1 / 23

You’ve been hacked, now what? By Wild Wild West

You’ve been hacked, now what? By Wild Wild West. Agenda. Overview What we did do Alternative Solutions Best solution: CSIRT. What we did do…. Technical Team Easy solution Patches/Updates Rebuilt. What we did do…. Business Team Senior management, legal, public relation

haines
Download Presentation

You’ve been hacked, now what? By Wild Wild West

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. You’ve been hacked, now what? By Wild Wild West

  2. Agenda • Overview • What we did do • Alternative Solutions • Best solution: CSIRT

  3. What we did do… • TechnicalTeam • Easy solution • Patches/Updates • Rebuilt

  4. What we did do… • Business Team • Senior management, legal, public relation • Report incident to law enforcement/government agency • Notify business partners and investors • Decision

  5. Downtime • Cost per week (total $352,500) : • 2 Acoustic Engineers (consultant): $15,000 • Management (5 people): $25,000 • Non IT Staff (30 people): $62,500 • Delay in launch: $250,000

  6. Solution Alternatives

  7. Alternatives Considered • Hire outside consultants • Technology-based HW/SW solution • Computer SecurityIncident Response Team (CSIRT)

  8. InfoSecurity Consulting Firm • $20k - $200k+ depending on scope and deliverables • Forensics-only approach likely to be inconclusive • Expanded scope well beyond our budget • Plus, likely to lead to further expenditures

  9. Let Tech Solve the Problem? • Another wide spectrum of options…

  10. Let Tech Solve the Problem? • Another wide spectrum of options… • Tier I enterprise class solution?

  11. Let Tech Solve the Problem? • Another wide spectrum of options… • Tier I enterprise class solution? • Homegrown Approach?

  12. Let Tech Solve the Problem? • Another wide spectrum of options… • Tier I enterprise class solution? • Homegrown Approach?

  13. Let Tech Solve the Problem? • Another wide spectrum of options… • Tier I enterprise class solution? • Homegrown Approach? • Something in between?

  14. What We Did Decide… • Conduct Nessus scan of our network • Plug all high and medium risk firewall vulnerabilities identified • ADDED! open source IDS product for faster recognition of attempted attacks or successful exploits

  15. What We Did Decide… • Conduct Nessus scan of our network • Plug all high and medium risk firewall vulnerabilities identified • ADDED! open source IDS product for faster recognition of attempted attacks or successful exploits • But! We didn’t stop there…

  16. Computer Security Incident Response Team (CSIRT) Disaster Recovery Style

  17. Security Preparation

  18. Computer Security Incident Response Team Purpose After a Major Security Incident: • To be able to quickly and efficiently make and execute decisions that are the best for the organization

  19. Computer Security Incident Response Team (CSIRT) Roles • Team manager and backup team manager • Technical/Security expert • Executive • Legal expert • PR specialist • HR specialist

  20. Computer Security Incident Response Team (CSIRT) Roles Example: • Team manager and backup team manager • (IT Director, Sys Admin) • Technical/Security expert • (IT Director, Sys Admin) • Executive • (CEO) • Legal expert • (CEO) • PR specialist • (Marketing Director) • HR specialist • (HR Director)

  21. Computer Security Incident Response Team (CSIRT) Tasks • Respond quickly to a Major Security Event. • Analyze the incident • Respond to the incident in the context of the organization as a whole • Law enforcement • Communications to employees • Legal obligations • Upstream, downstream and third party communication • Forensics

  22. Computer Security Incident Response Team (CSIRT) Benefits • Monetary benefits • Know the real cost of what happened • Prevent wasted time/resources of employees • (calculation here) • Psychological benefits • Keeps key players calmer • Keeps you from making (the wrong) decision • May help you save your job

  23. Q & A

More Related