Professional Documents
Culture Documents
CEH Advanced ISO Course Guide (2019) PDF
CEH Advanced ISO Course Guide (2019) PDF
Advanced ISO
10-D Security Training Academy
www.10dsecurity.com
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
But first…
• Logistics
• Introductions
• Schedule
• Other Questions or Topics to cover?
“I like a teacher who gives you something to take home to think about besides
homework.”
- Lily Tomlin as "Edith Ann"
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
But first…
1. Name
2. Title/Role/Location
3. How long you’ve been in your current role
4. Some topic you hope is covered
5. Something else about you
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Course Agenda
1. Setting the Stage
2. Hacking Demo
3. Log Management
4. Baselining and Anomaly Detection
5. Incident Response
6. Dark Web
7. Business Continuity
8. Vendor Management
9. Politics
10. Wrap-Up
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Review
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
• Cyber-criminals
• Hacktivists
• Nation-states and militaries
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Everyone is a target.
• Intended target
• Opportunity
• Resource
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Why Us?
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Attack Goals
• Installation of Malware
• Direct theft of information, such as passwords
• Direct monetary gain, such as ACH or Wire fraud
• Client Data (CC#, PII)
• Information to be used in future attacks (botnets)
• Denial of Service
• Parasitic – use of your resources
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Attack Methods
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Two Questions
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
“He who does not prevent a crime when he can, encourages it.”
- Lucius Annaeus Seneca
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Stanford
East Wahoo, NJ
Boulder, Colorado
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Check the time before and after – see how long this takes…
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
The source code of the HTA shows the attacker is using Windows’ PowerShell
platform (with Base-64 code converted to ASCII):
new ActiveXObject('WScript.Shell').Run(c);</script></head><body><script>self.close();</script></body></html>
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Simple changes to malicious code may fool AV. In this example, taking a
known Word macro and changing:
string = “first part of bad code” + “second part of bad code”
Run string
To…
string = “first part of bad code” & “second part of bad code”
Run string
…doesn’t change the code’s behavior, but it is enough to trick a common AV
system into not detecting.
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
In this screen shot the attackers have executed mimikatz. See anything
noteworthy?
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
It is not unusual to find passwords of users who have previously used the
system. Unless the pagefile is cleared at shutdown the contents often survive
reboots.
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Using the information just found for the two user accounts, the attacker next
has the agent load a script (get_user) that is used to find out more about
users and their associated access, this example for user “pfrye”…
Results in…
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Next, the attacker has the agent load a script (get_domain_controller) to find
out more about the target’s Active Directory environment.
Results in…
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Credential Guard
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Anytime a vulnerability is fixed, attackers will look for different attack vectors.
Increasingly they look for options that allow them to “live off the land,” taking
advantage of existing applications or usage.
Nessus example
• Authenticated scans use Domain Administrator privileges
• Commonly setup with account that remains active indefinitely, with a password
that may not expire
• Usually able to access most if not all systems
• A compromised system may be tasked with waiting for a scan, to capture the
credentials used for the Authenticated scan
DEMO…
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Many institutions do not have a vulnerability scanner (e.g., Nessus), but that
does not entirely remove the risk. The same attack platform we just looked at
(“Responder”) can also respond to name resolution requests and pretend to
be the requested service (a “poisoning attack”). In this example:
• The user will attempt to access a fileshare that is unavailable (e.g., a typo or the
server is down)
• “Responder” will claim to be the requested service, and will ask for the user’s
authentication credentials (username & password hash)
• Like before, the attacker will have to crack the password hashes separately
DEMO…
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
4. If you were the attacker, what could you do to avoid detection or losing
your foothold into the target network?
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
The attacker has only one agent loaded, and could lose it at any time. They
will want to get a reliable on-going entry point.
Why might a Domain Controller make an attractive target?
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Joe Customer
123 Any Street
Springfield, IL
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Kill Chain
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
“Being able to see an activity log of where a kid has been going on the
Internet is a good thing.”
