際際滷

際際滷Share a Scribd company logo

IH - Security Incidents - Module 5 Powerpoint Presentation.pptx

Download as PPTX, PDF
T
trevor501353

IH - Security Incidents - Module 5 Powerpoint Presentation.pptx

1 of 25
Download to read offline
American Security and Privacy, LLC Incident Handler Certification Dr. Kevin F. Streff Founder and Managing Partner 1 Incident Handler Certification
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com Kevin.Streff@americansecurityandprivacy.com 605.270.4427 2
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Agenda 3 Module 1 Incident Response Overview Module 2 Incident Response Laws and Regulations Module 3 The Fit of Incident Response in Information Security and Privacy Programs Module 4 Privacy Incidents Module 5 Security Incidents Module 6 Incident Response Program Overview Module 7 Step 1 - Preparation Module 8 Step 2 - Detection and Analysis Module 9 Step 3 - Contain, Eradicate, and Recover Module 10 Step 4 - Post Incident Activity Module 11 Incident Response Testing Module 12 Third Party Incident Response Requirements Module 13 Incident Response Auditing Module 14 Incident Response Metrics
American Security and Privacy, LLC Incident Handler Certification Module 5 SECURITY INCIDENTS 4
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification 34 newly named adversaries in 2023 230+ total adversaries tracked by CrowdStrike 2:07 mins: fastest recorded eCrime breakout time 75% increase in cloud intrusions 76% spike in data theft victims named on the dark web 75% of attacks were malware-free 2024 CrowdStrike Report 5
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Social Engineering Attacks According to the 2024 Data Breach Investigations Report by Verizon, social engineering attacks account for 17% of all data breaches and 10% of cybersecurity incidents, making social engineering one of the three most common cyberattack vectors 6
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Example Mailchimp In January 2023, Mailchimp, a prominent platform for email marketing and newsletters, detected an unauthorized user within its infrastructure. They stated that an intruder had gained access to one of the tools Mailchimp uses for user account administration and customer support. The intruder had previously targeted Mailchimp employees and managed to get their account credentials through social engineering techniques. Afterward, the malicious actor used the compromised credentials to access data on 133 Mailchimp accounts. 7
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privilege Abuse Organizations usually have many users with elevated privileges such as admins, technical specialists, and managers. Some can only access certain critical resources, such as specific databases or applications. Others might have full access to every system in the network and even be able to create new privileged accounts without drawing anyones attention. If privileged users have malicious intent or have been compromised, it may lead to data breaches, financial fraud, sabotage, and other severe consequences. Unfortunately, its hard to detect if a user with elevated access rights is abusing their privileges, as these culprits often cleverly conceal their actions. 8
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Example International Committee of the Red Cross (ICRC) Malicious actors had compromised privileged accounts, used lateral movement techniques to escalate their privileges, and acted under the guise of admins to obtain sensitive data. 9
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Data Leakage Occurs when sensitive information is unintentionally exposed to unauthorized parties. For example, a misconfigured cloud storage server might allow easy access to personally identifiable information (PII) and trade secrets 10
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Example Pegasus Airlines In June 2022 Discovered an error in the configuration of one of their databases. It turned out that an airline employee had misconfigured security settings and exposed 6.5 terabytes of the companys valuable data. As a result of the improper configuration of an AWS bucket, 23 million files with flight charts, navigation materials, and the crews personal information were available for the public to see and modify. 11
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Insider Data Theft Insiders may steal data for financial benefit, espionage purposes, ideological reasons, or because of a grudge. For financial institutions, insider data theft may cause financial losses, reputational damage, loss of customer trust, and legal liabilities. 12
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Example In May 2023, two former employees stole and leaked Teslas confidential data to a German news outlet, Handelsblatt. An investigation showed that malicious insiders breached the companys IT security and data protection policies to unlawfully obtain and disclose 23,000 internal documents from Tesla, amounting to nearly 100 gigabytes of confidential information. As a result, the personal information of 75,735 current and former Tesla employees was leaked and the company was at risk of facing a $3,3 billion fine for insufficient data protection 13
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Intellectual property theft Intellectual property is one of the most valuable types of data an organization possesses. Bright ideas, innovative technologies, and complex formulas give businesses a competitive advantage. Its no surprise that malicious actors often target their victims trade secrets 14
