Deliverable A: Training and Emergency Plan
Responsibility: IT Security (IT Security Officer)
Deliverables:
Emergency Action PlanDocument that will detail the actions that IT security staff will undertake in the event that a ransomeware attack hits our IT systems. It will include damage control and data recovery.
A script to be read over the public address system is located at the communications center.
There would be a list of responsible persons for every room or area with computers. They will immediately take pre-planned action once an attack occurs.
Storage devices containing back-up data are placed near the computers to be recovered. These devices are set at read-only.
Notice signs written ‘IT security situation. Please do not use until further notice. – CIO’ are placed near all computers. They will be posted on the computer screens when an attack has occurred.
Current version of Malwarebytes installed in every computer.
Authorized payment money as a last option
Emergency contact number of the CEO entrusted to the CIO
Prevention and Mitigation PlanDocument that will describe the regular procedures to be carried out by IT staff and company employees to prevent the occurrence of a ransomeware attack
Do’s and Don’ts posters in all rooms with computers.
Data backup software and settings for automatic backup to external storage devices
Cryptolocker Prevention Kit installed in the servers.
The webmail server is configured to block attachments with extensions like .exe, .vbs, or .scr.
Regular advisories are sent to all employees regarding:
Suspicious email messages and attachments
Safe procedures like strong passwords and screen lock-downs
Updated system, security software and firewalls.
Quarterly audit of back-data status
Annual audit on the system and security software updates.
Training Plan
Document stating training needs and plan for ransomware
Annual orientation to all employees on how to prevent and respond to ransomware
Drill and simulation exercises to IT staff and use action members
Activity
The IT security group will conduct an annual drill for a ransomware attack. Data recovery will be implemented for all servers.
The IT security group will send a monthly advisory to all employees regarding current info on:
Ransomware
Common suspicious emails that may contain
Common file names of suspicious email attachments
Action when an attack occurs
Reminder on regular preventive actions such as data aback-up, etc.
Schedule of next ransomeware drill
All department managers will submit a monthly data back-up report to the CIO.
The IT security group will conduct quarterly audits on system and security software.
Deliverable B: Testing Needs and Plan
Responsibility: IT Security (IT Security Officer)
Deliverables:
Document describing the test scenarios, facilities and plan to handle recovery from a ransomware attack.
A server and computer set-up for testing and simulation for ransomware.
A monthly maintenance period solely for IT security that will test the latest ransomware virus against security software
Document showing the monthly testing results.
Quarterly testing of data recovery from back-up storage devices.
Activities:
The IT security group will write and update quarterly a ransomware test plan.
The IT security group will set-up a testing lab for virus, malware which includes ransomware.
The IT security group will submit to the CIO a monthly report on ransomware tests.
Deliverable C: Documentation of the New Process
Responsibility: IT Security group, All department managers
Deliverables:
IT Security Group
Emergency Action Plan
Attack announcement script
List of user responsible persons
Inventory and status of all storage devices
List of critical data for back-up for the whole organization
Notice signs on computers during an attack
Inventory and status of all system and security software in all computers
Draft’s of Do’s and Don’ts posters
Audit reports on system and security software
Post drill report
Test plan for ransomware
Monthly test results for ransomeware
Event plan on the annual employee orientation on IT security
All managers
Quarterly audit reports on data back-up and recovery test
Reports of suspicious emails
Activities:
The CIO will set regular deadlines for the IT security group on the writing and updating of all ransomware documents.
The IT security manager will release a simplified monthly update report to all employees regarding all activities regarding IT security with ransomware as regular mention.
All managers with computer assets will set regular quarterly deadlines on the data backup and recovery reports.
All concerned managers will include the topic of IT security in their regular meetings to fish out any observations of staff on suspicious emails.
Deliverale D: Information Assurance Strategy
Responsible CEO, CIO, IT security head, all managers with computer assets
Deliverables
The HR training group will include in its regular program an annual orientation to all employees by the IT security group regarding IT security.
The IT security group will include in its monthly advisories the one on ransomware and current updates.
An IT policy issued by the CIO stating the danger of ransomware and the organizations resolve to exert all efforts to prevent, mitigate and resolve possible attacks.
The CIO will get a budget allocation for ransomware control such as storage devices and software.
The CIO and the IT security manager will assign specialist staff that will be responsible to monitor and lead all activities for ransomware. He is also responsible to escalate to management all issues that will arise.
The CEO will issue a memorandum requiring all managers to fully cooperate with the CIO to all matters on the control of the ransomware threat.
The CIO will work with the HR training group to include information on ransomware on all training activities whenever it is appropriate.
The CIO will annually engage the services of a professional IT security firm to audit the IT security structure and processes of the company.
The CIO will lead a seminal project that will engage the whole organization to identify all the critical data that will ensure the business continuity of the organization. This will include the set-up of an offline data backup center that will house a copy of all that critical data at all times.
The CIO will release timely updates to all employees regarding relevant policy on IT security.
Relevant Links
Kentucky hospital hit by ransomware attack
http://arstechnica.com/security/2016/03/kentucky-hospital-hit-by-ransomware-attack/
Prevention: 5 ways to avoid a crisis
http://www.calyptix.com/malware/ransomware-prevention-5-ways-to-protect-your-business/
Recovery and prevention
http://www.computerworld.com/article/3023543/malware-vulnerabilities/ransomware-7-tips-for-recovery-and-prevention.html
Prevention tips
http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/22-ransomware-prevention-tips/
Do’s and Don’ts
http://www.symantec.com/connect/blogs/ransomware-dos-and-donts-protecting-critical-data