- Bill Gates
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Log Management
Definitions:
• Log: A log is a record of the events occurring within an organization’s
systems and networks. Logs are composed of log entries; each entry
contains information related to a specific event that has occurred within a
system or network.
• Log Management: Log management is essential to ensuring that
computer security records are stored in sufficient detail for an appropriate
period of time.
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Log Management
Why Log?
• Investigate security incidents, policy violations, fraudulent activity, and
operational problems
• Auditing and forensic analysis, supporting internal investigations,
establishing baselines, and identifying operational trends and long-term
problems
• Establish baselines for anomaly detection
• Regulatory compliance and guidance –
– Gramm-Leach-Bliley Act
– FFIEC Information Security IT Booklet, II.C.22, III.C
– Sarbanes-Oxley Act (SOX) of 2002.14
– Payment Card Industry Data Security Standard (PCI DSS)
– NY Dept. of Financial Services, 23 NYCRR Part 500
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Log Management
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
58 ©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
59 ©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Router
everything. In most small to mid-sized
environments, start with the critical
Workstation
Log File
systems such as firewalls and servers.
Then, move on to endpoints (desktops
and laptops) and applications.
Firewall IDS IPS Log File
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
60 ©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Log File
• Network Constraints
• Protecting the “CIA” of logs
Router
Log File
• Disparate Systems (incompatibility)
Workstation
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
61 ©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
62 ©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
63 ©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Log Compression
Logs are typically text, and text compresses very well. The below example
shows log compression from over 3 GB to 127MB, an ~97% compression ratio.
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Design Considerations
• Centralized log storage
• Volume of log data to be processed
• Network bandwidth
• Online and offline data storage
• Security requirements for the data
• Time and resources needed for staff to analyze the logs
• PLAN FOR GROWTH
• In-house vs. outsourced
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Syslog Solutions
• Some examples:
– Kiwi Syslog - install available for Windows
– Paessler PRTG - install available for Windows
– SnmpSoft Syslog Watcher - install available for Windows
– Linux - can be implemented with a Linux server using built-in tools
(advanced users only)
• Typically limited analysis and correlation; depends on the syslog server
software
• Typical can be implemented quickly and cheaply (not many “features” to
configure); commercial products are $200-$400
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Outsourced Solutions
• Some examples:
– Dell SecureWorks
– Gladiator (ProfitStars division of JHA)
– Alert Logic
• Vendor will typically place log collector in your environment and configure
some internal systems to send logs to it
• You typically have little control over or access to this solution, and have to
rely on the vendor’s alerting and reporting
• Typically expensive, “Call for quote!”
• CHECKBOX SOLUTION, but may make sense if you have limited in-house
technical expertise
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Log Management
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Log Management
Resources
• https://technet.microsoft.com/en-us/sysinternals/sysmon
• http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf
• https://www.sans.org/reading-room/whitepapers/auditing/successful-siem-log-
management-strategies-audit-compliance-33528
• https://support.solarwinds.com/?title=Success_Center/Log_%26_Event_Manager_
(LEM)/Audit_Policies_and_Best_Practices_for_LEM
• https://technet.microsoft.com/en-us/library/dn487457.aspx
• https://www.ultimatewindowssecurity.com/wiki/WindowsSecuritySettings/OVERV
IEW-Audit-Directory-Service-Access?Keywords=Audit+directory+service+access
• https://10dsecurity.com/cyber-security-baselines-anomaly-detection/
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Log File
* - Reference the IT Risk Assessment
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
82 ©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Log File
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
84 ©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Assets
No
Log Server
Server
Investigate if there
No is a Material
Log File Impact
Router
Yes
Activate
Firewall IDS IPS Log File Incident Response
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Fedline
Internet
Core
Fileserver
Application
Server
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
86 ©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Fedline
Internet
Fileserver
Application
Server
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
87 ©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Fedline
Internet
Fileserver
Application
Server
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
88 ©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Fedline
Internet
Fileserver
Application
Server
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
89 ©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Fedline
Internet
Fileserver
Application
Server
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
90 ©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Fedline
Internet
Fileserver
Application
Server
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
91 ©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Anomaly Examples
• Log file cleared
• “Never seen before” event types, internal IPs, users, etc.
