Data Breach Preparation and Response

Breaches are Certain, Impact is Not
 
 
Syngress (Verlag)
  • 1. Auflage
  • |
  • erschienen am 8. Juni 2016
  • |
  • 254 Seiten
 
E-Book | ePUB mit Adobe DRM | Systemvoraussetzungen
E-Book | PDF mit Adobe DRM | Systemvoraussetzungen
978-0-12-803450-7 (ISBN)
 

Data Breach Preparation and Response: Breaches are Certain, Impact is Not is the first book to provide 360 degree visibility and guidance on how to proactively prepare for and manage a data breach and limit impact. Data breaches are inevitable incidents that can disrupt business operations and carry severe reputational and financial impact, making them one of the largest risks facing organizations today. The effects of a breach can be felt across multiple departments within an organization, who will each play a role in effectively managing the breach. Kevvie Fowler has assembled a team of leading forensics, security, privacy, legal, public relations and cyber insurance experts to create the definitive breach management reference for the whole organization.


  • Discusses the cyber criminals behind data breaches and the underground dark web forums they use to trade and sell stolen data
  • Features never-before published techniques to qualify and discount a suspected breach or to verify and precisely scope a confirmed breach
  • Helps identify your sensitive data, and the commonly overlooked data sets that, if stolen, can result in a material breach
  • Defines breach response plan requirements and describes how to develop a plan tailored for effectiveness within your organization
  • Explains strategies for proactively self-detecting a breach and simplifying a response
  • Covers critical first-responder steps and breach management practices, including containing a breach and getting the scope right, the first time
  • Shows how to leverage threat intelligence to improve breach response and management effectiveness
  • Offers guidance on how to manage internal and external breach communications, restore trust, and resume business operations after a breach, including the critical steps after the breach to reduce breach-related litigation and regulatory fines
  • Illustrates how to define your cyber-defensible position to improve data protection and demonstrate proper due diligence practices


