Answer the question

profileSSSSSSSS19
ACCT855-Lecture-Unit5-TheAnatomyofaCybersecurityEvent.pptx

Lecture - Unit 5 The Anatomy of a Cybersecurity Event

ACCT 855

Seminar in Cybersecurity Audit and Disclosure

Dr. Tien Lee, Ph.D., PMP, CISA, CISSP [email protected] | (415)644-TIEN San Francisco State University Lam Family College of Business

Last Week…

Need of Audit Standards

auditor’s conduct

auditor’s performance

auditor’s tasks

The Standard Argument

Does do things “by the book” hampers auditor’s ability to conduct audit?

Can auditors think “out-side-of-the-box”?

Developing audit steps

The structure

From PFSPGP to audit steps

Audit steps and audit evidence

A Cybersecurity “Event”

MGM’s cybersecurity “issues”

What we observed may be the symptom (emails down, website down, slot machine mal-function), not the actual breach event.

Reporting or investigating the symptoms may not be enough unless the root cause is found.

The need to understand the cybersecurity events

It’s more than just “what happened?”

The need to understand the cybersecurity events

Threats

Threat:

“something bad may happen to you!”

loss of data?

Loss of asset?

Critical infrastructure?

The risks, aka, “what is at stake?”

Threats can be numerous

Threat Agents

Threat agent

Those who carried out the attack

Who “realized” the threats

Think beyond just “hackers”

May not be “human” agent

The actor that enabled the threats

Vulnerability

Vulnerability

The “weakness”

What allowed threat agent to take advantage of

“easy targets”

no vulnerability, no threat.

Investigations

Investigations

Internal investigation

Third-party? Law enforcements?

What tools and methods were used?

How investigation results are communicated?

Impact Assessments

Impact assessment

the “Ooops”

Impact assessment might not be possible without investigation

Impact on reputation?

Real economic impacts

long term, short term?

Remediation

Remediation efforts

“stop loss”

what was done and what needs to be done.

DRP & BCI, recovery from the event, and continuation of business operations.

Putting it together

Research & Reading

Research task:

Use NIST’s Special publication on Computer Security Incident Handling Guide to research on the following:

What is an incident?

How to handle an incident

Information sharing and coordination

image1.jpeg

image2.png

image3.png

image5.png

image6.emf

image7.emf

image8.jpeg

image9.jpeg

image10.jpeg

image11.jpeg

image12.jpeg

image13.jpeg

image14.emf

image15.tmp