testing 14aug12

Northampton, UK

#1 Aug 15, 2012
Managing a Data Loss Incident/CrisisPhil GengeHead of Information SecurityJanuary 2009
Agenda
•Background context •Strategies to manage a major breach in security•What investment should you make in business continuity?•The effects of a crisis on the business
What do we have to protect……Over 13 million customers19 thousandemployeesOver 900 retail outlets, telephone& internetservicesAssetsover170b n
StaffAssetsBranchesCustomersMa naging incidents•Identify, categorise and escalate•Assemble the team•Manage the process•Thinking strategically
incidentsStaffAssetsBranchesCu stomersAssemble the team•Mobilise quickly•Know who to call on•Pre-defined roles and responsibilities•Comprehensive coverage•IS to provide leadership•Incident priority over BAU
incidentsStaffAssetsBranchesCu stomersThink strategically•Find the root cause and address•What themes are you seeing across multiple incidents?•What policies are being breached?•Assurance follow up?
Attributes of a world class capability:
•open and honest culture of reporting
•incidents are reported promptly
•reviewed quickly by central team to assess level of risk
•level of risk reviewed regularly throughout lifecycle
•business actively involved in resolution and future prevention
•defined response plan and standard process which are followed and assessed
•key stakeholders are engaged in onward reporting, containment and resolution
•when cust. info. is compromised an assessment completed to identify levelof fraud risk
•where fraud risk is material customers are notified and advice given
•where fraud risk is material we notify the ICO
•IS senior manager has overall responsibility for management of incidents
•incident MI is produced/reviewed to identify and address themes
•incident themes are communicated to the business
•where incident merits, action group convened to manage; IS senior manager leads
•there are consequences for those employees causing incidents
•incident management function engages with other parts of ISMS to ensure joined up
As little as necessary, driven by your risk appetite….•Nationwide has a low risk appetite for operational risk generally, BC is the only exception•By its nature BC spending may be:•The best investment your ever made –how likely?•A sunk cost –more likely!•Complete your BIA•Who is a priority?•What needs do they have?•How is your business structured –Nationwide has 5 main admin sites•What ever you do, test it
What will you see and hear? 1.People looking for somebody to blame2.A vacuum of leadership 3.Not thinking strategically4.Controls will harden5.Investment is forthcomingWhat should you do? 1.Park the witch hunt, focus on mitigation2.Step up and lead 3.Take a step back, where else are we exposed?4.Harden but review –ensure good usability5.Take the opportunity to invest
testing2 14aug12

Northampton, UK

#2 Aug 15, 2012
web security | data security | email security © 2009 Websense, Inc. All rights reserved.
Information protection –how to use DLP
as an educational and prevention tool for
internal and external threats
Lior Arbel
DLP Managing Consultant –EMEA
Websense Inc.
151. Customer details?2. Credit card numbers?3. Financial and Marketing documents?5. HR data?4. Patents and secret documents?YESMAYBENO6
…defining what is really confidential for an enterprise.
So let’s do it:WHAT IS CONFIDENTIALWHAT CONFIDENTIALFOR MEFOR ME
…defining what is really confidential for an enterprise.
So let’s do it:WHAT IS CONFIDENTIALWHAT CONFIDENTIALFOR MEFOR ME
…defining what is really confidential for an enterprise.
So let’s do it:WHAT IS CONFIDENTIALWHAT CONFIDENTIALFOR MEFOR ME
Malicious blended attack example
Zeus Campaign Targeted Government Departments
Date:08.02.2010 / Threat Type: Malicious Web Site / Malicious Code
Websense Security Labs™ThreatSeeker™Network has discovered a new Zeus campaign
(a banking data stealing Trojan) which is now targeting government departments.
Our research shows that the campaign has especially targeted workers from government and
military departments in the UK and US: we found most victims' email addresses end with .gov.
Our ThreatSeeker™Network has seen thousands of emails which pretend to be from the National
Intelligence Council.
The email subjects include: "National Intelligence Council“"RE: National Intelligence Council“
"Report of the National Intelligence Council“
The spoofed emails lure victims to download a document about the "2020 project"; this is actually
A Zeus bot. The Web sites which host the bot look very trustworthy: one of them is a
Compromised organization Web site and the other is located on a popular file hosting
service.
The bot has root kit capabilities and connects to C&C servers atupdate*snip*.com and
pack*snip*.com to report back on a successful infection and to download some archives with DLLs, it
also modifies the hosts file to prevent updates from popular anti-virus vendors.
9
Source: Websense Security Labs

Tell me when this thread is updated:

Subscribe Now Add to my Tracker

Add your comments below

Characters left: 4000

Please note by submitting this form you acknowledge that you have read the Terms of Service and the comment you are posting is in compliance with such terms. Be polite. Inappropriate posts may be removed by the moderator. Send us your feedback.

Barclays plc Discussions

Title Updated Last By Comments
News Barclays launches investigation after customer ... (Feb '14) Mar '14 Ryan 3
News Ruth Sunderland: Libor pain looming over RBS (Jan '13) Jan '14 jack loach 5
News UBS to pay $1.5 billion for Libor fraud; two tr... (Dec '12) Feb '13 syndicate 10
Paying for a car (Dec '12) Dec '12 paula 1
News Sir Mervyn King criticised for role in Bob Diam... (Aug '12) Oct '12 Amanda 2
News Baltimore: The city that sues the banks (Aug '12) Aug '12 Michael Mason-Mahon 1
poc (Aug '12) Aug '12 ten 1
More from around the web