Kevvie is a Partner and National Cyber Response Leader for KPMG Canada and has over 19 years of IT security and forensics experience. Kevvie assists clients in identifying and protecting critical data and proactively preparing for, responding to and recovering from incidents in a manner that minimizes impact and interruption to their business.
Kevvie is a globally recognized cyber security and forensics expert who in addition to author of Data Breach Preparation and Response is author of SQL Server Forensic Analysis and contributing author to several security and forensics books. He is an instructor who trains law enforcement agencies on cyber forensic and response practices. His cyber forensics research has been incorporated into formal course curriculum within industry and academic institutions including ISC2 and the University of Abertay Dundee. Credited with advancing the field of digital forensic science, Kevvie is a SANS lethal forensicator and sits on the SANS Advisory Board where he guides the direction of emerging security and forensics research.
As a sought after speaker, Kevvie has engaged executive and technical audiences at leading conferences and events including Black Hat, SECTOR, OWASP and the HTCIA and is a resource to the media with features on-air and in print within leading television, news and industry publications including The Business News Network, The Globe and Mail and Information Security and SC magazine.
  • Englisch
  • Saint Louis
  • |
  • USA
Elsevier Science
  • 27,45 MB
978-0-12-803450-7 (9780128034507)
0128034505 (0128034505)
weitere Ausgaben werden ermittelt
  • Front Cover
  • Data Breach Preparation and Response: Breaches are Certain, Impact is Not
  • Copyright
  • Contents
  • About the Author
  • About the Contributors
  • Acknowledgments
  • Chapter 1: An Overview of Data Breaches
  • Introduction
  • What Is a Data Breach?
  • Lifecycle of a Breach
  • Sources of Data Breaches
  • Cyber Crime
  • The Cyber Criminals
  • Petty Criminals
  • Organized Criminals
  • Hacktivists
  • Nation-State Sponsored Criminals
  • Criminal Communication Channels
  • The Invisible Web
  • Profiting From Cyber Crime
  • Selling Stolen Data
  • Cyber Extortion
  • Selling Illegal Services
  • Errors and Omissions
  • Third Parties
  • Impact of a Data Breach
  • Direct Costs
  • Indirect Costs
  • Systemic Costs
  • Historical Challenges With Breach Management
  • Summary
  • Chapter 2: Preparing to Develop a Computer Security Incident Response Plan
  • Introduction
  • CSIR Plan Planning
  • CSIR Plan Development Prerequisites
  • Gaining Executive Support
  • Building a CSIR Team
  • Identifying Critical Assets and Breach Scenarios
  • Critical Asset Identification
  • Defining What Is Important to Your Organization
  • Defining What Is Important to Cyber Criminals
  • Breach Scenarios
  • Identifying Potential Evidence Sources and the Types of Evidence
  • Defining CSIR Plan Requirements
  • Legal Considerations
  • Pre-Breach Public Disclosure
  • Legal Components of the CSIR Plan
  • Assessing Your Organization's Breach Legal Risk Profile
  • Factor Description
  • Inquiry
  • Mandatory (and Voluntary) Breach Notification
  • Law Enforcement Management
  • Maintaining Privilege
  • Evaluating Cyber Insurance
  • Assess Your Cyber Risk
  • Managing Your Cyber and Privacy Risks
  • Financing Your Cyber and Privacy Risks
  • Summary
  • Chapter 3: Developing a Computer Security Incident Response Plan
  • Introduction
  • Developing the Data Breach Response Policy
  • CSIR Plan Document Elements
  • Introduction
  • Management Commitment
  • Scope and Ownership
  • Definitions
  • Incident Assessment and Classification
  • Incident Assessment
  • Incident Classification
  • Incident Severity
  • How Sensitive Information is Classified
  • Other Terms and Events
  • Roles and Responsibilities
  • CSIR Plan Methodology
  • Preparation
  • Ensuring Effective Cyber Security
  • CSIR Plan Logistics and Planning
  • Evidence Types and Sources
  • Detection
  • Self-detection
  • External Breach Detection
  • Qualification
  • Investigation
  • Containment
  • Recovery
  • Post Incident Activities
  • Post-Mortem Reviews
  • Use of Evidence and Evidence Retention
  • Improving Cyber Security
  • Documentation and Reporting
  • CSIR Plan Validation and Testing
  • CSIR Plan Document Validation
  • CSIR Plan Testing
  • Planning for a CSIR Plan Test
  • Test Objectives
  • CSIR Plan Test Scenarios
  • Hindrance Events
  • Establishing CSIR Plan Testing Roles
  • CSIR Plan Testing Facilities
  • Executing a CSIR Plan Test
  • Evaluating the Testing
  • CSIR Plan Performance Metrics
  • Summary
  • Chapter 4: Qualifying and Investigating a Breach
  • Introduction
  • Invoking the CSIR Team
  • Critical First Responder Steps
  • Evidence Acquisition
  • Initial Reporting
  • Engaging and Managing Third Parties
  • Data Breach Coach
  • Data Breach Legal Counsel
  • Forensics, Security, and Technical Consultants
  • Law Enforcement
  • Cyber Insurer
  • Investigating the Suspected Breach
  • Interviewing Key Organizational Personnel
  • 10 Core Interview Questions to Ask in Each Breach Investigation
  • Developing a Hypothesis
  • Locard's Exchange Principle
  • Occam's Razor
  • The Alexiou Principle
  • Developing an Investigation Plan
  • Executing Your Plan and Following the Facts
  • Confirming or Denying a Suspected Breach
  • Conclusion
  • Chapter 5: Containing a Breach
  • Introduction
  • Breach Containment
  • What Are You Containing?
  • Remediating Your Exposures
  • Are There More of You?
  • Removing Posted Information From the Internet
  • Containing Compromised Systems
  • Shutting Systems Down
  • Removing Systems From the Network
  • Patching Systems
  • Rebuilding Systems
  • Summary
  • Chapter 6: Precisely Determining the Scope of a Breach
  • Introduction
  • Database Forensics Overview
  • Contents
  • Using Database Forensics in an Investigation
  • Defining the Objective of Your Investigation
  • Database Forensic Tools
  • Connecting to the Database
  • Logging Your Actions
  • Connecting Using a Tool
  • Connecting Using Native Clients
  • Database Artifacts
  • Database Artifact Volatility
  • Execution Plans
  • Execution Plan Limitations
  • Execution Plan Evictions
  • Paramaterization
  • Transaction Logs
  • Transaction Log Limitations
  • Database Object Timestamps
  • Database Object Timestamp Limitations
  • Preserving Database Artifacts
  • Using a Tool
  • Preserving Artifacts Using the Native Database Platform Clients
  • Execution Plans
  • SQL Server
  • Oracle
  • MySQL
  • Transaction Logs
  • SQL Server
  • Oracle
  • MySQL
  • Database Object Timestamps
  • SQL Server
  • Oracle
  • MySQL
  • Analyzing Database Artifacts
  • Analyzing Artifacts Manually
  • Analyzing Artifacts Using a Tool
  • Creating a Case File
  • What Are You Trying to Accomplish With Your Investigation?
  • Investigating Nonmalicious Events
  • Providing Assurance in Association With a Breach
  • Using Database Forensics to Provide Assurance
  • Determine Where the Sensitive Information Is Located Within the Database
  • Determining the Scale of Impact
  • Developing a Database Activity Timeline
  • Recovering Deleted Objects
  • Identifying Previously Executed Database Statements
  • Positive Assurance
  • Identifying Indicators of Database Compromise
  • Identifying a Database Logins Past Activity
  • Summary
  • Chapter 7: Communicating Before, During and After a Breach
  • Introduction: The Concept of Cyber Resilience
  • Before a Crisis
  • Planning Ahead
  • Widening Your Cyber Scope
  • The Role of Social Media
  • The Speed Imperative
  • Lining up Resources
  • Shortening the Chain of Command
  • Training Management
  • Running Simulations
  • Guiding Light Strategy
  • During a Crisis
  • Assess
  • Resolve
  • Control
  • After a Crisis
  • Discovery-to-Notification Time Gap
  • Adequacy of Safeguards in Place
  • Appropriateness of Data Held
  • Expert Analysis of Your Preparation and Response
  • Summary
  • Chapter 8: Restoring Trust and Business Services After a Breach
  • Introduction
  • The Difference Between Containment and Recovery
  • Recovering Your Environment
  • Regaining Control Over the Environment
  • Halting All Changes Within the Environment
  • Isolating Systems
  • Changing System and Application User Credentials as Needed
  • Controlling Access to Backups as Needed
  • Deploying Monitoring Equipment
  • Secondary Communication Channels
  • Identifying Compromised Hosts
  • Using Indicators of Compromise and Indicators of Attack
  • Tools
  • Determining What to Search for
  • On the Network
  • On Hosts
  • Developing Indicators of Compromise
  • Searching for Indicators of Compromise
  • Using Existing Security Infrastructure
  • Isolating and Recovering Compromised Systems
  • Certifying Your Environment
  • Restoring Business Services
  • Conducting a Breach Postmortem Review
  • Improving Cyber Security After a Breach
  • Creating a Cyber Defensible Position
  • Cyber Defensible Position Benefits
  • Achieving Your Cyber Defensible Position
  • Phase 1: Plan
  • Phase 2: Identify Your Present State of Cyber Security
  • Perform a Cyber Maturity Assessment
  • Conduct a Red Team Assessment
  • Intelligence Collection
  • Processing and Analysis
  • Attack Planning
  • Execution
  • Evaluation
  • Geographic challenges With Red Team activities
  • Phase 3: Identify Your Target State of Cyber Security
  • Phase 4: Develop a Plan to Achieve Your Target Cyber Security State
  • Summary
  • Chapter 9: Preparing for Breach Litigation
  • Introduction
  • Breach Litigation
  • Class Action Cases
  • Different Types of Data Make a Difference
  • From Claim to Settlement
  • The Volume of Breach Lawsuits
  • The More Records, the More Lawsuits
  • Preparing for Breach Litigation
  • Operationalize Attorney-Client Privilege
  • Determine What Caused the Breach
  • Identify the Type of Harm
  • Preserve the Evidence
  • Showing Empathy, But Within Limits
  • Determine Whether to Notify Data Subjects?
  • Breaches and the Board
  • Summary
  • Appendix
  • Index
  • Back Cover

