Upload
erepublic
View
12
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Michigan DGS 2015 Presentation - You've Been Hacked! Now What? by Sol Bermann
Citation preview
You’ve Been Hacked! Now What?
(State of Ohio – 2007)Sol Bermann, Privacy Officer
University of Michigan
Incident Response Roadmap
1. Identify2. Contain3. Investigate4. Remediate5. Restore
EscalationCommunicationCollaboration
Background - State of Ohio (2007)
• Newly elected Governor (campaigned on transparency)
• New agency directors• New CIO• No CISO• Strong agency autonomy• Inherited multi-year statewide ERP project
that was running behind, over-cost, and under pressure
New CPO
• 1st specifically appointed state CPO
• New to state government• Planned to model role on
Clinton-era White House Privacy Adviser (more strategic than operational)
And Then…
The Timeline• June 10: Back-up tape stolen• June 11: Stolen tape reported to supervisor• June 11: Car break-in reported to police (but not theft of
device)• June 11: OAKS leadership informs CIO and CPO• June 12: OBM leadership informed• June 14: Governor and DAS OAKS co-sponsor informed• June 14: State police informed• June 15: Governor issues Executive Order• June 15: Governor’s press conference #1 (of 5) • June 15: Inspector General starts investigation• July 20: Inspector General’s report findings
The Investigation
The Investigation
• Internal (informal)– OAKS team review
• Internal (formal)– Inspector General– Law enforcement
• 3rd-party– Forensics– OAKS security posture
The Aftermath
• Political Fallout– Immediate distraction for Gov.– Planned move of OIT fails– IG report response
• Disciplinary Actions– Resignation (OAKS lead)– Fired (intern & consultants)– Disciplined (OAKS staff)– Accenture sued by State of CT
• Security Awareness/Improvements– Largest state-wide encryption rollout– Exec Order & new privacy/security law– IR response improvements– Statewide privacy/security training– Agency security posture reviews– New security governance & Agency PoC’s– Hiring of CISO
Lessons Learned• Be prepared • Stay calm• Escalate quickly• Be Transparent…BUT...• Properly investigate with a skeptical eye…AND• Sacrifice speed for correctness• Ask for help• Own it• Be resilient• Learn and improve• Be prepared for next time
The More Things Change...
Do Your Part