professionals Conference
Internal Audit Next
Assessment•
9&JVV Z/'/*+$(,-"( .1*7/2 – n1*($8>h a$UU "* */0/$7/ L,2+/(' )"* Q>/,U'> 0,*/R_
– M*,(8+$' ,(2 0"7/*/# '*,(8,0-"(8 /U/0'*"($0,UU2_
– 9,7/ ,( ,O*//+/(' :X , 0"7/*/# /(-'2 "* a18$(/88
,88"0$,'/_
–
J/*)"*+/# , *$8P K 71U(/*,a$U$'2 ,88/88+/(' ") /U/0'*"($0
0"7/*/# '*,(8,0-"(8_
• 3) kE 1($'8 81*7/2/#h eI ,*/ L"'/(-,UU2
81a</0' '" 9&JVV•
n"UU":G1L ,88/88+/(' :$UU a/ 0"(#10'/#
•
W/L"*' 81a+$r/# '" S",*# ") W/O/('8
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 35/48
35
2015 Security Professionals Conference
CURRENT “BREACH”TRENDS
2015 Security Professionals Conference
LAWSUITS APLENTY…
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 36/48
36
2015 Security Professionals Conference
Target Class Action Lawsuit
http://bit.ly/QWhOvm
2015 Security Professionals Conference
And…
• >rLiXX:::?80+,O,d$(/?0"+X0U,88G
,0-"(G81$'G,$+/#G,'G+000#G)"*G#/U,2/#G
("-^0,-"(G$(Ga*/,0>X,*-0U/XjIjEFD
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 37/48
37
2015 Security Professionals Conference
Cyber Insurance/Breach
Response & Remediation?• Z$\/*/(' (,+/8h '2L/8h '/*+8 K /t0U18$"(8
• S12/* a/:,*/}
• ]" 8',(#,*#8i – j*# L,*'2 U$,a$U$'2
– e8' L,*'2 U"88/8
– &(0$#/(' */8L"(8/X+,(,O/+/('X)"*/(8$08
– ]"-^0,-"(X0,UU 0/('/*
–
T*/#$' +"($'"*$(O –
TU,$+8 /tL/(8/8
• Y(": :>,' 2"1 :,(' ,(# (/O"-,'/}
2015 Security Professionals Conference
“Organizations without a
robust information security
program, environment or
infrastructure, will pay more
for insurance.”
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 38/48
38
2015 Security Professionals Conference
Example Offerings
• ED<= <= A@E .A FA;@G=F!FAE
• ?9; $8 '>/ -+/ '" #" 2"1* */8/,*0>
• b>/( , a*/,0> "001*8h $'c8 M33 NVMo}
– Y*"UU
– S/,dU/2 S*/,0> W/8L"(8/
2015 Security Professionals Conference
Kroll.com• >rLiXXP*"UU?0"+X02a/*G8/01*$'2X#,',G
a*/,0>G*/8L"(8/
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 39/48
39
2015 Security Professionals Conference
2015 Security Professionals Conference
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 40/48
40
2015 Security Professionals Conference
Beazley Breach Response
• >rLiXX:::?a/,dU/2?0"+Xaa*
• >rL8iXX:::?a/,dU/2?0"+XZ"01+/('8X
M[SXSSWX
S/,dU/2~SSW~S*"0>1*/~6.?L#) –
W/8L"(8/ '" a*/,0> /7/('8 @("-^0,-"(h 0,UU
0/('/* 8/*7$0/8h */8"U1-"(X+$-O,-"(h JW K 0*$8$8
+,(,O/+/('C
–
j*#
L,*'2 U$,a$U$'2 –
N/O,U 8/*7$0/8X0"+L1'/* )"*/(8$0 8/*7$0/8
2015 Security Professionals Conference
Beazley Questionnaire• [,(,O/+/(' ") J*$7,02 otL"81*/8
• T"+L1'/* .28'/+ T"('*"U8
• b/a8$'/ T"('/(' T"('*"U8
• J*$"* &(81*,(0/
• J*$"* TU,$+8 ,(# T$*01+8',(0/8
• .,+LU/ p1/8-"((,$*/ @8/L,*,'/
>,(#"1'C
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 41/48
41
2015 Security Professionals Conference
WHAT DOES THIS MEANFOR MY INSTITUTION?
(SO NOW WHAT?)
