Security & Risk Management Update 2017

Relaterede dokumenter
Databeskyttelse: Afrunding. Jacob Herbst, CTO, Dubex A/S Dubex A/S, den 11. juni 2015

Sådan får du styr på de digitale risici

Security & Risk Management Update 2017

Forordningens sikkerhedskrav

Hvorfor bruge Managed Security Services & Security Analytics Center?

HACKERNE BLIVER BEDRE, SYSTEMERNE BLIVER MERE KOMPLEKSE OG PLATFORMENE FORSVINDER HAR VI TABT KAMPEN? MARTIN POVELSEN - KMD

It-sikkerhedsstrategi i kommuner hvad giver mening at varetage internt og hvad kan outsources?

Security & Risk Management Summit 2016

OPDAG ANGREB OG REAGÉR HURTIGT

Køreplan ift. EU-persondataforordningen - processer og kontroller

Online kursus: Certified Information Security Manager (CISM)

CMS Support for Patient- Centered Medical Homes. Linda M. Magno Director, Medicare Demonstrations

Projektledelse i praksis

Managing Risk, Enabling Growth i din virksomhed. Jacob Herbst, CTO, Dubex A/S Vejle, den 21. maj 2015

Ledersession for ældreomsorgs-,

Lars Neupart Director GRC Stifter, Neupart

From innovation to market

LESSON NOTES Extensive Reading in Danish for Intermediate Learners #8 How to Interview

RÅDET FOR DIGITAL SIKKERHED

LEADit & USEit 2018 CampusHuset - Campus Bindslevs Plads i Silkeborg 25. Oktober 2018

Danish Language Course for International University Students Copenhagen, 12 July 1 August Application form

IBM Network Station Manager. esuite 1.5 / NSM Integration. IBM Network Computer Division. tdc - 02/08/99 lotusnsm.prz Page 1

PROGRAM Erfaring - Inspiration - Network - Idéer - Viden. HP Test Brugergruppe Brugerkonference. 11. november 2010

Molio specifications, development and challenges. ICIS DA 2019 Portland, Kim Streuli, Molio,

INTEL INTRODUCTION TO TEACHING AND LEARNING AARHUS UNIVERSITET

Teknologispredning i sundhedsvæsenet DK ITEK: Sundhedsteknologi som grundlag for samarbejde og forretningsudvikling

Danish Language Course for Foreign University Students Copenhagen, 13 July 2 August 2016 Advanced, medium and beginner s level.

Cyber og Sundhed. Hvad sker der og hvordan? Morten von Seelen, Cyber Ops

MOC On-Demand Administering System Center Configuration Manager [ ]

South Arne HSEQ Esbjerg 30-03

Velkommen til den nye ISO Glaesel HSEQ Management

Cross-Sectorial Collaboration between the Primary Sector, the Secondary Sector and the Research Communities

Når behandlingen flytter hjem: muligheder og risici. Konsensusmøde om det borgernære sundhedsvæsen. Henning Boje Andersen

Sikkerhedsvejledning

Lovkrav vs. udvikling af sundhedsapps

DANSK INSTALLATIONSVEJLEDNING VLMT500 ADVARSEL!

E-PAD Bluetooth hængelås E-PAD Bluetooth padlock E-PAD Bluetooth Vorhängeschloss

Virksomhedernes cybertilstand

Security & Risk Management Update 2017

Business casen ved implementering af Log Management. Claus Løppenthien, Hotel Vejlefjord, 21. maj 2015

Sne, Vand, Is og Permafrost i Arktis

Trolling Master Bornholm 2016 Nyhedsbrev nr. 5

Project Step 7. Behavioral modeling of a dual ported register set. 1/8/ L11 Project Step 5 Copyright Joanne DeGroat, ECE, OSU 1

Online kursus: Certified Business Analysis Professional (CBAP )

Hvilke initativer kræver implementering af EUpersondataforordningen. værktøjer. Klaus Kongsted, Dubex. Horsens, 13. maj 2016

Engelsk. Niveau C. De Merkantile Erhvervsuddannelser September Casebaseret eksamen. og

page 1 SSE/XXXXX/YYY/ZZZZ $Revision: xx.xx $ Cybersecurity COMMERCIAL IN CONFIDENCE

Shooting tethered med Canon EOS-D i Capture One Pro. Shooting tethered i Capture One Pro 6.4 & 7.0 på MAC OS-X & 10.8

