1 / 31

Incident Management and Cyber Security Readiness in 2010

Agenda . Section I ? Cyber Security Event History Largest Cyber Security EventCyber Security breach examplesSection II ? Building an Incident Response ProgramThe need for Incident ResponseThe role of Incident Response in complianceDeveloping an Incident Response programBest PracticesSection

turner
Download Presentation

Incident Management and Cyber Security Readiness in 2010

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Incident Management and Cyber Security Readiness in 2010 John A. Otte, CISSP, CISA, MSIA

    2. Agenda

    21. Buzzwords Electronically Stored Information (ESI, rule 26a) is all types of media where digital evidence can be stored. eDiscovery Federal Rules for Civil Procedures (FRCP) Forensics

    22. eDiscovery Electronic discovery (also called e-Discovery or eDiscovery) refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case.

    23. Computer Forensics Computer Forensics is the acquisition, preservation and analysis of digital information that meets the requirements of evidence for court presentation.

    24. E-discovery vs. Computer Forensics E-discovery is the process of analyzing data that is accessible without the need for additional tools or applications. Whereas, Computer Forensics is the process of analyzing data that can only be accessed with proper training and tools. E-Discovery involves indexing files, converting documents into “tiff” for similar format, integrating analysis with case management, etc. Computer forensics involves recovering data, analyzing corrupted files, establishing user profiles, in-depth metadata analysis, chain of custody preservation, fraud analysis, etc.

    25. FRCP 101 Defines rules of behavior for discovery Last major modification Dec 2006 Added ESI to FRCP Rule 26 ESI Disclosure (a) Reasonably Accessible & Clawback (b) Meet & Confer (f) Redline document http://www.uscourts.gov/rules/EDiscovery_w_Notes.pdf

    26. FRCP Rule 26(a) Requesting party must submit: Information on people Information on the ESI Only information requested is allowed Meet and confer gotchas: Must occur 120 days from request Most lawyers want 30 days to review Most lawyers wait 30 days to provide Litigation Holds

    27. FRCP Rule 26(b) Identify sources of ESI Sample information Validation of sources Exclusion of sources Reasons for exclusion: Not relevant Excessive burden Both parties should agree on ESI Court makes final decision

    31. Questions? John A. Otte, CISSP, CISA, MSIA Director, Strategic Services FishNet Security John.Otte@Fishnetsecurity.com (816) 701-2044 www.fishnetsecurity.com

More Related