• PowerShell running on a workstation
• Large deviations (1000%+ usually) up or down on metrics
• Unauthorized user attempts to log into a server/DB/app
• Authorized user logon at an unusual time
• Unauthorized user attempts to access restricted data
• Multiple failed logins from same account, multiple systems
• Web server accessed from different IP
• Multiple database requests occurring at unusual times
• Watch for IPv6 usage
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Exercise
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
The log entry for when the suspect program made initial contact to C&C:
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
The log entry for when the suspect program connected to C&C:
Log Management – Back to the Demo
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
The log entry for PFRYE logging into DC from Workstation204 (192.168.68.55):
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Anomaly Detection
Inventory and gather all available system logs and determine
which ones are useful for monitoring baselines. For our
examples those might include:
• Active Directory - user activity
• Network usage reports
• Server performance reports
• IDS/IPS Firewall activity reports
• Antivirus reports
• Change Control logs
• User provisioning documentation
• Help Desk tickets
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
SIEM Systems
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
SIEM Systems
Few, if any, SIEM systems are “set and forget” solutions. Some
areas to be aware before you implement a SIEM:
• Setup is often an involved and time-consuming process, though basic
functionality can usually be implemented easily.
• On-going review and tuning must occur to reduce false-positives.
• Baseline data changes over time, and monitoring “rules” will need to be
revised to adapt to the new norms.
• Cost to implement can vary widely. From open source to enterprise-
grade, costs can range from nearly free to $20,000 or more.
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
SIEM Systems
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Assets
No
Log Server
Server
Investigate if there
No is a Material
Log File Impact
Router
Yes
Activate
Firewall IDS IPS Log File Incident Response
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Incident Response
From the FFIEC:
Financial institutions and their service providers should anticipate
potential cyber incidents and develop a framework to respond to these
incidents...
A financial institution experiencing a cyber attack may need to
simultaneously investigate an ongoing security incident and execute the
financial institution's recovery strategies. As a result, the financial
institution and TSP should consider identifying and making advance
arrangements for third-party forensic and incident management services.
Also, a financial institution relying on such third-party services should
plan for potential limited availability during a large-scale cyber event.
(IT Examination Handbook –
Business Continuity Planning, 2015)
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Incident Response
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Order of Volatility
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Order of Volatility
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Memory Analysis
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Note: You will need Local Admin access to run the tools.
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Dumpit (www.comae.io)
• Freeware tool
• Easiest tool to use, point and click
• No options
• Single purpose tool
• Small footprint
• GUI tool
• Demo
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
WinPMEM (www.rekall-forensic.com/)
• Open-source (free)
• Some technical expertise is required
• Command line only, with many options and parameters
• Enables compression by default
• Great for use with scripting
• Dumps loaded drivers by default
• Demo
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Macquisition
(www.blackbagtech.com/software-products/macquisition-7/macquisition.html)
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
HDD Acquisition
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Security Intelligence
• Utilize information from initial findings to search enterprise for additional
compromised hosts.
• Each new piece of information feeds the process until the entire breadth
of the compromise is revealed.
• Attackers are advanced but generally like to use the same tools and
techniques; they are human just like the rest of us.
• Indicators such as IP addresses, filenames, checksums, driver names,
service names, registry entries, etc. can all be used to search the
enterprise.
Do not assume that one compromised machine is all there is.