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Example In May 2022, Apple sued Rivos, a chip development startup, for allegedly stealing trade secrets after Rivos hired away more than 40 former Apple employees. Apple claimed that at least two of their former engineers took gigabytes of confidential information with them before joining Rivos. Apple suggests that Rivos hired Apples former employees to work on competing system-on-chip (SoC) technology. Apple spent billions of dollars and more than a decade of research to create the SoC designs that are now used in iPhones, iPads, and MacBooks. Having access to SoC trade secrets would have significantly aided Rivos in competing against Apple. 15
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Third Party Breaches Having a sophisticated supply chain with numerous subcontractors, vendors, and third-party services is the norm for organizations these days. However, granting third parties access to your network is associated with cybersecurity risks. One of the reasons is that your third parties may not always follow all necessary security procedures. Thus, theres no guarantee that hackers wont exploit your vendors vulnerabilities to access your organizations assets. 16
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Example In March 2024, American Express informed its customers that unauthorized parties gained access to sensitive customer information through a breach in their merchant processor. The breach was caused by a successful point-of-sale attack. American Express emphasized that its internal systems werent compromised during the incident. However, the breach at the merchant processor leaked American Express customers sensitive data, such as names, current and former account numbers, and card expiration dates. 17
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Phishing A threat actor masquerades as a reputable entity or person in an email or other communication channel. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including extracting login credentials or account information from victims. A more targeted type of phishing attack known as spear phishing occurs when the attacker invests time researching the victim to pull off an even more successful attack. 18
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Malware This is a broad term for malicious software for different types of malware that are installed on an enterprise's system. Malware includes Trojans, worms, ransomware, adware, spyware and various types of viruses. Some malware is inadvertently installed when an employee clicks on an ad, visits an infected website, or installs freeware or other software. Signs of malware include unusual system activity, such as a sudden loss of disk space; unusually slow speeds; repeated crashes or freezes; an increase in unwanted internet activity; and pop-up advertisements. 19
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification DDoS Attack A threat actor launches a distributed denial-of- service attack to shut down an individual machine or an entire network so that it's unable to respond to service requests. DoS attacks do this by flooding the target with traffic or sending it some information that triggers a crash. 20
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Wire Fraud Any form of financial fraud committed with the use of electronic communications. Wire transfer fraud is compromising a bank wire. 21
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification ACH Fraud ACH fraud is the manipulation of or unauthorized initiation of electronic fund transfers through the Automated Clearing House 22
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Physical Security Breach ACH fraud is the manipulation of or unauthorized initiation of electronic fund transfers through the Automated Clearing House 23
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Summary Both security and privacy incidents need to be reflected in your incident response plans Risk-based approach Identify the potential issues prior to them occurring 24
American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com Kevin.Streff@americansecurityandprivacy.com 605.270.4427 25 American Security and Privacy, LLC

Recommended

IH - Step 2 - Module 8 Powerpoint Presentation.pptx
IH - Step 2 - Module 8 Powerpoint Presentation.pptxIH - Step 2 - Module 8 Powerpoint Presentation.pptx
IH - Step 2 - Module 8 Powerpoint Presentation.pptx
trevor501353
IH - Step 1 - Module 7 Powerpoint Presentation.pptx
IH - Step 1 - Module 7 Powerpoint Presentation.pptxIH - Step 1 - Module 7 Powerpoint Presentation.pptx
IH - Step 1 - Module 7 Powerpoint Presentation.pptx
trevor501353
IH - Incident Response Overview - Module 6 Powerpoint Presentation.pptx
IH - Incident Response Overview - Module 6 Powerpoint Presentation.pptxIH - Incident Response Overview - Module 6 Powerpoint Presentation.pptx
IH - Incident Response Overview - Module 6 Powerpoint Presentation.pptx
trevor501353
IH - Privacy Incidents - Module 4 Powerpoint Presentation.pptx
IH - Privacy Incidents - Module 4 Powerpoint Presentation.pptxIH - Privacy Incidents - Module 4 Powerpoint Presentation.pptx
IH - Privacy Incidents - Module 4 Powerpoint Presentation.pptx
trevor501353
IH - Fit to ISP and IPP - Module 3 Powerpoint Presentation.pptx
IH - Fit to ISP and IPP - Module 3 Powerpoint Presentation.pptxIH - Fit to ISP and IPP - Module 3 Powerpoint Presentation.pptx
IH - Fit to ISP and IPP - Module 3 Powerpoint Presentation.pptx
trevor501353
IH - Laws and Regulations - Module 2 Powerpoint Presentation.pptx
IH - Laws and Regulations - Module 2 Powerpoint Presentation.pptxIH - Laws and Regulations - Module 2 Powerpoint Presentation.pptx
