Incident Response Training in 50 Minutes

NYSTEC presented on Incident Response at the 2019 NYS Cyber Security Conference.  Below is the session description and the slides.  The presentation was done in Prezi so the PDF has some repeated slides due to the way Prezi works.  Enjoy and reach out with any questions.

Cyber Defense

Cyber Incident Response Planning – In 50 Minutes

Paul Romeo, NYSTEC

Robert Zeglen, NYSTEC

In today’s threat landscape, it is not a matter of if, but when, your organization will need to respond to a cyber incident. Hold off on buying that shiny new expensive security tool until you learn just how effective your incident response capability can become, simply by implementing the appropriate processes, procedures, and configurations into your existing environment. When it comes to incident response, communication and preparation are everything, because there may not be time to react properly, as things are moving too fast when an incident happens. In this session, we will cover the full incident response life cycle and share with you simple steps to immediately prepare your organization to respond to an incident effectively. We will share best practices and freely available resources that you can use to prepare. It is our goal that after this presentation, you will return to your organization with an approach to plan to prepare your organization in how to respond when a cyber incident happens.

Incident Response Training – NYSTEC NYS Cyber Security Conference 2019

Link: Risky Business?

Should information security safeguards be assigned to individuals based on their risky behavior?   Continue reading →

Planning for a System Security Plan

By Ron Stamp, NYSTEC Information Security Consultant

Many organizations today are involved with collecting and processing Personal Identifying Information (PII) or Personal Health Information (PHI). Because it’s crucial that such data is protected and handled properly, regulating agencies are requiring System Security Plans (SSPs) to be completed. Continue reading →

Link: 10 Lessons Learned from a Security Breach

Back in 2014, JP Morgan was one of 12 financial institutions hacked by cybercriminals who stole personal information from more than 100 million customers. The hackers didn’t use the stolen data for identity theft. Instead, they used it to push penny stocks in what amounted to multimillion dollar “pump and dump” schemes.

Such high-profile crimes can be a wake-up call for businesses to reevaluate their cybersecurity protocols. See the 10 Lessons Learned from a Major Security Breach slideshow at CIO Insight.

Disclaimer: The link to this content is provided because it has information that may be useful. NYSTEC does not warrant the accuracy of any information contained in the link and neither endorses nor intends to promote the advertising of the resources listed therein. The opinions and statements contained in such resources are those of the author and do not necessarily represent the opinions of NYSTEC.

A Business Continuity and Disaster Recovery Checklist

By Nils Ekberg—NYSTEC Information Security Team Member

As business processes and their supporting Information Technology (IT) systems become more important to public and private entities, the requirements for an effective Business Continuity/Disaster Recovery (BC/DR) program are becoming more critical. There are many factors to consider when developing an effective BC/DR program. The checklist below can help you get started. Continue reading →