Professional Documents
Culture Documents
& Institutional
Response
Mechanism in an
Related Incidents
Organization to Handle
Cyber Security
I CM Iqbal Kaur
R
2/18
What is
cyberspace?
A global domain within the information environment
consisting of the interdependent network of
information technology infrastructures, including the
Internet, telecommunications networks, computer
systems, and embedded processors and controllers.
A DEFINITIONOF CYBE
RSPACE
3/18
Life in a Networked
World
R a p i d D e v e l o p m e n t in I n f o r m a t i o n
Te c h n o l o g y
monitors &
2020
There are 730 million internet ussrs and 75%
controls
new users from rural areas and 75% new users
to consume data in vernacular languages.
83% CAGR mobile video content growth,
critical
175 million have started shopping online.
70% are performing E-commerce transactions
Infrastructu
via mobile phones.
re
5/18
VULNERABILITY
Cyberspace has inherent vulnerabilities that
cannot be removed
Cyber
Security ASSIGNING ATTRIBUTION
Challeng
Internet technology makes itrelatively easy
to misdirect attribution to other parties
es DEFENCE
Computer Network Defense techniques,
tactics and practices largely protect
individual systems and networks rather than
critical operations (missions)
6/18
Ransomware Statistics
Vulnerable to Risks 2017
75% 1 in
OF INDIAN CXOS ADMIT THEY LACK
CONFIDENCE IN THEIR
COMPANIES CYBERSECURITY
PROCESSES
131
26% share of respondents whose security EMAILS CONTAIN MALWARE
operations centres collaborate and share data with
others in the industry.
How Does any institute
prevent cyber
crimes?
Every institute has its specific incident handling rules
depending on the type of organisation.
For example: an organisation tending to its customers in
real time may have its focus on its servers rather than on
data and an organisation which stores confidential data
like a bank may have more focus on data security.
What is an incident?
An incident is an adverse event or threat of an adverse
event in a computer system (the event maybe an misuse,
hoax, intrusion or even compromise of confidentiality)
Incident
9/18
Incident Handling
handling consists the set
of rules/actions which
was executed to protect
and restore the
normal operating
the systemcondition
and of
information th
when event occurs. e
adverse
a
10/18
Stages to Incident
Handling
cause its business to go under or suffer heavy losses if it were stolen or damaged?
2.Identify Potential risks: This includes a little bit of research depending on the organisation, for example
a bank may have risks like phishing calls that reveal any confidential details from its clients.
3.Establish Procedures: After identifying the risks, a set of actions should be decided to prevent as much
as you can. For example: for things like phishing calls you can make you clients aware so that they do
not response to such calls. Moreover, even if a breach happens these set of actions should be
performed by the employee to bring back the system to the original state.
12/18
Preparation| Stage
1
4. Set up a response team: You’ll need to designate a team that helps coordinate the actions of your
company after the discovery of a data breach. The goal for this team is to help coordinate resources during a
security incident to minimize impact and restore operations as quickly as possible.
5.Sell the plan: Your incident response team won’t be very effective if you don’t have the proper backing and
resources to execute the plan. This is true from enterprise organizations to smaller, one-off businesses. That’s
why you need to make sure that those who control your company’s purse strings are aware of the need and
benefits of having an incident response plan.
6.Employee Training: Just having an incident response plan won’t help you in a data breach. Your employees
need to be aware of the plan and be properly trained on what they’re expected to do should you get
breached. Test the response plan through tabletop exercises. These exercises familiarize your employees with
their particular roles in a data breach by testing your response plan through a potential hacking scenario
13/18
STAGE 2
This is the process whereIDENTIFICATTION
you determine whether you’ve been breached. A breach, or incident, could
originate
from many different areas.
Questions to address
just get rid of it. However, that will likely hurt you in the long run since you’ll be destroying valuable
evidence that you need to determine where the breach started and devise a plan to prevent it from
happening again.
Instead, contain the breach so it doesn’t spread and cause further damage to your business. If you can,
disconnect affected devices from the Internet. Have short-term and long-term containment strategies
ready. It’s also good to have a redundant system back-up to help restore business operations. That way,
This is also a good time to update and patch your systems, review your remote access protocols
(requiring mandatory multi-factor authentication), change all user and administrative access credentials
ERADICATION
Once you’ve contained the issue, you need to find and eliminate the root cause of the breach. This means all
malware should be securely removed, systems should again be hardened and patched, and updates should
be applied.
Whether you do this yourself, or hire a third party to do it, you need to be thorough. If any trace of malware or
security issues remain in your systems, you may still be losing valuable data, and your liability could increase.
Questions to address
environment. During this time, it’s important to get your systems and business operations up and running
Questions to address
What tools will ensure similar attacks will not reoccur? (File integrity monitoring,
UP
Once the investigation is complete, hold an after-action meeting with all Incident Response Team members
and discuss what you’ve learned from the data breach. This is where you will analyze and document
everything about the breach. Determine what worked well in your response plan, and where there were some
holes. Lessons learned from both mock and real events will help strengthen your systems against the future
attacks.
Questions to address