IH - Laws and Regulations - Module 2 Powerpoint Presentation.pptx
trevor501353
IH - Overview - Module 1 Powerpoint Presentation.pptx
IH - Overview - Module 1 Powerpoint Presentation.pptxIH - Overview - Module 1 Powerpoint Presentation.pptx
IH - Overview - Module 1 Powerpoint Presentation.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 9.pptx
Certified Banking Data Privacy Law and Regulation - Module 9.pptxCertified Banking Data Privacy Law and Regulation - Module 9.pptx
Certified Banking Data Privacy Law and Regulation - Module 9.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 8.pptx
Certified Banking Data Privacy Law and Regulation - Module 8.pptxCertified Banking Data Privacy Law and Regulation - Module 8.pptx
Certified Banking Data Privacy Law and Regulation - Module 8.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 7.pptx
Certified Banking Data Privacy Law and Regulation - Module 7.pptxCertified Banking Data Privacy Law and Regulation - Module 7.pptx
Certified Banking Data Privacy Law and Regulation - Module 7.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 6.pptx
Certified Banking Data Privacy Law and Regulation - Module 6.pptxCertified Banking Data Privacy Law and Regulation - Module 6.pptx
Certified Banking Data Privacy Law and Regulation - Module 6.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 5.pptx
Certified Banking Data Privacy Law and Regulation - Module 5.pptxCertified Banking Data Privacy Law and Regulation - Module 5.pptx
Certified Banking Data Privacy Law and Regulation - Module 5.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 4.pptx
Certified Banking Data Privacy Law and Regulation - Module 4.pptxCertified Banking Data Privacy Law and Regulation - Module 4.pptx
Certified Banking Data Privacy Law and Regulation - Module 4.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 3.pptx
Certified Banking Data Privacy Law and Regulation - Module 3.pptxCertified Banking Data Privacy Law and Regulation - Module 3.pptx
Certified Banking Data Privacy Law and Regulation - Module 3.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 2.pptx
Certified Banking Data Privacy Law and Regulation - Module 2.pptxCertified Banking Data Privacy Law and Regulation - Module 2.pptx
Certified Banking Data Privacy Law and Regulation - Module 2.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 1.pptx
Certified Banking Data Privacy Law and Regulation - Module 1.pptxCertified Banking Data Privacy Law and Regulation - Module 1.pptx
Certified Banking Data Privacy Law and Regulation - Module 1.pptx
trevor501353
Privacy Frontline - Level 1 - Module 3.pptx
Privacy Frontline - Level 1 - Module 3.pptxPrivacy Frontline - Level 1 - Module 3.pptx
Privacy Frontline - Level 1 - Module 3.pptx
trevor501353
Privacy Frontline - Level 1 - Module 2.pptx
Privacy Frontline - Level 1 - Module 2.pptxPrivacy Frontline - Level 1 - Module 2.pptx
Privacy Frontline - Level 1 - Module 2.pptx
trevor501353
Privacy Frontline - Level 1 - Module 1.pptx
Privacy Frontline - Level 1 - Module 1.pptxPrivacy Frontline - Level 1 - Module 1.pptx
Privacy Frontline - Level 1 - Module 1.pptx
trevor501353
Certified Banking Board Member - Module 2 Powerpoint Presentation
Certified Banking Board Member - Module 2 Powerpoint PresentationCertified Banking Board Member - Module 2 Powerpoint Presentation
Certified Banking Board Member - Module 2 Powerpoint Presentation
trevor501353
Certified Banking Board Member - Module 1 Powerpoint Presentation
Certified Banking Board Member - Module 1 Powerpoint PresentationCertified Banking Board Member - Module 1 Powerpoint Presentation
Certified Banking Board Member - Module 1 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 13 Powerpoint Presentation
Security Manager - 際際滷s - Module 13 Powerpoint PresentationSecurity Manager - 際際滷s - Module 13 Powerpoint Presentation
Security Manager - 際際滷s - Module 13 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 12 Powerpoint Presentation
Security Manager - 際際滷s - Module 12 Powerpoint PresentationSecurity Manager - 際際滷s - Module 12 Powerpoint Presentation
Security Manager - 際際滷s - Module 12 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 11 Powerpoint Presentation
Security Manager - 際際滷s - Module 11 Powerpoint PresentationSecurity Manager - 際際滷s - Module 11 Powerpoint Presentation
Security Manager - 際際滷s - Module 11 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 10 Powerpoint Presentation
Security Manager - 際際滷s - Module 10 Powerpoint PresentationSecurity Manager - 際際滷s - Module 10 Powerpoint Presentation
Security Manager - 際際滷s - Module 10 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 9 Powerpoint Presentation
Security Manager - 際際滷s - Module 9 Powerpoint PresentationSecurity Manager - 際際滷s - Module 9 Powerpoint Presentation
Security Manager - 際際滷s - Module 9 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 8 Powerpoint Presentation
Security Manager - 際際滷s - Module 8 Powerpoint PresentationSecurity Manager - 際際滷s - Module 8 Powerpoint Presentation
Security Manager - 際際滷s - Module 8 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 7 Powerpoint Presentation
Security Manager - 際際滷s - Module 7 Powerpoint PresentationSecurity Manager - 際際滷s - Module 7 Powerpoint Presentation
Security Manager - 際際滷s - Module 7 Powerpoint Presentation
trevor501353
COMMUNICATION SKILLS Dr Akshay Shetty.pptx
COMMUNICATION SKILLS Dr Akshay Shetty.pptxCOMMUNICATION SKILLS Dr Akshay Shetty.pptx
COMMUNICATION SKILLS Dr Akshay Shetty.pptx
Akshay Shetty
Management Principles on Small Scale Industries.
Management Principles on Small Scale Industries.Management Principles on Small Scale Industries.
Management Principles on Small Scale Industries.
