Host/Sponsor PowerPoint Presentation, PPT - DocSlides

Download alida-meadow | 2015-09-23 | General Exercise Name 2015 . Tabletop Exercise. Month DD, YYYY. Welcome and Opening Remarks. Host/Sponsor . POC Name. Position. Organization. 2. Exercise Overview and Facilitator. Facilitator Name. Organization / . ID: 138381

PowerPoint Host/Sponsor PowerPoint Presentation, PPT - DocSlides Slideshow

Slide1Host/SponsorExercise Name 2015 Tabletop ExerciseMonth DD, YYYY.Slide2Welcome and Opening RemarksHost/Sponsor POC NamePositionOrganization

  • Views 40
Download this presentation

Host/Sponsor PowerPoint Presentation, PPT - DocSlides

Click below link (As may be) to download this presentation.

Download Note - The PPT/PDF document "Host/Sponsor PowerPoint Presentation, PP..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentations text content in Host/Sponsor PowerPoint Presentation, PPT - DocSlides

  • Host/SponsorExercise Name 2015 Tabletop Exercise
  • Month DD, YYYY
  • Welcome and Opening Remarks
  • Host/Sponsor POC NamePositionOrganization
  • 2
  • Exercise Overview and Facilitator
  • Facilitator NameOrganization / Department / OfficeDivisionSub Office
  • 3
  • Exercise Structure
  • This exercise will be a multimedia, facilitated tabletop exercisePlayers will participate in the following three modules: <Module, Phase, or Other> <1>: < Insert Name > <Module, Phase, or Other> <2>: < Insert Name ><Module, Phase, or Other> <3>: < Insert Name >Scenario updates will be provided at the beginning of each ModuleExercise will conclude with a brief Hot Wash
  • 4
  • Exercise Schedule
  • 5
  • Time AllottedEvent8:00 a.m. – 8:30 a.m.Registration/Sign-In8:30 a.m. – 8:45 a.m.Introductions / Exercise Overview8:45 a.m. – 9:20 a.m.Module 1 – <Name>9:20 a.m. – 9:30 a.m.Break9:30 a.m. – 10:30 a.m.Module 2 – <Name>10:30 a.m. – 11:30 a.m.Module 3 – <Name>11:30 a.m. – 12:00 p.m.Hot Wash – Closing Remarks12:00 p.m.Closing Comments
  • ADJUST TIMES AS NEEDED
  • Create an opportunity for stakeholders to explore and address cybersecurity challenges and increase cybersecurity awareness.Assess the integration of cybersecurity into <Organization’s> all-hazards preparedness.Examine cybersecurity management structures, incident information sharing, escalation criteria, and related courses of action.Identify cascading impacts of a cyber-attack to critical systems<Insert additional/other organization specific objectives>
  • 6
  • Exercise Objectives
  • Participant Roles and Responsibilities
  • Players: Respond to situation presented based on current plans, policies, and proceduresObservers: Support players in developing responses, but do not directly participateFacilitators. Facilitators provide situation updates and moderate discussions. They also provide additional information or resolve questions as requiredEvaluators. Evaluators are assigned to observe and document key findings during the exercise
  • 7
  • Exercise Guidelines
  • This is an open, low-stress environment. Varying viewpoints, even disagreements, are expectedRespond to the scenario using your knowledge of current plans and capabilities (i.e., you may use only existing assets) and insights derived from your experience and trainingDecisions are not precedent setting and may not reflect your organization’s final position on a given issue. This exercise is an opportunity to discuss and present multiple options and possible solutionsBe an active participant!
  • 8
  • Assumptions and Artificialities
  • The exercise is conducted in a no-fault learning environment wherein capabilities, plans, systems, and processes will not be evaluatedThere is no “hidden agenda” nor are there any trick questionsThe exercise scenario is plausible, and events occur as they are presentedAll players receive information at the same timeThe scenario is not derived from current intelligence
  • 9
  • 0
  • Module 1: <Name>
  • 10
  • 1
  • T – 2 Years: Initiation
  • According to an autopsy report, the sudden death of a 15-year-old girl who was treated at [hospital name here], was ruled to be the result of a severe type of pneumoniaPatient’s family suspects improper care as the true leading cause of death and blames the [hospital name]Soon after the release of the autopsy report, the family of the girl begins to demand the medical center be held accountable and files a wrongful death lawsuit against [hospital name]
  • 11
  • 2
  • T – 6 Months: Motivation
  • Upon presentation and litigation of the wrongful death lawsuit, the court rules in favor of [hospital name]The family remains unconvinced, distraught, and angry over the verdict
  • 12
  • 3
  • T – 5 Months: Advisory
  • The Multi-State Information Sharing and Analysis Center (MS-ISAC) in partnership with the National Health Information Sharing and Analysis Center (NH-ISAC) releases a joint advisoryHighlights several recent attacks against state health information exchanges
  • 13
  • 4
  • T – 10 Days: Indication
  • The [hospital name] begins to notice an increase in scans and phishing campaigns, similar to those that were reported at other medical providers throughout the country, including a 25% increase in attempted attacks against their networks
  • 14
  • 5
  • T – 2 Days: Slow Motion
  • Employees begin to report internal network latencyMembers of the public report they cannot access [hospital name]’s website
  • 15
  • 6
  • T – 1 Day: Degradation
  • [hospital name] systems performance continues to degrade, exacerbated by suspected data loss Several nurses begin to report records that were available only a short time earlier are now completely unavailable
  • 16
  • 7
  • 17
  • Module 1 Discussion
  • 8
  • 18
  • Information sharing by various constituents, to include government sources of indicators and warningsInformation sharing mechanism limitations and challenges within [hospital name]Internal cyber threat information requirements and thresholds for reporting credible threats and incidents to organizational executive leadershipWhat types of security-related industry alerts does the [hospital name] receive? Those from NH-ISAC? US-CERT? Others?
