Information Security Tabletop Exercise: Malware & DDOS Attack

Slide Note
Embed
Share

Conduct a tabletop exercise focused on a malware and DDOS attack scenario at your company. Explore incident response, decision-making, communication, and coordination among your crisis team. Enhance preparedness and identify gaps in your cybersecurity strategy to effectively mitigate threats. The exercise aims to validate response plans and ensure business continuity in the face of cyber incidents. Engage in interactive discussions to develop team readiness and address key security concerns.


Uploaded on Aug 04, 2024 | 0 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. Information Security Tabletop Exercise: Malware & DDOS Attack [COMPANY NAME] [FACILITATOR/MODERATOR NAME] [DATE]

  2. Agenda Welcome /Introductions About a Tabletop The Learning Exercise After Action Discussion

  3. About a Tabletop Tabletop Exercises are designed to help ensure that your program and plans can be effectively executed and that all participants understand their role. This is your opportunity to validate that your plans will enable the firm to effectively continue business in the short-term and then efficiently recover and return to business as usual.

  4. Exercise Objectives Coordination: Improve the coordination among the various members of Crisis Team. Communications: Evaluate the communication process among team members and with other groups. Decision Making: Assess the decision-making processes and activation of the team.

  5. Guiding Principles Training and learning exercise not a test! There are no hidden agendas or trick questions. It s not about the scenario; it s about the response. There are no single or simple solutions. Open and interactive discussion there may be more than one response to the crisis. The end goals: Understand the process Identify gaps Develop team readiness to respond

  6. Questions?

  7. Information Security Scenario at [company name]

  8. Location [company location] [specific building] [modify picture at right]

  9. The Incident Begins Time: 10:05 AM The Information Security Manager notices some one has attempted to access multiple IT services from within the company firewall. On investigation it is determined that it may be an unauthorized access via a Senior Manager s laptop. The Information Security Manager reports this to his manager.

  10. Based on this information: Is this situation a threat? What actions should happen next? What should IT Management do with this information? Is there a process or plan in place for these events? What's the highest level in the company that might be notified of this systems breach?

  11. Event Continues 11:50 AM Further investigation shows that access was gained to one of the file storage servers that contains sensitive client data and Personal Identifiable Information ( PII ). IT is now trying to determine if data was copied and stolen.

  12. Based on this information: Who is in control and managing this situation? What are the protocols for informing the owner of the affected laptop? How sensitive is this issue? Will the client be informed? If so, how will this be managed? What actions are being taken by the IT Department at this time? Will this incident be reported to law enforcement?

  13. Event Continues 1:45 PM The IT Networking Team reports a slowdown of networking traffic and raise an incident ticket to report the issue. Simultaneously, an incident ticket is raised by the IT helpdesk regarding calls from employees working remotely complaining that they can t access the employee portal using the internet. The Information Security Manager quickly realizes that the firm is under a Distributed Denial of Services attack ( DDOS attack )

  14. Based on this information: There are now two events occurring, what teams are in control and managing each of the situations? What actions are IT taking to manage the DDOS attack? As the DDOS attack is affecting remote computing for employees and access to the website, what protocols are in place to manage the situation? What team is now managing the response? What affect does this have on the company s reputation?

  15. Event Continues 4:45 PM A client calls her account manager and informs them that they have received a call from Russia and are being blackmailed. The caller is demanding $500,000 in Bitcoin to stop the release of secret information stolen from your servers. The client has informed the FBI and their legal team.

  16. Based on this information: Who is in control of the entire situation with the data breach, the client issue and the DDOS attack? Could all of these events be connected? What is IT doing about the data breach and the DDOS attack? What are the tactical and strategic issues? How will the Client, FBI and legal team be managed? If it s determined that you need to pay the ransom, how will you do so in Bitcoin?

  17. Event Continues 5:30 PM The Information Security Manager determines the original security breech occurred when the senior manager opened a link in a malicious email and loaded a Trojan virus onto his machine. The Denial of Service attack has slowed and network traffic flow has returned to a normal level. The FBI is working directly with the Client to resolve the blackmail attempt.

  18. Based on this information: How can this type a data breech be avoided in future? What was the full impact of the DDOS attack and how was this mitigated? Is the crisis over?

  19. Additional Considerations IT Security events happen quickly and can have an immediate and long-term impact on operations and reputation. The impact of these events will be felt throughout the company, potentially affecting reputation and client trust.

  20. After Action How Did You Do? List at least three things that the team did well during this exercise. List any gaps you recognized. List three action items to implement that will improve your ability to effectively respond.

  21. Tabletop Resource Guide View the Webinar: 4 Reasons Your Next Cybersecurity Tabletop Exercise Will Flop Download the Business Continuity Guide Download the Disaster Recovery Plan Template

More Related Content