CryptoMaster7

More Related Content

More from trevor501353 (20)

Certified Banking Data Privacy Law and Regulation - Module 8.pptx
Certified Banking Data Privacy Law and Regulation - Module 8.pptxCertified Banking Data Privacy Law and Regulation - Module 8.pptx
Certified Banking Data Privacy Law and Regulation - Module 8.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 7.pptx
Certified Banking Data Privacy Law and Regulation - Module 7.pptxCertified Banking Data Privacy Law and Regulation - Module 7.pptx
Certified Banking Data Privacy Law and Regulation - Module 7.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 6.pptx
Certified Banking Data Privacy Law and Regulation - Module 6.pptxCertified Banking Data Privacy Law and Regulation - Module 6.pptx
Certified Banking Data Privacy Law and Regulation - Module 6.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 5.pptx
Certified Banking Data Privacy Law and Regulation - Module 5.pptxCertified Banking Data Privacy Law and Regulation - Module 5.pptx
Certified Banking Data Privacy Law and Regulation - Module 5.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 4.pptx
Certified Banking Data Privacy Law and Regulation - Module 4.pptxCertified Banking Data Privacy Law and Regulation - Module 4.pptx
Certified Banking Data Privacy Law and Regulation - Module 4.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 3.pptx
Certified Banking Data Privacy Law and Regulation - Module 3.pptxCertified Banking Data Privacy Law and Regulation - Module 3.pptx
Certified Banking Data Privacy Law and Regulation - Module 3.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 2.pptx
Certified Banking Data Privacy Law and Regulation - Module 2.pptxCertified Banking Data Privacy Law and Regulation - Module 2.pptx
Certified Banking Data Privacy Law and Regulation - Module 2.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 1.pptx
Certified Banking Data Privacy Law and Regulation - Module 1.pptxCertified Banking Data Privacy Law and Regulation - Module 1.pptx
Certified Banking Data Privacy Law and Regulation - Module 1.pptx
trevor501353
Privacy Frontline - Level 1 - Module 3.pptx
Privacy Frontline - Level 1 - Module 3.pptxPrivacy Frontline - Level 1 - Module 3.pptx
Privacy Frontline - Level 1 - Module 3.pptx
trevor501353
Privacy Frontline - Level 1 - Module 2.pptx
Privacy Frontline - Level 1 - Module 2.pptxPrivacy Frontline - Level 1 - Module 2.pptx
Privacy Frontline - Level 1 - Module 2.pptx
trevor501353
Privacy Frontline - Level 1 - Module 1.pptx
Privacy Frontline - Level 1 - Module 1.pptxPrivacy Frontline - Level 1 - Module 1.pptx
Privacy Frontline - Level 1 - Module 1.pptx
trevor501353
Certified Banking Board Member - Module 2 Powerpoint Presentation
Certified Banking Board Member - Module 2 Powerpoint PresentationCertified Banking Board Member - Module 2 Powerpoint Presentation
Certified Banking Board Member - Module 2 Powerpoint Presentation
trevor501353
Certified Banking Board Member - Module 1 Powerpoint Presentation
Certified Banking Board Member - Module 1 Powerpoint PresentationCertified Banking Board Member - Module 1 Powerpoint Presentation
Certified Banking Board Member - Module 1 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 13 Powerpoint Presentation
Security Manager - 際際滷s - Module 13 Powerpoint PresentationSecurity Manager - 際際滷s - Module 13 Powerpoint Presentation
Security Manager - 際際滷s - Module 13 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 12 Powerpoint Presentation
Security Manager - 際際滷s - Module 12 Powerpoint PresentationSecurity Manager - 際際滷s - Module 12 Powerpoint Presentation
Security Manager - 際際滷s - Module 12 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 11 Powerpoint Presentation
Security Manager - 際際滷s - Module 11 Powerpoint PresentationSecurity Manager - 際際滷s - Module 11 Powerpoint Presentation
Security Manager - 際際滷s - Module 11 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 10 Powerpoint Presentation
Security Manager - 際際滷s - Module 10 Powerpoint PresentationSecurity Manager - 際際滷s - Module 10 Powerpoint Presentation
Security Manager - 際際滷s - Module 10 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 9 Powerpoint Presentation
Security Manager - 際際滷s - Module 9 Powerpoint PresentationSecurity Manager - 際際滷s - Module 9 Powerpoint Presentation
Security Manager - 際際滷s - Module 9 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 8 Powerpoint Presentation
Security Manager - 際際滷s - Module 8 Powerpoint PresentationSecurity Manager - 際際滷s - Module 8 Powerpoint Presentation
Security Manager - 際際滷s - Module 8 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 7 Powerpoint Presentation
Security Manager - 際際滷s - Module 7 Powerpoint PresentationSecurity Manager - 際際滷s - Module 7 Powerpoint Presentation
Security Manager - 際際滷s - Module 7 Powerpoint Presentation
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 8.pptx
Certified Banking Data Privacy Law and Regulation - Module 8.pptxCertified Banking Data Privacy Law and Regulation - Module 8.pptx
