Fowler - Data Breach Preparation and Response

First Edition

Kevvie Fowler

Curtis Rose, Technical Editor

Syngress is an imprint of Elsevier

50 Hampshire Street, 5th Floor, Cambridge, MA 02139, USA

2016 Elsevier Inc. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publishers permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions.

This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).

Notices

Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods, professional practices, or medical treatment may become necessary.

Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information, methods, compounds, or experiments described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility.

To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein.

The views, opinions and guidance within this book are those of the authors and not those of any other organization or governing body.

ISBN: 978-0-12-803451-4

Library of Congress Cataloging-in-Publication Data

A catalog record for this book is available from the Library of Congress

British Library Cataloguing-in-Publication Data

A catalogue record for this book is available from the British Library

For information on all Syngress publications visit our website at https://www.elsevier.com/

Publisher: Todd Green

Acquiring Editor: Chris Katsaropoulos

Editorial Project Manager: Anna Valutkevich

Project Manager: Punithavathy Govindaradjane

Designer: Matthew Limbert

Typeset by SPi Global, India

Kevvie Fowler is a partner and National Cyber Response leader for KPMG Canada and has over 20 years of IT, security and forensics experience. He assists clients in identifying and protecting critical data and proactively preparing for, responding to, and recovering from Breaches in a manner that minimizes impact and interruption to their business.

Kevvie is a cyber security and forensics expert who is author of Data Breach Preparation and Response and SQL Server Forensic Analysis and contributing author to several security and forensics books. He is an instructor who trains law enforcement agencies on cyber forensic and response practices and his cyber forensics research has been incorporated into formal course curriculum within industry and academic institutions. Kevvie is a SANS lethal forensicator and a member of the SANS Advisory Board and the Board of Referees for the Elsevier Digital Investigation Journal where he guides the direction of emerging cyber security and forensics research.

Paul Hanley is a recognized expert in information security, with significant experience in the field. He has particular experience in aligning security functions to the needs of the business and in delivering global cyber security programmes. He is the national lead partner for cyber security at KPMG Canada.

Pauls specialisms include leading large-scale cyber security and transformation programs. He also has expert knowledge in information security risk management, technical security architecture design, cyber maturity assessments, cryptography, and security compliance.

In his career, Paul has been directly involved with a number of high profile, billion-dollar banking, government, and other programs and has built strong business relationships.

Paul regularly provides input into and comments on draft Security Standards and is the go to person for cyber advice for a number of regulators. He has been profiled by SC Magazine , the guest presenter at many high profile security events, and his activities have been shown in the media, on television, in the broadsheets, and in the specialist information security press.

Greg Markell is a leading insurance expert on the topic of cyber and privacy liability. In his current practice, he advises public, private, and nonprofit organizations regarding their risk transfer of organizational exposure to cyber-related losses.

Greg began his career underwriting for a large national insurer, starting in property and casualty before quickly moving into executive and professional risk, with a focus on directors and officers (D&O) insurance. He then moved on to join a national brokerage, focusing on specialty insurance products for financial services companies, including D&O and cyber liability. He left this firm as a partner in 2014 and joined a top 10 global broker, where he is a resource for his colleagues for D&O and is the practice leader for cyber and privacy liability.

Greg received his Bachelor of Commerce degree with a minor in Economics from Queens University. He is a fellow chartered insurance professional and an accredited Canadian risk manager.

Chris Pogue, Senior Vice President of Cyber Threat Analysis

Having been on the front lines of cybercrime investigations for the past 14 years, Chris has worked on thousands of Breaches, spanning the globe. As the SVP of Cyber Threat Analysis, he brings that knowledge and experience to Nuix, enabling them to build the most comprehensive, efficient, and effective Cybersecurity team on the planet.

Prior to joining Nuix in June 2014, he spent the past six years at SpiderLabs where he worked as an incident responder, a managing consultant, and, ultimately, a director. He also held a position as an engagement manager at the IBM/ISS X-Force Incident Response and Penetration Testing Teams. Prior to these roles, he served in the United States Army for 13 years as a signal corps warrant officer and a field artillery reconnaissance sergeant.

Among his many achievements, Chris was the original creator of the forensic methodology known as Sniper Forensics, a method that has emerged as the industry standard among users including the Federal Bureau of Investigation and the United States Secret Service. Additionally, in 2010, he was named as a SANS thought leader. He was the 41st security professional to have been awarded this distinction.

Chris holds a full range of professional certifications including Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Reverse Engineering Analyst (CREA), SANS GIAC Certified Forensic Analyst (GCFA), and Payment Card Industry Qualified Security Assessor (QSA). He also plays a leading role in a number of industry-relevant organizations which include the Consortium of Digital Forensics Specialists (CDFS), United States Secret Service Electronic Crimes Task Force (USSS ECTF), and the International Association of Chiefs of Police (IACP) Computer Crimes and Digital Evidence Committee (CCDE). He is the primary author of Unix and Linux Forensic Analysis by Syngress and the author of the award winning blog, The Digital Standard .