IBM Software Group. SOA v akciji. Srečko Janjić WebSphere Business Integration technical presales IBM Software Group, CEMA / SEA IBM Corporation

SIEM hvilken løsning skal du vælge? Claus Løppenthien, Dubex A/S, 12. maj 2015

Programledelse, Organisatorisk transformation og Gevinstrealisering. Praktiske erfaringer fra Signalprogrammet

Byg din informationsarkitektur ud fra en velafprøvet forståelsesramme The Open Group Architecture Framework (TOGAF)

CONNECTING PEOPLE AUTOMATION & IT

Basic statistics for experimental medical researchers

how to save excel as pdf

VidenForum Fokus på viden Viden i fokus

Vendor Management Strategies for Managing Your Outsource Relationships

Small Autonomous Devices in civil Engineering. Uses and requirements. By Peter H. Møller Rambøll

Engelsk. Niveau D. De Merkantile Erhvervsuddannelser September Casebaseret eksamen. og

Revision af risikorapportering V. Claus Sonne Linnedal og Steen Jensen. Sikkerhed & Revision 2015

Process Mapping Tool

Strategisk informationssikkerhed

Portal Registration. Check Junk Mail for activation . 1 Click the hyperlink to take you back to the portal to confirm your registration

Oplæg fra NHS`s baggrund for deres nye sundhedsprogram med fokus på ledelse. Oplægsholder: Inge Pia Christensen

Medinddragelse af patienter i forskningsprocessen. Hanne Konradsen Lektor, Karolinska Institutet Stockholm

Sikkerhed som en del af virksomhedens risikostyring

Let s talk business. Transform. Enable. Empower. Protect your digital enterprise. to a hybrid infrastructure. workplace productivity

Design til digitale kommunikationsplatforme-f2013

The SourceOne Family Today and Tomorrow. Michael Søriis Business Development Manager, EMC FUJITSU

Security & Risk Management Summit

Using SL-RAT to Reduce SSOs

Must I be a registered company in Denmark? That is not required. Both Danish and foreign companies can trade at Gaspoint Nordic.

Backup Applikation. Microsoft Dynamics C5 Version Sikkerhedskopiering

Security as a Service hvorfor, hvornår og hvordan. Gorm Mandsberg, gma@dubex.dk Aarhus,

Children s velomobility how cycling children are made and sustained

Feedback Informed Treatment

United Nations Secretariat Procurement Division

November hilsner fra NORDJYSKE Medier, Distributionen

DET KONGELIGE BIBLIOTEK NATIONALBIBLIOTEK OG KØBENHAVNS UNIVERSITETS- BIBLIOTEK. Index

En god Facebook historie Uddannelser og valgfag målrettet datacenterindustrien!?

APT & Advanced Threat Protection - i et dansk perspektiv. Peter Sindt & Henrik Larsson Søborg, 7. november 2013

Trolling Master Bornholm 2015

Titel: Barry s Bespoke Bakery

GUIDE TIL BREVSKRIVNING

MSE PRESENTATION 2. Presented by Srunokshi.Kaniyur.Prema. Neelakantan Major Professor Dr. Torben Amtoft

ESG reporting meeting investors needs

KMD s tilgang til cybertrussler. Public

1. Formål og mål med indførelsen af værktøjet

Online kursus: Content Mangement System - Wordpress

Overfør fritvalgskonto til pension

Opdag avancerede angreb hurtigt så du kan agere på dem. Henrik Larsson, Senior Security Consultant, Dubex Vejlefjord den 21.

H2020 DiscardLess ( ) Lessons learnt. Chefkonsulent, seniorrådgiver Erling P. Larsen, DTU Aqua, Denmark,

KALK- OG TEGLVÆRKSFORENINGEN. CPR Sustainable Construction

Subject to terms and conditions. WEEK Type Price EUR WEEK Type Price EUR WEEK Type Price EUR WEEK Type Price EUR

Fundamental sikkerhed: Dubex Managed Security Services. Dubex A/S, den 9. april 2015

Immigration Housing. Housing - Renting. Stating that you want to rent something. Type of accommodation. Type of accommodation. Type of accommodation

Richter 2013 Presentation Mentor: Professor Evans Philosophy Department Taylor Henderson May 31, 2013

