using the incman suite to manage the reporting of cyber security risks and incidents to the sec

Download Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and Incidents to the SEC

If you can't read please download the document

Post on 20-Aug-2015

2.272 views

Category:

Technology

0 download

Embed Size (px)

TRANSCRIPT

  1. 1. Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and Incidents to the SEC
  2. 2. SEC Cyber Security Reporting DisclaimersThe information contained in this document is the proprietary and exclusive property of DFLabsexcept as otherwise indicated. No part of this document, in whole or in part, may bereproduced, stored, transmitted, or used for design purposes without the prior writtenpermission of DFLabs. The information contained in this document is subject to change withoutnotice.NO WARRANTY: The information in this document is provided for informational purposes only.DFLabs specifically disclaims all warranties, express or limited, including, but not limited, to theimplied warranties of merchantability and fitness for a particular purpose, except as provided forin a separate software license agreement.NOT LEGAL ADVICE: The ideas and opinions in this document are not to be construed as legaladvice.About DFLabsDFLabs is an ISO9001 certified company, specializing in Information Security Governance,Governance Risk and Compliance (GRC) and Business Security. Our mission is: SupportingInformation Security Strategies and Guaranteeing Business Security. Proud of its professionalexperience, DFLabs provides consulting, services and technologies in the following areas:Network security, Information Security Strategy, Incident/Fraud Prevention and Response,Digital Forensics, e-discovery, Litigation Support, Infosec Training, Intrusion Prevention, Logand Vulnerability Management.DFLabs is creator of the IncMan Suite, a comprehensive incident management solution. TheIncMan Suite comprises three modules that can operate autonomously or in concert for acomplete solution.Incident Manager (IMAN) is the integrated solution for the complete management ofsecurity incidents.Digital Investigation Manager (DIM) is digital evidence tracking software used in digitalinvestigations. DIM has been designed and developed to be used for digital evidenceprocess support during computer forensics and incident response operations.ITILity is a framework of best practices to manage IT operations and services. It isdesigned to provide a complete support solution, to streamline helpdesk processes.2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 1
  3. 3. SEC Cyber Security Reporting Table of Contents Executive Summary .................................................................................................. 3 Business Challenges ................................................................................................ 4 Solution Description .................................................................................................. 8 Important Features ................................................................................................. 11 Technical Details .................................................................................................... 12 Summary ................................................................................................................ 12 More Information ..................................................................................................... 13 Works Cited ............................................................................................................ 132011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 2
  4. 4. SEC Cyber Security ReportingExecutive SummaryOn October 13, 2011, the US Securities and Exchange Commission (SEC) published guidanceregarding the obligations of companies registered with the SEC relating to cyber security risksand cyber security incidents. Although cyber security risks have always been a potentialdisclosure issue, this recently published guidance draws specific attention to the need ofregistrants to carefully analyze if these issues are among the most significant factors that makean investment in the company speculative or risky. [1]In determining whether such disclosure is required, companies need to consider: Past Security Incidents The probability of security incidents occurring in the future, the magnitude of those risks, as well as the potential costs and consequences of those incidents The adequacy of the preventive actions taken to reduce cyber security risksThe SEC Guidance discussed in this paper provides several examples of cyber threats that canhave a material impact on a company that investors have the right to be made aware of.However, public disclosure of cyber risk and incidents must be done carefully. The SECguidance recognizes that detailed disclosures could provide a roadmap to an attacker.Company executives have the difficult task of weighing the obligation to provide timely andcomprehensive information while preserving customer and investor confidence. The stakes ofthis balancing act are heightened by the litigious climate facing companies doing business in theUS.This document will cover the challenges of assimilating all of the threats and attacks that acompany is exposed to so that a proper risk assessment can be performed. Proper disclosurecannot be performed without competent analysis of the risks identified during a risk assessment.Not every breach will need to be reported, as the majority will not have the potential for amaterial impact to the company [2]. Deciding which security incidents to disclose is anothercritical management decision and it must be made in a timely manner.The DFLabs IncMan Incident Management Suite not only provides your organizations incidenthandlers with a framework for managing cyber security incidents, it provides management withinsightful information for understanding the organizations cyber risk profile and incidentresponse trends, including actual costs of historical and current incident response activities.2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 3
  5. 5. SEC Cyber Security ReportingBusiness ChallengesTrade Secrets, Personally IdentifiableInformation, and ReputationIn todays information-based economy, it can be argued that information is the primary fuel ofwealth creation. Information, combined with financial and human capital creates the combustionof prosperity.Competitive advantage arises based on how effectively organizationalmanagement leverages these three types of resources. Trade secrets are the information thatprovides competitive advantage. Companies need to devote appropriate resources tosafeguarding this information, so as to protect their competitive advantage.In order to for a company to do business, a modicum of trust must exist between the businessand its customers. Each party to a transaction must trust that the transaction is fair. Sometransactions require more trust than others, for example the trust relationship between a patientand a brain surgeon. Trust implies vulnerability.I do not have to trust you if I am notvulnerable to you [3]. To engage in most significant transactions, information must beexchanged, and the expectation is that the recipient can be trusted with the information.The average consumer would rather not share intimate personal details with a largeinternational organization but they will do so if they want the transaction to occur. Whether oneis aware of it or not, the decision to trust and share personally identifiable information (PII) isbased on a risk calculation that is part of our psychological hardwiring. An individual may notaccurately perceive the risk [4] but it is clear that ones experience and assessment of theothers reputation are predominant factors in the decision making process [5].To survive and thrive, organizations must diligently protect their trade secrets and those of theirbusiness partners. They must also safeguard the personal information entrusted to them bytheir customers. How effective an organization is at protecting these vital assets shapes itsreputation and that reputation is a key factor in the growth or decline of a business.Disclosure of Cyber Security Risks by Public CompaniesInvesting is another transaction that has inherent risk and is based on trust. The US Securitiesand Exchange Commission (SEC) has stated that, The federal securities laws, in part, aredesigned to elicit disclosure of timely, comprehensive, and accurate information about risks andevents that a reasonable investor would consider important to an investment decision. [1]2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 4
  6. 6. SEC Cyber Security ReportingThe SEC has noted that there is increased focus on the disclosure obligations of publicallytraded companies and has issued a document called CF Disclosure Guidance: Topic No. 2 Cybersecurity (hereafter referred to as the guidance). Perhaps this is a response to severalhigh profile security breaches at large public companies. The guidance states in its introduction,that as the increasing dependence on digital technologies has increased, the risks toregistrants associated with cybersecurity have also increased, resulting in more frequent andsevere cyber incidents. [1]Attacks & AccidentsIn general terms, the goal of an attack is to make the adversarys resources more valuable tothe attacker (theft, for example) or less valuable to the adversary (such as denial of service).Attackers have a variety of motivations. Understanding these motivations is an important part ofthreat assessment.However, not all security incidents are motivated by ill will toward the organization. In fact,many security incidents are due to errors and omissions. [6]Organizations must prot

Recommended

View more >