ebook img

Data breach preparation and response - breaches are certain, impact is not PDF

256 Pages·2016·16.602 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Data breach preparation and response - breaches are certain, impact is not

Data Breach Preparation and Response This page intentionally left blank Data Breach Preparation and Response Breaches are Certain, Impact is Not Kevvie Fowler Curtis Rose, Technical Editor AMSTERDAM (cid:129) BOSTON (cid:129) HEIDELBERG (cid:129) LONDON NEW YORK (cid:129) OXFORD (cid:129) PARIS (cid:129) SAN DIEGO SAN FRANCISCO (cid:129) SINGAPORE (cid:129) SYDNEY (cid:129) TOKYO Syngress is an Imprint of Elsevier SyngressisanimprintofElsevier 50HampshireStreet,5thFloor,Cambridge,MA02139,USA ©2016ElsevierInc.Allrightsreserved. Nopartofthispublicationmaybereproducedortransmittedinanyformorbyanymeans,electronic ormechanical,includingphotocopying,recording,oranyinformationstorageandretrievalsystem, withoutpermissioninwritingfromthepublisher.Detailsonhowtoseekpermission,furtherinformation aboutthePublisher’spermissionspoliciesandourarrangementswithorganizationssuchastheCopyright ClearanceCenterandtheCopyrightLicensingAgency,canbefoundatourwebsite:www.elsevier.com/ permissions. ThisbookandtheindividualcontributionscontainedinitareprotectedundercopyrightbythePublisher (otherthanasmaybenotedherein). Notices Knowledgeandbestpracticeinthisfieldareconstantlychanging.Asnewresearchandexperience broadenourunderstanding,changesinresearchmethods,professionalpractices,ormedicaltreatment maybecomenecessary. Practitionersandresearchersmustalwaysrelyontheirownexperienceandknowledgeinevaluating andusinganyinformation,methods,compounds,orexperimentsdescribedherein.Inusingsuch informationormethodstheyshouldbemindfuloftheirownsafetyandthesafetyofothers,including partiesforwhomtheyhaveaprofessionalresponsibility. Tothefullestextentofthelaw,neitherthePublishernortheauthors,contributors,oreditors,assume anyliabilityforanyinjuryand/ordamagetopersonsorpropertyasamatterofproductsliability, negligenceorotherwise,orfromanyuseoroperationofanymethods,products,instructions,orideas containedinthematerialherein. Theviews,opinionsandguidancewithinthisbookarethoseoftheauthorsandnotthoseofanyother organizationorgoverningbody. ISBN:978-0-12-803451-4 LibraryofCongressCataloging-in-PublicationData AcatalogrecordforthisbookisavailablefromtheLibraryofCongress BritishLibraryCataloguing-in-PublicationData AcataloguerecordforthisbookisavailablefromtheBritishLibrary ForinformationonallSyngresspublicationsvisitour websiteathttps://www.elsevier.com/ Publisher:ToddGreen AcquiringEditor:ChrisKatsaropoulos EditorialProjectManager:AnnaValutkevich ProjectManager:PunithavathyGovindaradjane Designer:MatthewLimbert TypesetbySPiGlobal,India Contents ABOUT THE AUTHOR....................................................................................vii ABOUT THE CONTRIBUTORS.........................................................................ix ACKNOWLEDGMENTS..................................................................................xiii CHAPTER1 An OverviewofData Breaches.............................................1 Introduction.......................................................................................1 WhatIsaDataBreach?....................................................................2 LifecycleofaBreach........................................................................3 SourcesofDataBreaches................................................................6 ImpactofaDataBreach................................................................20 HistoricalChallengesWithBreachManagement.........................23 Summary.........................................................................................25 CHAPTER2 Preparing to Developa ComputerSecurity Incident ResponsePlan.....................................................................27 Introduction.....................................................................................27 CSIRPlanPlanning........................................................................27 Summary.........................................................................................48 CHAPTER3 DevelopingaComputerSecurityIncident ResponsePlan.....................................................................49 Introduction.....................................................................................49 DevelopingtheDataBreachResponsePolicy..............................49 CSIRPlanValidationandTesting...................................................69 Summary.........................................................................................77 CHAPTER4 Qualifying and Investigating aBreach...............................79 Introduction.....................................................................................79 InvokingtheCSIRTeam.................................................................80 CriticalFirstResponderSteps.......................................................80 EngagingandManagingThirdParties...........................................85 InvestigatingtheSuspectedBreach..............................................97 ConfirmingorDenyingaSuspectedBreach...............................107 v Conclusion....................................................................................107 vi Contents CHAPTER5 Containing aBreach..........................................................109 Introduction...................................................................................109 BreachContainment.....................................................................112 RemovingPostedInformationFromtheInternet.......................118 ContainingCompromisedSystems..............................................120 Summary.......................................................................................123 