Microsoft Dynamics C5. version 2012 Service Pack 01 Hot fix Fix list - Payroll

Værdien ved Print Management software

APT & Advanced Threat Protection - i et dansk perspektiv. Peter Sindt 28. august 2014

Transkript:

Security & Risk Management Update 2017 Scandic Bygholm Park, Horsens, den 1. juni 2017 Premium partner: Partnere:

Beredskab in action - processen fra hændelse til oprydning Kim Elgaard 1.juni 2017

Hvad skal vi have ud af dette indlæg? Mine mål med dette indlæg: 1. Skabe overblik over forløbet i forbindelse med en sikkerhedshændelse (incident) fra forberedelsen til den afsluttende rapportering og forbedringsforslag. 2. Skabe forståelse for hvorfor beredskabet er en så vigtigt del af virksomhedernes it-sikkerhed 3. Give input til hvad man konkret skal kigge på for at blive klar til at håndtere en sikkerhedshændelse.

Hvorfor? Der er to typer virksomheder: Dem, der ved at de er blevet hacket, og dem der ikke ved at de er blevet hacket. Pointen er, at alle er blevet hacket James Comey, tidl. direktør, FBI Antallet af malware og incidents vokser støt Cryptolocker, hacktivisme og spionage er blevet hverdag Alle sektorer og industrier er/bliver udsat for angreb Begrænset adgang til it-sikkerhedskompetencer & ressourcer med den nødvendige træning og erfaring

Respond & Recover Incident response is an organized approach to addressing and managing the aftermath of a security breach or incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

It-sikkerhedsprocessen Incident Response Predict & Identify Prevent & Protect Detect Respond & Recover Security capabilities Risk Management Vulnerability Management Fundamental Security Security Monitoring Incident handling Disaster recovery Visibility Analytics Advanced Security Threat Intelligence Containment Forensics

Beredskabsprocessen Prepare Improve Detect Recover Contain Eradicate

Preparation Incident Response Plan Playbook Setting the Team Who are the players Training Backup and restore Tools Preped, tuned and up-to-date Security Maturity Level Awareness in organisation and management

Incident Response People Formal Training Internal Training On-Job Training Tools and Product Training Technology Process Incident Detection Forensics Log Collection Network Monitoring Lessons Learned Preparation Identification Threat Intelligence Incident Respond Inspiration: SANS SOC Whitepaper

Detection / Identification Early detection Honeypot/Malware hunting Indicators of compromize Behavior analysis Involve Incident Response Team first responder (Alarm!!) Activate Incident response plan Scope of Incident Data Breach Respond Plan Time IS important (MTTD) ransomware attack 54 % detects incident within 1 hour 35 % detects incident within 24 hour 11 % - later...

Containment Minimize damage minimize cost Disconnect!!! Need to do forensics Short-term Disconnect/Isolate Segment Secure Evidence Take off-line for forensics Long-term Update AV, sandbox and other protections Development scipting : tools to address Zero Days Remove malware Disable accounts Patch

Eradication When possible Reimage Replace disk to ensure evidens

Recovery Backup is key Especially in the case of ransomware Be SURE that your backup is working Is your backup Clean Speed and prioritization is important Rapid restoration of production facilities to minimize loss Monitoring of all involved systemes How to test and verify that the compromised systems are clean and fully functional. The tools to test, monitor, and validate system behavior. The duration of extended monitoring to observe for abnormal behaviors. Change passwords, enable extra logging Some of the important decisions to make during this phase are: Time and date to restore operations it is vital to have the system operators/owners make the final decision based upon the advice of the IRT.

Lessons Learned Important to learn from you incidents Don t make the same mistake twice Use the information to build better Protections...and to improve your early detections Lesson learned When was the problem first detected and by whom The scope of the incident How it was contained and eradicated Work performed during recovery Areas where the IRT were effective Areas that need to be improvemed

Prepare for Security Incident Response Check List - Inspiration Incident response plan Playbook Up-to-date Teamet Staffing and commitment Detect Threat Intelligence Containment Tools Recovery Backup or rebuild Lesson Learned Fixed form for evaluation and reporting

Hvad skal du gøre når du kommer hjem? På mandag Evauler på jeres nuværende beredskab Næste uge Udarbejd Incident response plan Næste måned Sæt teamet og træn!!

Tak!

2024 © DocPlayer.dk Fortrolighedspolitik | Servicevilkår | Feedback