2015 Security Professionals Conference
Due Diligence: Information
Security Program
• 9,7/ , LU,( ,(# L"U$02 @"* L"U$0$/8C '"
L*"'/0' 8/(8$-7/ $()"*+,-"(
• 9,7/ , LU,( '" */#10/ 8/(8$-7/
$()"*+,-"( @,(# /t/01'/ $'}C
• 9,7/ , +/'*$0 "* +/0>,($8+ '" ,88/88
*$8P '" 8/(8$-7/ $()"*+,-"(
•
9,7/ , :,2 '" */L"*' "( '>/ Q.','/ ")&()"*+,-"( ./01*$'2R
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 42/48
42
2015 Security Professionals Conference
Response Elements
• W/8L"(8/ -+/ $8 TW&M&TVN
• Y(": 2"1* Yo• #/0$8$"( +,P/*8 K LU,2/*8
• S/ L*/L,*/#i ]"' $) , a*/,0> :$UU "001* v
b>,' :$UU 2"1 #" b9o] $' "001*8_
•
9o&.T &()"*+,-"( ./01*$'2 m1$#/i
>rL8iXX8L,0/8?$('/*(/'H?/#1X#$8LU,2X
HBeI$()"8/01*$'2O1$#/X9"+/
–
Z,', &(0$#/(' ]"-^0,-"( M""UP$' – &(0$#/(' T>/0PU$8' )"* ./(8$-7/ Z,', otL"81*/
2015 Security Professionals Conference
EDUCAUSE HEISC Resources
•
9o&.Ti 9$O>/* o#10,-"( &()"*+,-"(
./01*$'2 T"1(0$U
•
&()"*+,-"( ./01*$'2 m1$#/
• >rL8iXX8L,0/8?$('/*(/'H?/#1X#$8LU,2X
HBeI$()"8/01*$'2O1$#/X9"+/ – Z/7/U"L/# K +,$(',$(/# a2 oZ6TV6.o ./01*$'2
b"*P$(O m*"1L K T"++1($'2 [/+a/*8
– [,LL/# '" $(#18'*2 8',(#,*#8i &.3h ]&.Mh T3S&Mh JT&G
Z..h T2a/*8/01*$'2 n*,+/:"*Ph 9&JVV
– J*"7$#/8 , U$a*,*2 ") 7,U1,aU/ Q'""UP$'8R "( , :$#/ 7,*$/'2
") '"L$08
– Q9"' M"L$08R L*"7$#/ -+/U2 $()"*+,-"( "( 01**/('
81a</0'8
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 43/48
43
2015 Security Professionals Conference
Plan, Plan, Plan!
•
9,7/ ,( &(0$#/(' W/8L"(8/ JU,(
•
9,7/ , S*/,0> W/8L"(8/ JU,( '>,' $(0U1#/8
, QJWR LU,(i
–
W/L1',-"( [,(,O/+/(' @O/' ,>/,# ") '>/ (/O,-7/
+/#$, 020U/C
–
T"++1($0,-"(8 LU,(8i ot'/*(,U ,(# &('/*(,U
•
J*,0-0/ '>/ LU,(8} @M,aU/'"L /t/*0$8/8q
>,(#8G"( 02a/* 8/01*$'2 #*$UU8C
•
V(,U2d/ V]• $(0$#/('q #/7/U"L +$-O,-"(8'*,'/O2q $(0"*L"*,'/ $('" 2"1* &()"*+,-"(
./01*$'2 J*"O*,+
2015 Security Professionals Conference
Address “Plaintiff” Perceptions
& Motivations•
.:$s L1aU$0 */8L"(8/q a/ ,L"U"O/-0 ,(#
/+L,'>/-0q =D@H ED.E I@? >.GFJ
V0P(":U/#O/ '>,' 2"1 ,*/ , 7$0-+?
