Cobit and Maastricht

Please use Iphone to browse to:

www.jesperdeboer.nl/quiz.aspx

Agenda

• Cobit
• Maastricht

What is Cobit?

Cobit 'current' versions

• Cobit 4 / 4.1 (2007)
• Cobit 5 (2012)
• Cobit 2019 (2018)

Tip

What does it contain?

Example Object BAI07:

Example control BAI07.05:

More than GITC..

• Innovation
• Understanding Enterprise Strategy
• Perform Risk Assessment
• Managed Organizational Change

Trending...

Cobit is mapped to NIST Cyber framework (Identify, protect, detect, respond, recover)

Example...

Dutch practice...

It's important in financial sector

DNB uses Cobit 4.1 and adjusted it to have more focus an outsourcing, security anno 2020, third line of defence

Good practice in EN and NL..

But adjustments are on their way...

Ultimate learn and share

Transparant

Two hour Symposium and a complete detailed report (Dutch only)

Chairman Executive Board

Source: Maastricht University

Step 1: Phising mail (15-10-2019)

Communication

Step 2: First comprimised servers were W2003 R2 (17-10-2019)

Microsoft ended support for the Windows Server 2003 R2 operating system on July 14, 2015.

Step 3: Network investigation

Step 4: Compromise of another server (21-11-2019)

Also because a recent update, was later installed in december 2019.

Step 5: Analyse another (21-11-2019)

Probably a memory dump was used. Via this server the hacker gained credentials of the domain-admin ('administrator'-account).

Step 6: Compromise of Domain Controller (21-11-2019)

Step 7: Alarm goes off (19-12-2019)

Mcafee detects attack, but it is in observer mode

Step 8: Deactivate MCafee and enroll (23-12-2019)

In 50 minutes 267 Windows servers were encrypted. All linux-servers were not encrypted.

Step 9: Receive decryption key (31-12-2019)

Questions?