IH - Overview - Module 1 Powerpoint Presentation.pptx
trevor501353
17 views
14 slides
Mar 05, 2025
Slide 1 of 14
1
2
3
4
5
6
7
8
9
10
11
12
13
14
About This Presentation
IH - Overview - Module 1 Powerpoint Presentation.pptx
Slide Content
Incident Handler Certification Dr. Kevin F. Streff Founder and Managing Partner 1
Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com [email protected] 605.270.4427 2
Module 1 Incident Response Management Overview 3
Agenda 4 Module 1 Incident Response Overview Module 2 Incident Response Laws and Regulations Module 3 The Fit of Incident Response in Information Security and Privacy Programs Module 4 Privacy Incidents Module 5 Security Incidents Module 6 Incident Response Program Overview Module 7 Step 1 - Preparation Module 8 Step 2 - Detection and Analysis Module 9 Step 3 - Contain, Eradicate, and Recover Module 10 Step 4 - Post Incident Activity Module 11 Incident Response Testing Module 12 Third Party Incident Response Requirements Module 13 Incident Response Auditing Module 14 Incident Response Metrics
Overview – Security Definitions Information Security TRIAD: Confidentiality – keeping privacy data privacy Integrity – ensuring the accuracy of information Availability – ensuring that information is accessible when and where it is needed 5
Review Serious Cyber Incidents 11 Biggest Cyberattacks in History | Cobalt The Top 20 Biggest Cyber Attacks in History 6
Significant Privacy Data Breach Cambridge Analytica, 2018 Had both security and privacy implications This breach served as a wake-up call, emphasizing the need for better vendor and service provider security and privacy practices. Coincided with GDPR timing, and emphasized the potential abusing access to information. 7
Security By Design Security by Design Principle Definition 1: Proactive, Not Reactive; Preventative, Not Remedial Security must be a forethought in any product, service, system or process. Security considerations should help drive the design, not the reverse (the design driving security violations). 2: Security as the Default Setting Individuals should not have to resort to self-help to protect their security; the default should be security preserving. Activities that exceed the expected context must require affirmative informed consent of the individual. 3: Security Embedded into Design Security should be so ingrained into the design that the system or process wouldn’t function without the security-preserving functionality. 4: Full Functionality – Positive Sum, Not Zero Sum Security and other design requirements should not be treated as a trade-off. Designers must develop creative win-win solutions. 5: End-to-End Security – Full Life Cycle Protection From cradle to grave, security of personal information must be considered at every stage of the information life cycle: collecting, processing, storage, distribution and destruction. 6: Visibility and Transparency – Keep It Open The use of personal information should not be obscured or obfuscated, and disclosure about that use must consider the needs and sophistication of the respective audiences. 7: Respect for User Security; Keep It User Centric The individual is the principal beneficiary of security and the one affected when that security is violated; therefore, their needs and risks should be forefront in the minds of designers. 8
The goal of incident response is two-fold: prevent cyberattacks before they happen, and minimize the cost and business disruption resulting from any cyberattacks that occur Business is set up to run optimally and incidents interrupt this designed flow Can be either a security or privacy incident. Incident Response Management 9
Incident Response Handling Incidents are serious and can affect accountholder satisfaction and your ability to achieve your business goals 10 American Security and Privacy, LLC
Planning leads to protection 11 American Security and Privacy, LLC
Incident Response Benefits Primary Benefits: Keep banking systems available to accountholders when and where they need them Reduced risk and severity of security and privacy breaches, which can result in fines, penalties, or civil lawsuits against the organization Secondary Benefits: Building and maintaining the brand value and the organization’s reputation Maintaining the trust of investors, customers, and the general public 12
Without Planning… Measure twice Cut once 13 American Security and Privacy, LLC
Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com [email protected] 605.270.4427 14 American Security and Privacy, LLC
Tags
Categories
BusinessDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 17
- Slides 14
- Age 272 days
Related Slideshows
1
DTI BPI Pivot Small Business - BUSINESS START UP PLAN
MeljunCortes
30 views
1
CATHOLIC EDUCATIONAL Corporate Responsibilities
MeljunCortes
31 views
11
Karin Schaupp – Evocation; lançamento: 2000
alfeuRIO
30 views
10
Pillars of Biblical Oneness in the Book of Acts
JanParon
27 views
31
7-10. STP + Branding and Product & Services Strategies.pptx
itsyash298
29 views
44
Business Legislation PPT - UNIT 1 jimllpkggg
slogeshk98
32 views