1 / 10

Incident Response

Incident Response. And a debrief of UNM’s response to the Heartbleed vulnerability. Presented by: Michael Burlison , Information Security Analyst – CISSP, GCIH, GSEC Lucas Walker, Information Security Analyst - GSEC. What happened and why you should care …. What IT did.

trapper
Download Presentation

Incident Response

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability Presented by: Michael Burlison, Information Security Analyst – CISSP, GCIH, GSEC Lucas Walker, Information Security Analyst - GSEC

  2. What happened and why you should care…

  3. What IT did • Researched scope of problem • Identified vulnerable systems • Updated and patched core IT-managed systems • Revoked and re-issued SSL certificates • Involved the community: • Notified departmental IT areas • Posted alerts • Involved help desk • Provided instructions to users • Issued password resets for impacted services

  4. What IT is doing: • Scanning and monitoring for vulnerable systems on the network • Monitoring Intrusion Prevention Systems (IPS) for Heartbleed activity • De-briefing stakeholders and decision makers, “Lessons Learned” • Researching for patches that are still being deployed

  5. Incident Response Plan • Is an action plan for dealing with intrusions, cyber-theft, denial of service, malicious code, natural disasters, and other security-related events • Incidents can be intentional or unintentional • Incident Response Plans help to know what to do when an incident occurs. • Not a matter of “IF,” but of “WHEN” • Planning is (almost) everything!

  6. Incident Response Plan • DoE’s 6 Step Process: • Prepare • Identify • Contain • Eradicate • Recover • Lessons Learned

  7. Key Mistakes • Failure to report or ask for help • Incomplete / non-existent notes • Mishandling / destroying evidence • Failure to: • Create working backups • Contain or eradicate • Prevent re-infection • Apply lessons learned

  8. Legal Aspects • Plans, policies, and procedures developed for incident handling must: • Comply with applicable laws • Be reviewed by legal counsel & key stakeholders • Unless you are a lawyer in OUC, you are not the expert. Work closely with legal counsel • Regulations: • FERPA • PCI • GLBA • HIPAA • ITAR • Reporting security breaches, cyber-insurance, international standards (ISO 17799)

  9. UNM Incident Response Plan • Draft will be distributed to this audience • PCI version is on cio.unm.edu/standards • ERP version is posted on Banner ERP sites • Is being updated • Will be posted to CIO Standards page

  10. Q&A • Help.unm.edu • security@unm.edu • it.unm.edu/security

More Related