Scribd Logo
Upload

Welcome to Scribd!

  • Data Theft

    Uploaded by

    Atinuke Owete
    19 views7 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    19 views7 pages

    Data Theft

    Uploaded by

    Atinuke Owete

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    P R E PA R E - D ATA T H E F T

    Determine Core
    Ops Team Vulnerability Threat Risk
    Manager Manager Manager
    & Define Roles

    Review &
    Maintain Timeline

    Interviews Physical Key


    User Manager
    Security Stakeholders

    Document Internal Path External Path Document

    Next
    Step
    D E T E C T - D ATA T H E F T

    Prev
    Step

    Emails returned as Identification or Large data dumps of


    Undeliverable due publication of databases, network
    to size limitations proprietary information shares or other
    outside the organization computer systems

    Local disk or network Notification of extortion Define


    shares that are near full in order to recover Standard Threat Custom Custom Indicators
    capacity stolen data Indicators

    Reporting of large Work performed


    emails being sent by outside of normal
    a single user business hours Categorize
    Incident

    Reports of removable
    and/or mobile devices
    being used to copy data Request Packet
    Capture

    Conduct Scans

    Next
    Step
    A N A LY Z E - D ATA T H E F T

    Prev
    Step

    Stolen data damaging to External user PII or


    Internal user PII or other
    business operations or other protected
    protected information
    brand of the information has
    has been stolen
    organization been stolen

    PII or other protected Compliance regulations


    information has been have been violated Standard Define Risk
    Factors
    Custom Custom Factors
    compromised

    Products/goods
    Public or personnel Customers are affected
    /services are affected by
    safety affected by this incident Determine Patch
    this attack
    Methods

    Ability to control /
    record/measure/track There is indication of There is internal
    any significant amounts who performed the data knowledge of this
    of inventory/products / theft incident Log Collection
    cash/revenue is lost

    There is external Identify worst-case Identify business


    knowledge business impact if operations that may be
    of this incident unable to mitigate this affected and identify
    Evidence Collection
    attack any alternate courses

    Identify business Identify additional Determine risk of the


    implications of the Data technical implications stolen data being
    Theft of the Data Theft released to the public Data Capture

    Analysis

    Next
    Step
    C O N TA I N - D ATA T H E F T

    Prev Identify the system(s)


    Servers Desktop Laptop Mobile VM LDAP
    Step that have been affected Directory

    Identify user credentials


    compromised
    or at risk

    Identify method used


    to steal data

    Identify systems used


    to steal data
    Incident Threat
    Database Database

    Identify any source Vulnerability System


    attribution collected Select Database Query Database Generate Report
    Logs Logs

    Identify lateral movement of


    compromised users View Report View Record Details Select Records Copy Record Details
    throughout enterprise

    Identify the tools used Removable


    to detect the attack SIEM IDS Firewall Scanners Antivirus Device Monitors

    Next
    Step
    E R A D I C AT E - D ATA T H E F T

    Prev
    Step

    Triage & Confirm Request System Contain malicious


    Test Code
    Incident Report Patch Code Sample

    Direct Conference
    Phone Call Call

    In-Person Intranet
    Meeting Meeting
    Communications

    Mobile Internet
    Messaging Meeting

    Add/Change/ Determine method of


    Eradicate Malware Remove Affected
    Perform data
    forensics
    removing data from
    the organizations
    System/Site/Network
    enterprise network

    Monitor network Create alert


    signatures for
    Prepare to
    temporarily scan or Implement device
    traffic for ongoing suspected data block all outbound
    data more than ___
    control monitoring
    and control systems
    theft exfiltration Mb in size

    Next
    Step
    R E C O V E R - D ATA T H E F T

    Prev
    Step

    Identify ways to
    Recover Systems Reimage IDS/IPS &
    Firewall Updates
    mitigate further
    removal of data

    Coordinate AV
    Incident Wipe & Baseline
    Scan host with Scan File Share Remove updates to be
    updated with updated Vulnerabilities & pushed upon
    Remediation System
    Signature Signature Update Routers release from AV
    Vendor

    Next
    Step
    P O S T- I N C I D E N T - D ATA T H E F T

    Prev
    Step

    Sensitive
    Electronic Personal
    Incident Review Health Information
    Government
    Information
    (ePHI) Compromised?
    Compromised?

    Discovery Policy Updates Process Updates Configuration


    Lessons Uncovered Meeting Defined Defined Updates Defined

    Policies Process Changes Configurations


    Lessons Applied Implemented Implemented Applied

    Response Workflow
    Updated

    You might also like