《《时尚领导者》PPT课件.ppt》由会员分享,可在线阅读,更多相关《《时尚领导者》PPT课件.ppt(13页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、Cyber Disaster Recovery20 years ago Disaster Recovery(D/R)plans protected brick and mortar companies.Today it must protect the growing virtual side of business:E-business.Why Focus on Incident Preparedness?20 years ago,survival of the business depended on survival of the brick-and-mortar infrastruct
2、ureEarthquake and hurricane“proof”buildingsRedundant power and communicationsDisaster recovery planningRegulatory requirementsToday,survival of the business also depends on survival of the information infrastructureFirewalls,proxies,access controlsVPNs,encryption,authenticationGrowing regulationSOXH
3、IPPAGLBACA Breach LawPlanning ahead insures against catastropheOverviewTraditional disaster recovery(D/R)planning is formal and tested regularlyCyber-D/R planning is less mature,but more necessary todayCyber-D/R requires quick reaction and different skill sets:e.g.,computer forensicsGrowing trend to
4、ward prosecutionCritical infrastructure protection requires better Cyber-D/R planning and response capability“Traditional”disaster recoveryBusiness impact analysisDetermine functional areas critical to the businessIdentify critical computer systems and applicationsDetermine disaster recovery budgetF
5、ormal disaster recovery planDisaster declaration criteria and proceduresHot-site and cold-site arrangementsStaff response/call-out plansRecovery proceduresAnnual testing“Cyber”disaster recoveryBusiness impact analysisFocusing on impact of“electronic”disasters such as computer security breaches,inste
6、ad of“natural”disastersComputer Security Incident Response PlanSimilar in structure to disaster recovery planIncident declaration criteria and proceduresStaff response/call-out plansRecovery proceduresRestore operations“in-place,”not at hot-site Focus on forensic approachQuarterly testingAn observat
7、ionISS responded to as many intrusion incidents in Q4-03 alone as it did all of 2003.75%of the cases have requested forensic evidence considerations for prosecution.These incidents were all different,but they have had recurring themes which make them easier to prepare for.What happened?These inciden
8、ts were not caused by“natural”disasters like fire,flood,or earthquakeA“traditional”disaster recovery plan would not have been sufficientBut the potential effects were the sameAbility to conduct business was impactedReputation could have been damagedFinancial loss could have occurredLoss of customers
9、The need for good and timely informationDuring a natural disaster,information is made available to us by television,radio,and government sourcesDuring a cyber-disaster,we are almost always limited to the information we can obtain for ourselvesPlanning and response are improved when we know ahead of
10、time how these attacks work and how we can defend against themObtaining good and timely informationDo you have skills in-house to stay on top of threats and vulnerabilities?Does your staff respond to attacks frequently enough to keep their skills sharp?Do you have(and follow)escalation,notification
11、and handling procedures?What is the value of a second opinion when you think youre under attack?Can you conduct a forensic investigation without contaminating evidence?What are your regulatory requirements?Information Security LifecyclePut all this in place without impacting usersWhat can we add or
12、change to improve our security?How well are we protected,now and in the future?Given what we have,how do we handle security incidents?Goals of an Incident ResponseGain control of any upcoming security problemsFacilitate centralized reporting of incidentsCoordinate response to incidentsRaise security awareness of usersProvide a clearinghouse of relevant computer security informationPromote security policiesProvide liaisons to legal and criminal investigative groups both inside and outside the company