Certified Banking Data Privacy Law and Regulation - Module 8.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 7.pptx
Certified Banking Data Privacy Law and Regulation - Module 7.pptxCertified Banking Data Privacy Law and Regulation - Module 7.pptx
Certified Banking Data Privacy Law and Regulation - Module 7.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 6.pptx
Certified Banking Data Privacy Law and Regulation - Module 6.pptxCertified Banking Data Privacy Law and Regulation - Module 6.pptx
Certified Banking Data Privacy Law and Regulation - Module 6.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 5.pptx
Certified Banking Data Privacy Law and Regulation - Module 5.pptxCertified Banking Data Privacy Law and Regulation - Module 5.pptx
Certified Banking Data Privacy Law and Regulation - Module 5.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 4.pptx
Certified Banking Data Privacy Law and Regulation - Module 4.pptxCertified Banking Data Privacy Law and Regulation - Module 4.pptx
Certified Banking Data Privacy Law and Regulation - Module 4.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 3.pptx
Certified Banking Data Privacy Law and Regulation - Module 3.pptxCertified Banking Data Privacy Law and Regulation - Module 3.pptx
Certified Banking Data Privacy Law and Regulation - Module 3.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 2.pptx
Certified Banking Data Privacy Law and Regulation - Module 2.pptxCertified Banking Data Privacy Law and Regulation - Module 2.pptx
Certified Banking Data Privacy Law and Regulation - Module 2.pptx
trevor501353
Certified Banking Data Privacy Law and Regulation - Module 1.pptx
Certified Banking Data Privacy Law and Regulation - Module 1.pptxCertified Banking Data Privacy Law and Regulation - Module 1.pptx
Certified Banking Data Privacy Law and Regulation - Module 1.pptx
trevor501353
Privacy Frontline - Level 1 - Module 3.pptx
Privacy Frontline - Level 1 - Module 3.pptxPrivacy Frontline - Level 1 - Module 3.pptx
Privacy Frontline - Level 1 - Module 3.pptx
trevor501353
Privacy Frontline - Level 1 - Module 2.pptx
Privacy Frontline - Level 1 - Module 2.pptxPrivacy Frontline - Level 1 - Module 2.pptx
Privacy Frontline - Level 1 - Module 2.pptx
trevor501353
Privacy Frontline - Level 1 - Module 1.pptx
Privacy Frontline - Level 1 - Module 1.pptxPrivacy Frontline - Level 1 - Module 1.pptx
Privacy Frontline - Level 1 - Module 1.pptx
trevor501353
Certified Banking Board Member - Module 2 Powerpoint Presentation
Certified Banking Board Member - Module 2 Powerpoint PresentationCertified Banking Board Member - Module 2 Powerpoint Presentation
Certified Banking Board Member - Module 2 Powerpoint Presentation
trevor501353
Certified Banking Board Member - Module 1 Powerpoint Presentation
Certified Banking Board Member - Module 1 Powerpoint PresentationCertified Banking Board Member - Module 1 Powerpoint Presentation
Certified Banking Board Member - Module 1 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 13 Powerpoint Presentation
Security Manager - 際際滷s - Module 13 Powerpoint PresentationSecurity Manager - 際際滷s - Module 13 Powerpoint Presentation
Security Manager - 際際滷s - Module 13 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 12 Powerpoint Presentation
Security Manager - 際際滷s - Module 12 Powerpoint PresentationSecurity Manager - 際際滷s - Module 12 Powerpoint Presentation
Security Manager - 際際滷s - Module 12 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 11 Powerpoint Presentation
Security Manager - 際際滷s - Module 11 Powerpoint PresentationSecurity Manager - 際際滷s - Module 11 Powerpoint Presentation
Security Manager - 際際滷s - Module 11 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 10 Powerpoint Presentation
Security Manager - 際際滷s - Module 10 Powerpoint PresentationSecurity Manager - 際際滷s - Module 10 Powerpoint Presentation
Security Manager - 際際滷s - Module 10 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 9 Powerpoint Presentation
Security Manager - 際際滷s - Module 9 Powerpoint PresentationSecurity Manager - 際際滷s - Module 9 Powerpoint Presentation
Security Manager - 際際滷s - Module 9 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 8 Powerpoint Presentation
Security Manager - 際際滷s - Module 8 Powerpoint PresentationSecurity Manager - 際際滷s - Module 8 Powerpoint Presentation
Security Manager - 際際滷s - Module 8 Powerpoint Presentation
trevor501353
Security Manager - 際際滷s - Module 7 Powerpoint Presentation
Security Manager - 際際滷s - Module 7 Powerpoint PresentationSecurity Manager - 際際滷s - Module 7 Powerpoint Presentation
Security Manager - 際際滷s - Module 7 Powerpoint Presentation
trevor501353

Recently uploaded (20)

COMMUNICATION SKILLS Dr Akshay Shetty.pptx
COMMUNICATION SKILLS Dr Akshay Shetty.pptxCOMMUNICATION SKILLS Dr Akshay Shetty.pptx
COMMUNICATION SKILLS Dr Akshay Shetty.pptx
Akshay Shetty
Management Principles on Small Scale Industries.
Management Principles on Small Scale Industries.Management Principles on Small Scale Industries.
Management Principles on Small Scale Industries.