  • Consider the following during discussion…
  • 9
  • Module 2: <Name>
  • 19
  • 0
  • T – Day: Investigation
  • In response to the extreme latency and unavailable medical records, [hospital name] begins to field an increase in help desk calls related to the EMR problems During this period, technicians confirm that records are actually missing and notice unusual patterns in access logs, including unauthorized access to the EMR system
  • 20
  • 1
  • T – Day: Escalation
  • The “News and Info” section of the [hospital name]’s public web site, including one of its social media platforms, is defacedDefacement contains threats and a warning to the public about the [hospital name]’s level of care
  • 21
  • Hospital
  • THIS HOSPITAL WILL DECEIVE YOU – THEY CANNOT BE TRUSTED WITH YOUR INFORMATION, OR YOUR LIFE!!!
  • 2
  • T + 1 Day: Communication
  • A local media affiliate of Global Network News and other local media outlets start reporting on the defacement of the [hospital name] homepage
  • 22
  • 3
  • T + 1 Day: Elevated
  • MS-ISAC and NH-ISAC issue an update to their recent joint advisoryUpdated advisory indicates an increase in attacks to both public and private medical facilities, with significant impacts to ICS and SCADA systems Both MS-ISAC and NH-ISAC raise their threat alert level to “ELEVATED”
  • 23
  • 4
  • 24
  • Module 2 Discussion
  • 5
  • 25
  • Initial response measures and triggers for external incident response coordinationExisting incident response coordination, investigation, and mitigation efforts, and identification of impediments to timely responseCyber incident escalation criteria and planned notificationsWhat is your planned cyber incident management structure?How would external resources be requested and integrated? Would legal department(s) be involved to address potential liability issues? How are they brought in appropriately?
  • Consider the following during discussion…
  • 6
  • Module 3: <Name>
  • 26
  • 7
  • T + 1 Day: Explanation
  • Further investigation indicates that malware infected [hospital name] via a spearphishing e-mail opened by a [hospital name] employee with privileged access / administrator rights several weeks ago This malware was used to alter supply inventory records and exfiltrate more than 50,000 personally identifiable information (PII) and electronic protected health information (ePHI) records
  • 27
  • 8
  • T + 1 Day: Intensification
  • Patients and staff report an extreme change in temperature in the medical facility, complaining it is too hot As a result of the complaints, [hospital name] suspects a potential malfunction to SCADA-enabled devices within HVAC and building management systems
  • 28
  • 9
  • T + 1 Day: Expansion
  • Building Operations reports that a facilities technician tasked to inspect the HVAC and BMS is unable to login to the server that controls the HVAC system The technician entered his credentials as usual, but received an “access denied” message
  • 29
  • 0
  • T + 1 Day: Exhaustion
  • [hospital name] has quickly exhausted all available resources to investigate the extent of the problem and restore affected systems, resulting in significant impacts to patient care and life safety concerns
  • 30
  • 1
  • T + 2 Day: Attention
  • National media outlets begin reporting on the situation at [hospital name] In particular, the media outlets are covering the messages posted on the [hospital name] website and social media platform
  • 31
  • 2
  • T + 4 Day: Ramifications
  • During an in-depth log review, the [hospital name] discovers that 65 days ago, “[insert exercise malware name]” was implanted on the medical facility’s network, resulting in the creation of a “super user” with admin rights Investigators strongly suspect that the infection vector is linked to the spearphishing and network scanning, which eventually exploited a vulnerability in the [hospital name]’s network Both the [hospital name] and the investigation team continue the systematic process of malware remediation, removal, and patch updates
  • 32
  • 3
  • 33
  • Module 3 Discussion
  • 4
  • 34
  • Identification of available response, investigation, and mitigation resources and capabilitiesIdentification of resource request coordination pathwaysCyber incident management structureRole of public information during a cyber incidentChallenges when coordinating public communicationsPublic affairs playbook or pre-scripted statementsProcesses or protocols when contacting and/or working with law enforcementProcesses and resources in place for evidence preservation and collection
  • Consider the following during discussion…
  • 5
  • 35
  • Exercise Hot Wash
  • 6
  • Hot Wash
  • Strengths Areas for Improvement
  • 36
  • 7
  • Points of Contact
  • For questions about this exercise or recommendations for improvement, contact:
  • 37
  • Name of Facilitator
  • Dept
  • /
  • Div
  • / Office
  • email
Recommended
Please put on your gloves
  • 89

Please put on your gloves

153-162. (Published in English as 'Projective identification and the s
  • 53

153-162. (Published in English as 'Projective identification and the s

What is the
  • 28

What is the

Chronic Absenteeism
  • 93

Chronic Absenteeism

Partnership Buy-Sell Agreement
  • 63

Partnership Buy-Sell Agreement

ReviewHumanpheromonesandsexualattractionKarlGrammer,BernhardFink,NickN
  • 70

ReviewHumanpheromonesandsexualattractionKarlGrammer,BernhardFink,NickN

What Employers Want and Expect From College Graduates &amp;
  • 32

What Employers Want and Expect From College Graduates &

\r!\r"\n 
  • 8

\r !  \r "\n    

students expectations
  • 67

students expectations

Report this Document.