NZ Incident Response Bulletin August – 2019

Our Views:

A selection of issues relevant to Forensic and Cyber Security matters during the last month. This month’s theme is “Improving Cyber Resiliency using NIST and the Cybersecurity Framework”.

On 11 July 2019, the Financial Markets Authority (FMA) released a report on cyber-resilience in New Zealand financial services. The report recommends The National Institute of Standards and Technology (NIST) Cybersecurity Framework as an example to assist with planning, prioritising and managing cyber-resilience. We explore this framework and suggest several practical steps you can take.

Automating the NIST Cybersecurity Programme

The NIST Cybersecurity Framework can be used to either develop or improve upon a cybersecurity programme. Given there are 108 sub-categories which define the framework, we recommend where possible, automating your programme. The main phases include assessments of your current profile and target profile, and based on the variances, establishing a roadmap of improvement actions.

Your conformance with the programme and priority areas can then be re-assessed as often as you like without the need to re-produce time intensive reports. At a high level, your programme should include at least the following outputs:

Respond and Recover Key Considerations

Much attention is paid to the three functions of “Identify”, “Protect” and “Detect”. But what if you suffer a cyber-attack? How prepared are you to “Respond” and “Recover”? These are the two functions that Incident Response and Forensic Technology specialists most commonly deal with. Regardless of your organisations cyber-security profile maturity, we recommend ensuring you have at least considered the following NIST recommendations:

  • Execute and maintain processes and procedures when responding to detected cybersecurity incidents and when recovering systems or assets affected by cybersecurity incidents.
  • Coordinate response activities with internal and external stakeholders.
  • Personnel should know their roles and order of operations when a response is required.
  • Conduct analysis to ensure an effective response and to support recovery activities. Perform forensics where required.
  • Fully understand the impact of the incident.  
  • Perform activities to prevent the expansion of the incident.
  • Mitigate newly identified vulnerabilities or document as accepted risks.
  • Improve response and recovery planning by incorporating lessons learned into future activities.

NIST Resources to Improve Forensic Preparedness

The NIST website provides numerous resources to assist with forensic procedures in the event of a cybersecurity incident. Examples include: ‘Computer Forensic Reference Data Sets’ consists of documented sets of simulated digital evidence for examination. Examples include:

  • The ‘National Software Reference Library’, which consists of an exhaustive collection of known files that can be eliminated from any examination.
  • ‘Computer Forensics Tool Testing’ consists of general tool specifications, test procedures, test criteria, test sets and test hardware.
  • ‘Computer Forensic Reference Data Sets’ consists of documented sets of simulated digital evidence for examination.

For readers wishing to receive additional Forensic and Cyber Security information, the Premium Edition of the NZ Incident Response Bulletin is now available to clients who are subscribed to our Incident Response Retainer. The Premium Edition contains recent publications on Threat Alerts, Security Frameworks, Information Security Surveys, Forensic News and Research. Please contact us at support@incidentresponse.co.nz for further information or to request a one-off complimentary copy.

To subscribe or to submit a contribution for an upcoming Bulletin, please either visit https://incidentresponse.co.nz/bulletin or send an email to bulletin@incidentresponse.co.nz with the subject line either “Subscribe”, “Unsubscribe”, or if you think there is something worth reporting, “Contribution”, along with the Webpage or URL in the contents. Access our Privacy Policy.

This Bulletin is prepared for general guidance and does not constitute formal advice. This information should not be relied on without obtaining specific formal advice. We do not make any representation as to the accuracy or completeness of the information contained within this Bulletin. Incident Response Solutions Limited does not accept any liability, responsibility or duty of care for any consequences of you or anyone else acting, or refraining to act, when relying on the information contained in this Bulletin or for any decision based on it.