Scribd Logo
Upload

Welcome to Scribd!

  • Michigan DGS 2015 Presentation - You've Been Hacked Now What - Sol Bermann

    Uploaded by

    e.Republic
    2 views12 pages
    Michigan DGS 2015 Presentation - You've Been Hacked! Now What? by Sol Bermann

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Michigan DGS 2015 Presentation - You've Been Hacked! Now What? by Sol Bermann

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views12 pages

    Michigan DGS 2015 Presentation - You've Been Hacked Now What - Sol Bermann

    Uploaded by

    e.Republic
    Michigan DGS 2015 Presentation - You've Been Hacked! Now What? by Sol Bermann

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    Youve Been Hacked!

    Now What?
    (State of Ohio 2007)
    Sol Bermann, Privacy Officer
    University of Michigan

    Incident Response Roadmap


    1.
    2.
    3.
    4.
    5.

    Identify
    Contain
    Investigate
    Remediate
    Restore

    Escalation
    Communication
    Collaboration

    Background - State of Ohio (2007)


    Newly elected Governor (campaigned on
    transparency)
    New agency directors
    New CIO
    No CISO
    Strong agency autonomy
    Inherited multi-year statewide ERP project
    that was running behind, over-cost, and under
    pressure

    New CPO
    1st specifically appointed
    state CPO
    New to state government
    Planned to model role on
    Clinton-era White House
    Privacy Adviser (more
    strategic than operational)

    And Then

    The Timeline
    June 10: Back-up tape stolen
    June 11: Stolen tape reported to supervisor
    June 11: Car break-in reported to police (but not theft of
    device)
    June 11: OAKS leadership informs CIO and CPO
    June 12: OBM leadership informed
    June 14: Governor and DAS OAKS co-sponsor informed
    June 14: State police informed
    June 15: Governor issues Executive Order
    June 15: Governors press conference #1 (of 5)
    June 15: Inspector General starts investigation
    July 20: Inspector Generals report findings

    The Investigation

    The Investigation
    Internal (informal)

    OAKS team review

    Internal (formal)

    Inspector General
    Law enforcement

    3rd-party

    Forensics
    OAKS security posture

    The Aftermath
    Political Fallout

    Immediate distraction for Gov.


    Planned move of OIT fails
    IG report response

    Disciplinary Actions

    Resignation (OAKS lead)


    Fired (intern & consultants)
    Disciplined (OAKS staff)
    Accenture sued by State of CT

    Security Awareness/Improvements

    Largest state-wide encryption rollout


    Exec Order & new privacy/security law
    IR response improvements
    Statewide privacy/security training
    Agency security posture reviews
    New security governance & Agency PoCs
    Hiring of CISO

    Lessons Learned

    Be prepared
    Stay calm
    Escalate quickly
    Be TransparentBUT...
    Properly investigate with a skeptical eyeAND
    Sacrifice speed for correctness
    Ask for help
    Own it
    Be resilient
    Learn and improve
    Be prepared for next time

    The More Things Change...

    Do Your Part

    You might also like