DISC InfoSec
#InfoSecTools and #InfoSectraining
Ask DISC an InfoSec & compliance related question
Sep 01 2022
May 11 2022
If you were in the US this time last year, you won’t have forgotten, and you may even have been affected by, the ransomware attack on fuel-pumping company Colonial Pipeline.
The organisation was hit by ransomware injected into its network by so-called affiliates of a cybercrime crew known as DarkSide.
DarkSide is an example of what’s known as RaaS, short for ransomware-as-a-service, where a small core team of criminals create the malware and handle any extortion payments from victims, but don’t perform the actual network attacks where the malware gets unleashed.
Teams of “affiliates” (field technicians, you might say), sign up to carry out the attacks, usually in return for the lion’s share of any blackmail money extracted from victims.
The core criminals lurk less visibly in the background, running what is effectively a franchise operation in which they typically pocket 30% (or so they say) of every payment, almost as though they looked to legitimate online services such as Apple’s iTunes or Google Play for a percentage that the market was familiar with.
The front-line attack teams typically:
…and then they automatically unleash the ransomware code they were supplied with by the core gang members, sometimes scrambling all (or almost all) computers on the network within just a few minutes.
The Disaster Recovery Handbook: A Step-by-Step Plan to Ensure Business Continuity and Protect Vital Operations, Facilities, and Assets
Business Continuity Planning & Disaster Recovery (ISO 22301)
👇 Please Follow our LI page…
#InfoSecTools and #InfoSectraining
Nov 04 2016
It’s no longer sufficient to suppose that you can defend against any potential attack; you must accept that an attack will inevitably succeed. An organisation’s resilience in identifying and responding to security breaches will become a critical survival trait in the future. The Cyber Resilience Implementation Suite has been designed to help organisations create an integrated management system that will help defend against cyber threats and minimise the damage of any successful attack. This suite of products will help you to deploy the cyber security Standard
ISO27001 and the business continuity Standard
ISO22301 to create an integrated cyber resilience management system. The books in this suite will provide you with the knowledge to plan and start your project, identify your organisation’s own requirements and apply these international standards. Management systems can require hundreds of documents and policies. Created by experienced cyber security and business continuity professionals, the toolkits in the Cyber Resilience Implementation Suite provide documentation templates to save you weeks of researching and writing and the supporting guidance to ensure you’re applying the necessary polices for your business. Administration and updating of the documentation is made easy with the toolkits’ integrated dashboard, easy customization of templates and one-click formatting.
This suite includes:
Start building cyber resilience into your organisation today.
Apr 27 2016
Business Continuity Management System (BCMS) puts such a program in the context of an ISO Management Systems, and ISO 22301:2012 sets a certifiable standard for a BCMS. It is the first and most recognized international standard for business continuity.
Steps in ISO 22301 implementation are the following:
1. Obtain management support
2. Identify all applicable requirements
3. Develop top-level Business Continuity Policy and objectives
4. Write documents that support the management system
5. Perform risk assessment and treatment
6. Perform business impact analysis
7. Develop business continuity strategy
8. Write the business continuity plan(s)
9. Implement training and awareness programs
10. Maintain the documentation
11. Perform exercising and testing
12. Perform post-incident reviews
13. Communicate continuously with the interested parties
14. Measure and evaluate the BCMS
15. Perform internal audit
16. Implement all the necessary corrective and preventive actions, and
17. Perform the management review