CryptoMaster7
strategic management research: Dynamic talent management capabilities and org...
strategic management research: Dynamic talent management capabilities and org...strategic management research: Dynamic talent management capabilities and org...
strategic management research: Dynamic talent management capabilities and org...
benmabroukarafet
Group Work Process in Rehabilitation PPT
Group Work Process in Rehabilitation PPTGroup Work Process in Rehabilitation PPT
Group Work Process in Rehabilitation PPT
SagayaBinoshini
GetData Graph Digitizer With Crack Free Download [Latest]
GetData Graph Digitizer With Crack Free Download [Latest]GetData Graph Digitizer With Crack Free Download [Latest]
GetData Graph Digitizer With Crack Free Download [Latest]
wkmbwmnk
Exploring DesignOps as a Business Strategic Function
Exploring DesignOps as a Business Strategic FunctionExploring DesignOps as a Business Strategic Function
Exploring DesignOps as a Business Strategic Function
Patrizia Bertini
CHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docx
CHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docxCHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docx
CHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docx
GellaBenson1
Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...
Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...
Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...
Ignite Capital
Lead the Way-Effective Teams in the Modern Workplace.pptx
Lead the Way-Effective Teams in the Modern Workplace.pptxLead the Way-Effective Teams in the Modern Workplace.pptx
Lead the Way-Effective Teams in the Modern Workplace.pptx
Career Communications Group
Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...
Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...
Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...
RaniT16
(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx
(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx
(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx
tanhphan5
Walmart Presentation - Siddhartha Chatterjee.pptx
Walmart Presentation - Siddhartha Chatterjee.pptxWalmart Presentation - Siddhartha Chatterjee.pptx
Walmart Presentation - Siddhartha Chatterjee.pptx
Siddhartha Chatterjee
Tran Quoc Bao: Revolutionizing Healthcare with Vision and Strategy
Tran Quoc Bao: Revolutionizing Healthcare with Vision and StrategyTran Quoc Bao: Revolutionizing Healthcare with Vision and Strategy
Tran Quoc Bao: Revolutionizing Healthcare with Vision and Strategy
Ignite Capital
DIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTS
DIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTSDIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTS
DIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTS
sherylmalek66
Gender Dynamics in Workplace Harassment.pdf
Gender Dynamics in Workplace Harassment.pdfGender Dynamics in Workplace Harassment.pdf
Gender Dynamics in Workplace Harassment.pdf
Lisa Bell
Mastering Influence-Strategies for Effective Leadership Without Authority.pptx
Mastering Influence-Strategies for Effective Leadership Without Authority.pptxMastering Influence-Strategies for Effective Leadership Without Authority.pptx
Mastering Influence-Strategies for Effective Leadership Without Authority.pptx
Career Communications Group
LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...
LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...
LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...
dagamijessamaedagle
Traktor Pro Crack + License Key Free Download [2025]
Traktor Pro Crack + License Key Free Download [2025]Traktor Pro Crack + License Key Free Download [2025]
Traktor Pro Crack + License Key Free Download [2025]
xcfxghgfbvncvbhxcf
Mastering Emotional Intelligence for Effective Leadership.pptx
Mastering Emotional Intelligence for Effective Leadership.pptxMastering Emotional Intelligence for Effective Leadership.pptx
Mastering Emotional Intelligence for Effective Leadership.pptx
Career Communications Group
ISO-9001_2015 Transition Phase Checklist.pdf
ISO-9001_2015 Transition Phase Checklist.pdfISO-9001_2015 Transition Phase Checklist.pdf
ISO-9001_2015 Transition Phase Checklist.pdf
SilatCersil
COMMUNICATION SKILLS Dr Akshay Shetty.pptx
COMMUNICATION SKILLS Dr Akshay Shetty.pptxCOMMUNICATION SKILLS Dr Akshay Shetty.pptx
COMMUNICATION SKILLS Dr Akshay Shetty.pptx
Akshay Shetty
Management Principles on Small Scale Industries.
Management Principles on Small Scale Industries.Management Principles on Small Scale Industries.
Management Principles on Small Scale Industries.
CryptoMaster7
strategic management research: Dynamic talent management capabilities and org...
strategic management research: Dynamic talent management capabilities and org...strategic management research: Dynamic talent management capabilities and org...
strategic management research: Dynamic talent management capabilities and org...
benmabroukarafet
Group Work Process in Rehabilitation PPT
Group Work Process in Rehabilitation PPTGroup Work Process in Rehabilitation PPT
Group Work Process in Rehabilitation PPT
SagayaBinoshini
GetData Graph Digitizer With Crack Free Download [Latest]
GetData Graph Digitizer With Crack Free Download [Latest]GetData Graph Digitizer With Crack Free Download [Latest]
GetData Graph Digitizer With Crack Free Download [Latest]
wkmbwmnk
Exploring DesignOps as a Business Strategic Function
Exploring DesignOps as a Business Strategic FunctionExploring DesignOps as a Business Strategic Function
Exploring DesignOps as a Business Strategic Function
Patrizia Bertini
CHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docx
CHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docxCHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docx
CHAPTER-1-TuwhwuwuwhwhwhO-5-GROUP-4.docx
GellaBenson1
Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...
Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...
Vietnam Investment Review - featuring Tran Quoc Bao A Visionary Leader Reshap...
Ignite Capital
Lead the Way-Effective Teams in the Modern Workplace.pptx
Lead the Way-Effective Teams in the Modern Workplace.pptxLead the Way-Effective Teams in the Modern Workplace.pptx
Lead the Way-Effective Teams in the Modern Workplace.pptx
Career Communications Group
Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...
Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...
Planning in Management,NATURE,CHARTACTERISTICS,STEPS,TYPES,POLICY,PROCEDURES,...
RaniT16
(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx
(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx
(Sent) IFI_Phan Th畛c Anh_Corporate Social Responsibility Strategy.pptx
tanhphan5
Walmart Presentation - Siddhartha Chatterjee.pptx
Walmart Presentation - Siddhartha Chatterjee.pptxWalmart Presentation - Siddhartha Chatterjee.pptx
Walmart Presentation - Siddhartha Chatterjee.pptx
Siddhartha Chatterjee
Tran Quoc Bao: Revolutionizing Healthcare with Vision and Strategy
Tran Quoc Bao: Revolutionizing Healthcare with Vision and StrategyTran Quoc Bao: Revolutionizing Healthcare with Vision and Strategy
Tran Quoc Bao: Revolutionizing Healthcare with Vision and Strategy
Ignite Capital
DIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTS
DIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTSDIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTS
DIGITAL TECH GUARD RECOVERY - THE BEST RECOVERY EXPERTS
sherylmalek66
Gender Dynamics in Workplace Harassment.pdf
Gender Dynamics in Workplace Harassment.pdfGender Dynamics in Workplace Harassment.pdf
Gender Dynamics in Workplace Harassment.pdf
Lisa Bell
Mastering Influence-Strategies for Effective Leadership Without Authority.pptx
Mastering Influence-Strategies for Effective Leadership Without Authority.pptxMastering Influence-Strategies for Effective Leadership Without Authority.pptx
Mastering Influence-Strategies for Effective Leadership Without Authority.pptx
Career Communications Group
LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...
LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...
LESSON 10 STABLISHING VALIDITY AND REALBILITY OF RESEARCH INSTRUMENT- DAGAM...
dagamijessamaedagle
Traktor Pro Crack + License Key Free Download [2025]
Traktor Pro Crack + License Key Free Download [2025]Traktor Pro Crack + License Key Free Download [2025]
Traktor Pro Crack + License Key Free Download [2025]
xcfxghgfbvncvbhxcf
Mastering Emotional Intelligence for Effective Leadership.pptx
Mastering Emotional Intelligence for Effective Leadership.pptxMastering Emotional Intelligence for Effective Leadership.pptx
Mastering Emotional Intelligence for Effective Leadership.pptx
Career Communications Group
ISO-9001_2015 Transition Phase Checklist.pdf
ISO-9001_2015 Transition Phase Checklist.pdfISO-9001_2015 Transition Phase Checklist.pdf
ISO-9001_2015 Transition Phase Checklist.pdf
SilatCersil

IH - Security Incidents - Module 5 Powerpoint Presentation.pptx

  • 1. American Security and Privacy, LLC Incident Handler Certification Dr. Kevin F. Streff Founder and Managing Partner 1 Incident Handler Certification
  • 2. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com Kevin.Streff@americansecurityandprivacy.com 605.270.4427 2
  • 3. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Agenda 3 Module 1 Incident Response Overview Module 2 Incident Response Laws and Regulations Module 3 The Fit of Incident Response in Information Security and Privacy Programs Module 4 Privacy Incidents Module 5 Security Incidents Module 6 Incident Response Program Overview Module 7 Step 1 - Preparation Module 8 Step 2 - Detection and Analysis Module 9 Step 3 - Contain, Eradicate, and Recover Module 10 Step 4 - Post Incident Activity Module 11 Incident Response Testing Module 12 Third Party Incident Response Requirements Module 13 Incident Response Auditing Module 14 Incident Response Metrics
  • 4. American Security and Privacy, LLC Incident Handler Certification Module 5 SECURITY INCIDENTS 4
  • 5. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification 34 newly named adversaries in 2023 230+ total adversaries tracked by CrowdStrike 2:07 mins: fastest recorded eCrime breakout time 75% increase in cloud intrusions 76% spike in data theft victims named on the dark web 75% of attacks were malware-free 2024 CrowdStrike Report 5
  • 6. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Social Engineering Attacks According to the 2024 Data Breach Investigations Report by Verizon, social engineering attacks account for 17% of all data breaches and 10% of cybersecurity incidents, making social engineering one of the three most common cyberattack vectors 6
  • 7. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Example Mailchimp In January 2023, Mailchimp, a prominent platform for email marketing and newsletters, detected an unauthorized user within its infrastructure. They stated that an intruder had gained access to one of the tools Mailchimp uses for user account administration and customer support. The intruder had previously targeted Mailchimp employees and managed to get their account credentials through social engineering techniques. Afterward, the malicious actor used the compromised credentials to access data on 133 Mailchimp accounts. 7
  • 8. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Privilege Abuse Organizations usually have many users with elevated privileges such as admins, technical specialists, and managers. Some can only access certain critical resources, such as specific databases or applications. Others might have full access to every system in the network and even be able to create new privileged accounts without drawing anyones attention. If privileged users have malicious intent or have been compromised, it may lead to data breaches, financial fraud, sabotage, and other severe consequences. Unfortunately, its hard to detect if a user with elevated access rights is abusing their privileges, as these culprits often cleverly conceal their actions. 8
  • 9. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Example International Committee of the Red Cross (ICRC) Malicious actors had compromised privileged accounts, used lateral movement techniques to escalate their privileges, and acted under the guise of admins to obtain sensitive data. 9
  • 10. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Data Leakage Occurs when sensitive information is unintentionally exposed to unauthorized parties. For example, a misconfigured cloud storage server might allow easy access to personally identifiable information (PII) and trade secrets 10
