ponemon report: cyber security incident response: are we as prepared as we think?
DESCRIPTION
Learn about the key mistakes organizations are making when it comes to incident response, presented by the chairman and founder of the Ponemon Institute, Dr. Larry Ponemon, and Lancope’s director of security research, Tom Cross. Then learn about how the right mix of people, processes and technology can dramatically improve your incident response efforts and elevate the importance of the CSIRT within your organization.TRANSCRIPT
Cyber Security Incident Response Are we as prepared as we think?
Lancope: The Market Leader in Network Visibility Technology Leadership • Powerful threat intelligence • Patented behavioral analysis • Scalable monitoring up to 3M flows per second • 150+ algorithms
2
Best of Breed • 650 Enterprise Clients • Key to Cisco’s Cyber Threat Defense • Gartner recommended
• NBA market leader • Flow-based monitoring
© 2013 Lancope, Inc. All rights reserved.
About Ponemon Institute
The Institute is dedicated to advancing responsible information management practices that positively affect privacy and data protection in business and government.
The Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations.
Ponemon Institute is a full member of CASRO (Council of American Survey Research Organizations). Dr. Ponemon serves as CASRO’s chairman of Government & Public Affairs Committee of the Board.
The Institute has assembled more than 60 leading multinational corporations called the RIM Council, which focuses the development and execution of ethical principles for the collection and use of personal data about people and households.
The majority of active participants are privacy or information security leaders.
3
A scientific sampling frame of 20,446 experienced IT and IT security practitioners located in all regions of the United States and United Kingdom were selected as participants to this survey. To ensure knowledgeable responses, all participants in this research have some level of familiarity and involvement with their organization’s CSIRT activities. Seven hundred and ninety-three respondents completed the survey. Screening and reliability checks removed 119 surveys. The final sample was 674 surveys (or a 3.3 percent response rate). US sample contained 357 and UK sample contained 317 qualified respondents, respectively
4
Sample response Freq Pct% Sampling frame 20,446 100% Total returns 793 3.9% Rejected and screened surveys 119 0.6% Final sample 674 3.3%
About our sample
5 © 2013 Lancope, Inc. All rights reserved.
What is your job title?
6 © 2013 Lancope, Inc. All rights reserved.
Organization Size and Industry
• Investment is critical for effective cyber incident response programs.
• CSIRTs are ill-prepared to respond to cyber threats. • Management is largely unaware of cyber security threats. • Metrics can help determine CSIRT effectiveness. • Network audit trails are the most effective tool for incident
response.
7 © 2013 Lancope, Inc. All rights reserved.
Salient Findings
8 © 2013 Lancope, Inc. All rights reserved.
Do you anticipate a material security breach in the future?
9 © 2013 Lancope, Inc. All rights reserved.
How can your organization most effectively mitigate future security breaches?
10 © 2013 Lancope, Inc. All rights reserved.
Do you have a fully functional CSIRT?
11 © 2013 Lancope, Inc. All rights reserved.
What percentage of your security budget is spent on incident response preparedness?
12 © 2013 Lancope, Inc. All rights reserved.
How many employees are dedicated to incident response?
Full Time Part Time
13 © 2013 Lancope, Inc. All rights reserved.
How much experience do your incident responders have?
14 © 2013 Lancope, Inc. All rights reserved.
Do you use third party consultants?
15 © 2013 Lancope, Inc. All rights reserved.
How frequently do you assess the readiness of your Incident Response team?
16 © 2013 Lancope, Inc. All rights reserved.
Do you have a PR and Analyst Relations plan in place in the event of a breach?
17 © 2013 Lancope, Inc. All rights reserved.
Do you have a multi disciplinary insider threat management program?
18 © 2013 Lancope, Inc. All rights reserved.
Are you sharing threat intelligence?
19 © 2013 Lancope, Inc. All rights reserved.
Frequency of Cyber Threat Briefings?
20 © 2013 Lancope, Inc. All rights reserved.
Does your organization use metrics to measure incident response effectiveness?
21 © 2013 Lancope, Inc. All rights reserved.
How long does incident response take?
22 © 2013 Lancope, Inc. All rights reserved.
What are the most effective tools for detecting security breaches?
• Build an incident response team consisting of experienced, full-time members – Assess the readiness of incident response team on an ongoing basis – Provide clearly defined rules of engagement for the incident response team – Involve multi-disciplinary areas of the organization in the incident response process – Invest in technologies that support the collection of information to identify potential
threats • Use meaningful operational metrics to gauge the overall effectiveness of
incident response – Translate the results of these measures into user-friendly business communications – Consider sharing threat indicators with third-party organizations to foster collaboration
Recommendations
23 © 2013 Lancope, Inc. All rights reserved.
24 © 2013 Lancope, Inc. All rights reserved.
Get your FREE copy of this report at:
http://www.lancope.com/ponemon-incident-response/
http://www.lancope.com @Lancope (company) @netflowninjas (company blog)
https://www.facebook.com/Lancope
http://www.linkedin.com/groups/NetFlow-Ninjas-2261596/about
https://plus.google.com/u/0/103996520487697388791/posts
http://feeds.feedburner.com/NetflowNinjas
Thank You
25 © 2013 Lancope, Inc. All rights reserved.
Tom Cross Director of Security Research, StealthWatch Labs
Larry Ponemon Chairman and Founder, Ponemon Institute