Answer the question
Lecture - Unit 5 The Anatomy of a Cybersecurity Event
ACCT 855
Seminar in Cybersecurity Audit and Disclosure
Dr. Tien Lee, Ph.D., PMP, CISA, CISSP [email protected] | (415)644-TIEN San Francisco State University Lam Family College of Business
Last Week…
Need of Audit Standards
auditor’s conduct
auditor’s performance
auditor’s tasks
The Standard Argument
Does do things “by the book” hampers auditor’s ability to conduct audit?
Can auditors think “out-side-of-the-box”?
Developing audit steps
The structure
From PFSPGP to audit steps
Audit steps and audit evidence
A Cybersecurity “Event”
MGM’s cybersecurity “issues”
What we observed may be the symptom (emails down, website down, slot machine mal-function), not the actual breach event.
Reporting or investigating the symptoms may not be enough unless the root cause is found.
The need to understand the cybersecurity events
It’s more than just “what happened?”
The need to understand the cybersecurity events
Threats
Threat:
“something bad may happen to you!”
loss of data?
Loss of asset?
Critical infrastructure?
The risks, aka, “what is at stake?”
Threats can be numerous
Threat Agents
Threat agent
Those who carried out the attack
Who “realized” the threats
Think beyond just “hackers”
May not be “human” agent
The actor that enabled the threats
Vulnerability
Vulnerability
The “weakness”
What allowed threat agent to take advantage of
“easy targets”
no vulnerability, no threat.
Investigations
Investigations
Internal investigation
Third-party? Law enforcements?
What tools and methods were used?
How investigation results are communicated?
Impact Assessments
Impact assessment
the “Ooops”
Impact assessment might not be possible without investigation
Impact on reputation?
Real economic impacts
long term, short term?
Remediation
Remediation efforts
“stop loss”
what was done and what needs to be done.
DRP & BCI, recovery from the event, and continuation of business operations.
Putting it together
Research & Reading
Research task:
Use NIST’s Special publication on Computer Security Incident Handling Guide to research on the following:
What is an incident?
How to handle an incident
Information sharing and coordination