Sheraton Centre Toronto - September 15 - 18, 2019

Cyber Security Incident Response Planning

16 Sep 2019
10:40 - 11:30

Cyber Security Incident Response Planning

Level: Intermediate. 

In this presentation we will outline the steps to develop a robust cyber security incident response management plan and identify elements to consider in assessing the plans effectiveness. In doing so, we will discuss the importance of having protocols in place to enable staff to react to incidents quickly, lessen the impact, and return to “business as usual”.

The live demonstration included below will reveal human vulnerability to cyber threats, thereby demonstrating the importance of having an incident response management plan.

We will explore elements that internal audit should assess in the following processes:

  • preparing for a cyber incident
  • developing a communications plan
  • considering elements of digital forensics
  • initial triage, assessing the level of scope, and response to a threat
  • reviewing the process and improving the incident plan if needed

Cybercrime is the most likely cyber threat to affect Canadians and Canadian businesses in 2019. A single click was all it took to launch one of the biggest data breaches reported to date (Yahoo, March 2017). To demonstrate how easy an attack can be, as part of this presentation, we will show how Cyber criminals exploit predictable human behavior.

We would like to deploy several “rogue” wireless access points throughout the Sheraton conference center plenary room by setting up the day before the National Conference begins. We will create a “fake” captive portal / login page to lure users (i.e. attendees) to sign onto the free wifi service. We cannot upload the sample landing page but if requested we would of course customize the logon page to the IIA conference and reference the appropriate sponsors.

By clicking on the social media sign-on page, they will be prompted to enter their credentials.

We would capture the credentials on our secure server and display all passwords harvested as part of the overall presentation (we would of course sanitize passwords to ensure no full passwords are displayed nor are ANY individuals pointed out specifically). This will drive the point home to the audience to take cyber security risks seriously and adopt leading best practices on how to minimize risk.

We have a number of previous sessions that can provide a reference for the impact it has to the audience if requested.