2012 cwag annual meeting state agency data breaches loss prevention, response and remediation...
Post on 28-Dec-2015
218 Views
Preview:
TRANSCRIPT
2012 CWAG Annual Meeting
State Agency Data BreachesLoss prevention, response and remediation strategies
Employees
Job Seekers
Mortgagees
Identity Exploitations: 12+ years of our cases
Insured
The Scams Persist and This is Now an Industry
+ Prevention
+ Detection
+ Analysis & Response
Prevention
Data Loss Prevention: Comprehensive Approach People, Processes and Systems to Identify, Monitor and Protect Data...
+ In Use (endpoints, devices)
+ In Motion (network)
+ At Rest (storage)
Data Loss Prevention: Conduct Gap Analysis
+ Your Current Security System Versus What You Need to Have in Place
+ What Other Service Providers or Counter-Party are Points of Vulnerability?
+ What Other Data Do You Hold That Could Become Valuable?
+ What Processes (Internal and/or External) Can be Tightened Up?
Detection
Analysis
Data Theft Is Preceded by Smaller Intrusions...Catch Me if You Can
+ We Can Home In On Who Is Attacking
+ We Can Identify How Much Data Went Out
+ What Data Went Out, Where It Went
+ Stop the Bleeding
State Agency
State Agency
Supplier
Analytics: Real-time..or post-mortem
Analysis
An Incident Response Function and Plan Must be In Place
+ Discover Attack and Exfiltration
+ Identify Data Which Has Gone Out and Where It Went
+ Contain Damage
+ Eradicate Perpetrator’s Presence
+ Recover System and Data Protection in Secure Manner
+ Conduct in Forensically Sound Manner
+ Identify What Led to Intrusion to Prevent
Monitoring, Detection and Remediation Providers:
www.krollfraudsolutions.com
www.intersections.com
www.idanalytics.com
www.inguardians.com
www.mandiant.com
www.mantech.com
Self-help resource
http://www.sans.org/critical-security-controls/
+ 20 Security Controls For Effective Cyber Defense - The SANS Institute
+ Consortium-led Approach to Determining Best Practices and Most Cost Effective Security Across Government Bodies
Wireless Access Code: 9166703926
top related