data breach 2009 isaca hi
DESCRIPTION
My 2009 DBIR presentation @ ISACA Hawaii.TRANSCRIPT
![Page 1: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/1.jpg)
A study conducted by Verizon Business
Brief by Hosam W. El Dakhakhni, CISSP, CISM, CISA, CIA, CGEIT
2009 DATA BREACH INVESTIGATIONS REPORT2009 DATA BREACH INVESTIGATIONS REPORT
![Page 2: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/2.jpg)
This brief will cover thefollowing:
• My Conclusions• Quick Facts• Key Highlights• Findings, Conclusions,
and Countermeasures• TVM-Doing More For
Less• Summary of
Recommendations• Q & A
This brief will cover thefollowing:
• My Conclusions• Quick Facts• Key Highlights• Findings, Conclusions,
and Countermeasures• TVM-Doing More For
Less• Summary of
Recommendations• Q & A
![Page 3: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/3.jpg)
![Page 4: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/4.jpg)
QUICK FACTSQUICK FACTS
![Page 5: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/5.jpg)
All results are based on firsthand evidence collectedduring 90 data breach investigations occurring in 2008conducted by Verizon Business.
Only confirmed breaches are included. (not “data-at-risk”)
Most of the statistics presented refer to the percentageof cases, the percentage of records breached, or simplythe number of cases.
The authors make no claim that the findings of thisreport are representative of all data breaches in allorganizations at all times.
All results are based on firsthand evidence collectedduring 90 data breach investigations occurring in 2008conducted by Verizon Business.
Only confirmed breaches are included. (not “data-at-risk”)
Most of the statistics presented refer to the percentageof cases, the percentage of records breached, or simplythe number of cases.
The authors make no claim that the findings of thisreport are representative of all data breaches in allorganizations at all times.
![Page 6: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/6.jpg)
Roughly 20 percent of cases involved more than onebreach
Nearly half of the caseload had distinct patterns andcommonalities
A little over 1/3 of the cases were made public (so far)
Roughly 20 percent of cases involved more than onebreach
Nearly half of the caseload had distinct patterns andcommonalities
A little over 1/3 of the cases were made public (so far)
![Page 7: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/7.jpg)
KEY HIGHLIGHTSKEY HIGHLIGHTS
![Page 8: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/8.jpg)
![Page 9: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/9.jpg)
![Page 10: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/10.jpg)
![Page 11: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/11.jpg)
FINDINGS, CONCLUSIONS, ANDFINDINGS, CONCLUSIONS, ANDCOUNTERMEASURESCOUNTERMEASURES
![Page 12: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/12.jpg)
![Page 13: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/13.jpg)
![Page 14: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/14.jpg)
![Page 15: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/15.jpg)
![Page 16: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/16.jpg)
![Page 17: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/17.jpg)
![Page 18: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/18.jpg)
![Page 19: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/19.jpg)
![Page 20: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/20.jpg)
![Page 21: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/21.jpg)
![Page 22: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/22.jpg)
![Page 23: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/23.jpg)
![Page 24: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/24.jpg)
![Page 25: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/25.jpg)
![Page 26: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/26.jpg)
![Page 27: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/27.jpg)
![Page 28: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/28.jpg)
![Page 29: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/29.jpg)
![Page 30: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/30.jpg)
![Page 31: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/31.jpg)
![Page 32: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/32.jpg)
![Page 33: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/33.jpg)
![Page 34: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/34.jpg)
Align process with policyAchieve “Essential” then worry about “Excellent”Secure Business Partner ConnectionsCreate a Data Retention PlanControl data with transaction zonesMonitor event logsCreate an Incident Response PlanIncrease awarenessEngage in mock incident testingChanging default credentials is keyAvoid shared credentialsUser Account ReviewApplication Testing and Code ReviewSmarter Patch Management StrategiesHuman Resources Termination ProceduresEnable Application Logs and Monitor
Align process with policyAchieve “Essential” then worry about “Excellent”Secure Business Partner ConnectionsCreate a Data Retention PlanControl data with transaction zonesMonitor event logsCreate an Incident Response PlanIncrease awarenessEngage in mock incident testingChanging default credentials is keyAvoid shared credentialsUser Account ReviewApplication Testing and Code ReviewSmarter Patch Management StrategiesHuman Resources Termination ProceduresEnable Application Logs and Monitor
![Page 35: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/35.jpg)
![Page 36: Data Breach 2009 ISACA HI](https://reader033.vdocuments.site/reader033/viewer/2022052909/559898df1a28ab534b8b480d/html5/thumbnails/36.jpg)
Hosam W. El Dakhakhni, CISSP, CISM, CISA, CIA, CGEITPrincipal - R!SC
Visit us at www.it-risc.comContact us at [email protected]