  • 11. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Example Pegasus Airlines In June 2022 Discovered an error in the configuration of one of their databases. It turned out that an airline employee had misconfigured security settings and exposed 6.5 terabytes of the companys valuable data. As a result of the improper configuration of an AWS bucket, 23 million files with flight charts, navigation materials, and the crews personal information were available for the public to see and modify. 11
  • 12. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Insider Data Theft Insiders may steal data for financial benefit, espionage purposes, ideological reasons, or because of a grudge. For financial institutions, insider data theft may cause financial losses, reputational damage, loss of customer trust, and legal liabilities. 12
  • 13. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Example In May 2023, two former employees stole and leaked Teslas confidential data to a German news outlet, Handelsblatt. An investigation showed that malicious insiders breached the companys IT security and data protection policies to unlawfully obtain and disclose 23,000 internal documents from Tesla, amounting to nearly 100 gigabytes of confidential information. As a result, the personal information of 75,735 current and former Tesla employees was leaked and the company was at risk of facing a $3,3 billion fine for insufficient data protection 13
  • 14. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Intellectual property theft Intellectual property is one of the most valuable types of data an organization possesses. Bright ideas, innovative technologies, and complex formulas give businesses a competitive advantage. Its no surprise that malicious actors often target their victims trade secrets 14
  • 15. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Example In May 2022, Apple sued Rivos, a chip development startup, for allegedly stealing trade secrets after Rivos hired away more than 40 former Apple employees. Apple claimed that at least two of their former engineers took gigabytes of confidential information with them before joining Rivos. Apple suggests that Rivos hired Apples former employees to work on competing system-on-chip (SoC) technology. Apple spent billions of dollars and more than a decade of research to create the SoC designs that are now used in iPhones, iPads, and MacBooks. Having access to SoC trade secrets would have significantly aided Rivos in competing against Apple. 15
  • 16. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Third Party Breaches Having a sophisticated supply chain with numerous subcontractors, vendors, and third-party services is the norm for organizations these days. However, granting third parties access to your network is associated with cybersecurity risks. One of the reasons is that your third parties may not always follow all necessary security procedures. Thus, theres no guarantee that hackers wont exploit your vendors vulnerabilities to access your organizations assets. 16
  • 17. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Example In March 2024, American Express informed its customers that unauthorized parties gained access to sensitive customer information through a breach in their merchant processor. The breach was caused by a successful point-of-sale attack. American Express emphasized that its internal systems werent compromised during the incident. However, the breach at the merchant processor leaked American Express customers sensitive data, such as names, current and former account numbers, and card expiration dates. 17
  • 18. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Phishing A threat actor masquerades as a reputable entity or person in an email or other communication channel. The attacker uses phishing emails to distribute malicious links or attachments that can perform a variety of functions, including extracting login credentials or account information from victims. A more targeted type of phishing attack known as spear phishing occurs when the attacker invests time researching the victim to pull off an even more successful attack. 18
  • 19. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Malware This is a broad term for malicious software for different types of malware that are installed on an enterprise's system. Malware includes Trojans, worms, ransomware, adware, spyware and various types of viruses. Some malware is inadvertently installed when an employee clicks on an ad, visits an infected website, or installs freeware or other software. Signs of malware include unusual system activity, such as a sudden loss of disk space; unusually slow speeds; repeated crashes or freezes; an increase in unwanted internet activity; and pop-up advertisements. 19
  • 20. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification DDoS Attack A threat actor launches a distributed denial-of- service attack to shut down an individual machine or an entire network so that it's unable to respond to service requests. DoS attacks do this by flooding the target with traffic or sending it some information that triggers a crash. 20
  • 21. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Wire Fraud Any form of financial fraud committed with the use of electronic communications. Wire transfer fraud is compromising a bank wire. 21
  • 22. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification ACH Fraud ACH fraud is the manipulation of or unauthorized initiation of electronic fund transfers through the Automated Clearing House 22
  • 23. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Physical Security Breach ACH fraud is the manipulation of or unauthorized initiation of electronic fund transfers through the Automated Clearing House 23
  • 24. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Summary Both security and privacy incidents need to be reflected in your incident response plans Risk-based approach Identify the potential issues prior to them occurring 24
  • 25. American Security and Privacy, LLC Incident Handler Certification American Security and Privacy, LLC Incident Handler Certification Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com Kevin.Streff@americansecurityandprivacy.com 605.270.4427 25 American Security and Privacy, LLC
AboutCopyright
息 2025 際際滷