• T*/#$' +"($'"*$(O $8 /tL/0'/#q >,7/ J"$('8 ")
T"(',0'8 "* */',$(/*8 )"* 0*/#$' +"($'"*$(OX
a*/,0> */8L"(8/ 8/*7$0/8
• ;1 ,14 K85 " 058/1,85 45L/-"45q $) +1U-LU/
a*/,0>/8h +/88,O/ ,LL/,*8 Q*/L/--7/R :$'>(" $+L*"7/+/('8 –
Q6()1U^UU/# J*"+$8/8R @N$a/*'2 T",U$-"( W/L"*'C
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 44/48
44
2015 Security Professionals Conference
Doing it “Right”
http://www.washingtonpost.com/local/college-park-shady-grove-campuses-affected-by-university-of-maryland-security-breach/2014/02/19/ce438108-99bd-11e3-80ac-63a8ba7f7942_story.html
2015 Security Professionals Conferencehttp://www.commerce.senate.gov/public/?a=Files.Serve&File_id=b92bba0e-787f-426d-b1ce-14f2c73f9f13
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 45/48
45
2015 Security Professionals Conference
What they did…
• .:$s */8L"(8/q ,(("1(0/# a*/,0>
,U+"8' $++/#$,'/U2 ,s/* #$80"7/*2q
L*"7$#/# 0*/#$' +"($'"*$(O 8/*7$0/
,a"1' , ://P U,'/*
• M""P ":(/*8>$Lq J*/8$#/(' ,##*/88/#
'>/ 0"++1($'2
• M*,(8L,*/(' ,a"1' '>/ 8$'1,-"(
2015 Security Professionals Conference
Key Steps• n"UU": $(0$#/(' */8L"(8/ L*"0/#1*/
• &#/(-^0,-"(q ]"-)2 P/2 8',P/>"U#/*8
• Z,+,O/ 0"(',$(+/(' K #,', /tL"81*/
,88/88+/('q Z/7/U"L */8L"(8/ K
0"++1($0,-"(8 LU,(
• o*,#$0,-"( K */0"7/*2
•
]"-^0,-"(q Z/7/U"L nV€ v 0"(8$8'/('+/88,O/q JWX[/#$,q T,UU T/('/*
• &(0$#/(' ,(,U28$8 K (/t' 8'/L8
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 46/48
46
2015 Security Professionals Conference
Planning for the Breach…
• &#/(-)2 L*"aU/+ ,*/,8
–
b>,' U/# '" , a*/,0> "* :>,' :$UU U/,# '" , a*/,0>
• &#/(-)2 K /(O,O/ P/2 8',P/ >"U#/*8
– b>" >,8 '>/ ,1'>"*$'2 '" ,\/0' (/0/88,*2 0>,(O/8
•
&#/(-)2 :>,' (//#8 '" a/ 0>,(O/#
• Z/7/U"L LU,( K -+/U$(/
• ["-7,-"( )"* L/*+,(/(' 0>,(O/ '" L*/7/('
$(0$#/(' )*"+ */01**$(O –
&#/(-)2 :>,' */8"(,'/8 :$'> 0"*/ L"L1U,-"(8
– Q:>,'c8 $( $' )"* +/_R
•
o7,U1,-"( +/'*$08
2015 Security Professionals Conference
Your Plans?• Z" 2"1 >,7/ ,( $(0$#/(' */8L"(8/ LU,(_
• b>,' ,a"1' , a*/,0> */8L"(8/ K
("-^0,-"( LU,(_
• b>" :$UU +,( 2"1* 0,UU 0/('/*_
• Z" 2"1 P(": :>" '" 0"(',0' @,UU ,*/,8 ")
U/,#/*8>$LC_ wV]Zw :>,' '" '/UU '>/+_
•
9": :$UU 2"1 0"++1($0,'/ '" '>/
,\/0'/# $(#$7$#1,U8 ,(# '" '>/ L1aU$0_
@[/#$, 0"++1($0,-"( LU,(C
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 47/48
47
2015 Security Professionals Conference
Don’t Forget…
• .L//# $8 ") '>/ /88/(0/q $+L/*,-7/ '"
>,7/ 8:$sh #/0$8$7/ ,0-"(8
• S/ 8$(0/*/U2 ,L"U"O/-0h 0"(0/*(/#h
0,*$(O
• S/8' $) '>/ >$O>/8' *,(P$(O ,#+$($8'*,'"*
$881/8 '>/ ("-0/
•
o(81*/ '>,' ,UU */+/#$,-"( ,0-"(8 ,*/0"+LU/'/# ,(# #"01+/('/#
2015 Security Professionals Conference
* Checklist?• &#/(-)2 L*"aU/+ ,*/,8
– b>,' U/# '" , a*/,0> "* :>,' :$UU U/,# '" , a*/,0>
• &#/(-)2 K /(O,O/ P/2 8',P/ >"U#/*8 – b>" >,8 '>/ ,1'>"*$'2 '" ,\/0' (/0/88,*2 0>,(O/8
• &#/(-)2 :>,' (//#8 '" a/ 0>,(O/#
• Z/7/U"L LU,( K -+/U$(/
• ["-7,-"( )"* L/*+,(/(' 0>,(O/ – &#/(-)2 :>,' */8"(,'/8 :$'> 0"*/ L"L1U,-"(8
– Q:>,'c8 $( $' )"* +/_R
• o7,U1,-"( +/'*$08
8/9/2019 Breaches: Planning + Recovery = Resiliency (264078789)
http://slidepdf.com/reader/full/breaches-planning-recovery-resiliency-264078789 48/48
2015 Security Professionals Conference
Jodi ItoUniversity of Hawai!i
Information Security Officer [email protected] • (808) 956-2400