Dateiformat: EPUB
Kopierschutz: Adobe-DRM (Digital Rights Management)

Systemvoraussetzungen:

Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat EPUB ist sehr gut für Romane und Sachbücher geeignet - also für "fließenden" Text ohne komplexes Layout. Bei E-Readern oder Smartphones passt sich der Zeilen- und Seitenumbruch automatisch den kleinen Displays an. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Weitere Informationen finden Sie in unserer E-Book Hilfe.


Dateiformat: PDF
Kopierschutz: Adobe-DRM (Digital Rights Management)

Systemvoraussetzungen:

Computer (Windows; MacOS X; Linux): Installieren Sie bereits vor dem Download die kostenlose Software Adobe Digital Editions (siehe E-Book Hilfe).

Tablet/Smartphone (Android; iOS): Installieren Sie bereits vor dem Download die kostenlose App Adobe Digital Editions (siehe E-Book Hilfe).

E-Book-Reader: Bookeen, Kobo, Pocketbook, Sony, Tolino u.v.a.m. (nicht Kindle)

Das Dateiformat PDF zeigt auf jeder Hardware eine Buchseite stets identisch an. Daher ist eine PDF auch für ein komplexes Layout geeignet, wie es bei Lehr- und Fachbüchern verwendet wird (Bilder, Tabellen, Spalten, Fußnoten). Bei kleinen Displays von E-Readern oder Smartphones sind PDF leider eher nervig, weil zu viel Scrollen notwendig ist. Mit Adobe-DRM wird hier ein "harter" Kopierschutz verwendet. Wenn die notwendigen Voraussetzungen nicht vorliegen, können Sie das E-Book leider nicht öffnen. Daher müssen Sie bereits vor dem Download Ihre Lese-Hardware vorbereiten.

Weitere Informationen finden Sie in unserer E-Book Hilfe.


Download (sofort verfügbar)

60,63 €
inkl. 19% MwSt.
Download / Einzel-Lizenz
ePUB mit Adobe DRM
siehe Systemvoraussetzungen
PDF mit Adobe DRM
siehe Systemvoraussetzungen
Hinweis: Die Auswahl des von Ihnen gewünschten Dateiformats und des Kopierschutzes erfolgt erst im System des E-Book Anbieters
E-Book bestellen

Unsere Web-Seiten verwenden Cookies. Mit der Nutzung des WebShops erklären Sie sich damit einverstanden. Mehr Informationen finden Sie in unserem Datenschutzhinweis. Ok