CHAPTER6 PreciselyDeterminingtheScopeofaBreach ..................125 Introduction...................................................................................125 DatabaseForensicsOverview......................................................125 UsingDatabaseForensicsinanInvestigation............................126 DatabaseForensicTools..............................................................128 ConnectingtotheDatabase.........................................................129 DatabaseArtifacts........................................................................131 AnalyzingDatabaseArtifacts.......................................................147 WhatAreYouTryingtoAccomplishWithYourInvestigation?....151 Summary.......................................................................................166 CHAPTER7 Communicating Before,During and After a Breach........167 Introduction:TheConceptofCyberResilience...........................167 BeforeaCrisis..............................................................................169 DuringaCrisis..............................................................................178 AfteraCrisis.................................................................................183 CHAPTER8 Restoring Trustand Business Services After a Breach...187 Introduction...................................................................................187 TheDifferenceBetweenContainmentandRecovery.................187 RecoveringYourEnvironment......................................................188 CertifyingYourEnvironment........................................................202 RestoringBusinessServices.......................................................203 ConductingaBreachPostmortemReview..................................203 ImprovingCyberSecurityAfteraBreach....................................206 CreatingaCyberDefensiblePosition..........................................207 Summary.......................................................................................214 CHAPTER9 Preparing forBreach Litigation........................................217 Introduction...................................................................................217 BreachLitigation..........................................................................218 FromClaimtoSettlement...........................................................222 TheVolumeofDataBreachLawsuits.........................................223 PreparingforBreachLitigation...................................................224 BreachesandtheBoard..............................................................228 Summary.......................................................................................229 Appendix....................................................................................................................231 Index..........................................................................................................................237 About the Author Kevvie Fowler is a partner and National Cyber Response leader for KPMG Canadaandhasover20yearsofIT,securityandforensicsexperience.Heassists clientsinidentifyingandprotectingcriticaldataandproactivelypreparingfor, responding to, and recovering from Breaches in a manner that minimizes impact and interruption to their business. KevvieisacybersecurityandforensicsexpertwhoisauthorofDataBreachPrep- arationandResponseandSQLServerForensicAnalysisandcontributingauthorto severalsecurityandforensicsbooks.Heisaninstructorwhotrainslawenforce- mentagenciesoncyberforensicandresponsepracticesandhiscyberforensics researchhasbeenincorporatedintoformalcoursecurriculumwithinindustry andacademicinstitutions.KevvieisaSANSlethalforensicatorandamemberof the SANS Advisory Board and the Board of Referees for the Elsevier Digital InvestigationJournalwhereheguidesthedirectionofemergingcybersecurity and forensics research. vii This page intentionally left blank About the Contributors Paul Hanley is a recognized expert in information security, with significant experience in the field. He has particular experience in aligning security functions to the needs of the business and in delivering global cyber security programmes. He is the national lead partner for cyber security at KPMG Canada. Paul’sspecialismsincludeleadinglarge-scalecybersecurityandtransformation programs.Healsohasexpertknowledgeininformationsecurityriskmanage- ment, technical security architecture design, cyber maturity assessments, cryptography, and security compliance. In his career, Paul has been directly involved with a number of high profile, billion-dollarbanking, government,andotherprogramsandhas builtstrong businessrelationships. Paul regularly provides input into and comments on draft Security Standards and is the “go to” person for cyber advice for anumber of regulators. He has beenprofiledbySCMagazine,theguestpresenteratmanyhighprofilesecurity events, and his activities have been shown in the media, on television, in the broadsheets,and inthe specialist information security press. Greg Markell is a leading insurance expert on the topic of cyber and privacy liability. In his current practice, he advises public, private, and nonprofit organizations regarding their risk transfer of organizational exposure to cyber-related losses. Gregbeganhiscareerunderwritingforalargenationalinsurer,startinginprop- erty and casualty before quickly moving into executive and professional risk, with a focus on director’s and officer’s (D&O) insurance. He then moved on tojoinanationalbrokerage,focusingonspecialtyinsuranceproductsforfinan- cialservicescompanies,includingD&Oandcyberliability.Heleftthisfirmasa partnerin2014andjoinedatop10globalbroker,whereheisaresourceforhis colleaguesfor D&O and is the practice leader for cyberand privacy liability. ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.