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Forensic Responder
If required on-site:
• Requires a trained incident responder at each location to perform
collection
• Usually involves travel to each affected location; does not scale well
• Often delays investigation analysis
• Typical time from first call to initial triage is 8-24 hours (depending on staff
availability and retainer response agreements)
• Your cyber-insurance provider may provide a responder, or have preferred
firms to call upon (and therefore may cover some/all the cost)
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Mobile Devices
Mobile device forensics is a specialized subset in the forensics world. If
you are going to allow mobile devices you should have a plan on how
to safely acquire and analyze them.
• Using a MDM platform (mobile device management) is the best way to
ensure data retrieval or integrity
• If you need to respond to an incident involving a mobile device:
– Gain physical access to device if possible
– Capture device, OS and app baseline
– Isolate the device if possible (airplane mode, Faraday bag, etc.)
– Perform acquisition using appropriate software
– Analyze device and app artifacts
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Legal issues
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Chain of Custody
You should be able to clearly describe how the evidence was
found, handled, and everything that happened to it along the
way. The following need to be documented:
• Where, when, and by whom was the evidence discovered and collected.
• Where, when and by whom was the evidence handled or examined.
• Who had custody of the evidence, during what period.
• How it was stored.
• When the evidence changed custody, when and how did the transfer
occur (include shipping numbers, etc.).
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
“The world doesn’t change in front of your eyes, it changes behind your
back.”
- Terry Hayes, I Am Pilgrim
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Terminology
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2018 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Terminology
Fullz - A term used by credit card hackers and data resellers meaning
full packages of individuals' identifying information. Fullz usually
contain an individual's name, Social Security number, date of birth,
account numbers, and other data.
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2018 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Terminology
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2018 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Tor
“…is relied upon by journalists, activists and campaigners in the US
and Europe as well as in China, Iran and Syria, to maintain the privacy
of their communications and avoid reprisals from government. To this
end, it receives around 60% of its funding from the US government,
primarily the State Department and the Department of Defense –
which houses the NSA.”
TheGuardian.com
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
©2018 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
The Tor Project, Inc. is the owner and originator of this content.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
The Tor Project, Inc. is the owner and originator of this content.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
The Tor Project, Inc. is the owner and originator of this content.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
VPN Relay
The Tor Project, Inc. is the source for portions of this content.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Key Phrases
Recovery Time Objective (RTO)
• Defines the maximum tolerable length of time a service can be
unavailable.
• Put another way, it is the time between the disaster event and when the
service is back on-line.
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Key Phrases
Recovery Point Objective vs. Recovery Time Objective
RTO – time
RPO – time between event
between most and when
recent backup service was
and event restored
Past
Event Future
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Impact Assessment
0 No Impact or interruption in operations.
1 Noticeable impact, interruption in operations for up to one
calendar day.
2 Damage to equipment and/or facilities and/or interruption of
operations for two to three calendar days.
3 Major damage to equipment and/or facilities and/or interruption
of operations for more than three calendar days.
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Weighted Risk
Event Probability Impact Rating
Disease Epidemic 10 3 30
Earthquake 5 2 10
Electrical Storm 10 1 10
Fire (internal) 5 2 10
Flooding (external) 10 1 10
Flooding (internal) 5 2 10
Snow and Ice Storm / Blizzard 10 2 20
Thunderstorm (damaging hail/wind/rain) 10 1 10
Tornado 5 3 15
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Weighted Risk
Event Probability Impact Rating
Computer Failure (Network / Server) 10 3 30
Computer Failure (other Hardware) 10 3 30
Computer Failure (Software) 10 3 30
Hazardous Materials Spill 1 3 3
HVAC Failure 10 1 10
Power Failure / Fluctuation 5 2 10
Radiological / Nuclear Accident 1 3 3
Telecom Failure 5 1 5
Water / Sewer Damage 5 2 10
WRR > 15 poses the GREATEST RISK
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Weighted Risk
Event Probability Impact Rating
Bomb Threat 10 1 10
Computer (human error) 5 2 10
Criminal Act (against persons) 5 1 5
Criminal Act (against property) 10 2 20
Kidnap 1 2 2
Riot / Civil Disorder 1 1 1
Sabotage (by employee) 10 2 20
Sabotage (by non-employee) 10 2 20
Terriorist Act (biological / chemical) 1 2 2
Terriorist Act (conventional) 5 2 10
Work Stoppage 5 2 10
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Strategy Development
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
IT
Business Incident Commun-
Disaster Pandemic Vendors’
Continuity Response ications
Recovery Plan Plans
Plans Plan Plan
Plan
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Pandemic Plan
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Communications Plan
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Vendors’ Plans
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Walk-through exercises
• Participants step through plan document(s); may break into
smaller groups to review task or department specific plans
– Pro’s: Simple to conduct with little-to-no preparation needed. Useful
for determining document completeness and responsibility
assignments.
– Con’s: Usually poor at identifying gaps in planning or in expectations.
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Tabletop exercises
• Facilitated exercise where a specific scenario is presented.
Usually a group discussion, and not a “technical” exercise.
• Participants respond to exercise events, using the
organization’s plans and their business knowledge to respond
to evolving situation.
– Pro’s: Excellent at identifying planning gaps. Minimal preparation
time commitment for participants.
– Con’s: Facilitator may inadvertently create only scenarios that fit the
organization’s plan(s). Can take significant time for facilitator(s) to
develop exercise.
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Component testing
• Technical exercise; used to evaluate recoverability of discreet
servers/devices, up to entire “systems” (but not the entire IT
environment)
– Pro’s: For a technical exercise, it usually presents minimal risk to
production operations, and is relatively simple to schedule/plan.
– Con’s: Doesn’t test restoration and interoperation of multiple systems
(e.g., core and Internet banking). Does little to evaluate resource
constraints when multiple “priority” systems are needed concurrently.
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Comprehensive testing
• Technical exercise; used to evaluate recoverability of all
systems needed for the organization’s production operations.
• Should include recovery of systems, and testing the
applications function and expected data is accessible.
– Pro’s: Usually the best test of the organization’s ability to recover from
a major technical disaster.
– Con’s: Significant planning effort required. Often results in at least a
temporary increase of risk to regular operations (e.g., staffing or
backup systems are repurposed for exercise).
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Documentation
• Test plan
– Scope
– Objectives
– Assumptions
– Limitations
• Test scripts and supporting information
(copies of reports, vendor info, timeline, etc.)
• Provide wrap-up report to Board
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
15 12:40 PM <insert name> calls wanting to know what is really going on.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
The Declaration
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Tips
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Other Considerations
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Topics:
• Relationship Management
• Expectations of Vendors
• During Out of the Ordinary Events
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Miscellaneous:
• Obtain “Summary Exam Reports” from regulator for key vendors
• Increase in contract negotiators, especially for core services
• Include “right to audit” in contracts, or obtain in writing separately
• For critical technology providers, consider performing on-site
reviews
• Set expectations prior to contract signing, while you have leverage
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Miscellaneous:
• Monitor and log vendor access to your network and systems
• IT support vendor shouldn’t perform audits, firewall reviews,
security testing, etc. (“fox watching the hen house”)
• Contract warning signs:
– Tight or restrictive renewal windows for auto-renewing contracts
– No exit clauses
– Deliberately vague language
– Governing Law not in your state
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Section 9: Politics
Topics:
• Board
• IT
• Auditors and Examiners
• Do’s and Don’ts
• Other Miscellaneous
“It is said that a fool only learns from his own mistakes, a wise man from the
mistakes of others.”
- Otto Von Bismark (1815-1898)
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Board
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
IT
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Other Miscellaneous
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
“Being the first to cross the finish line makes you a winner in only one phase of
life. It's what you do after you cross the line that really counts.”
- Ralph Boston
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
Search Queries
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
THANK YOU!!!
10-D Security
Setting a Higher Level of Excellence in Information Security & Compliance Services
217 ©2019 10-D, Inc. All Rights Reserved.
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________
_____________________________________________________________________________________