Cobit and Maastricht

Please use Iphone to browse to:

www.jesperdeboer.nl/quiz.aspx

Agenda

  • Cobit
  • Maastricht

What is Cobit?

Control Objectives for IT
ISACA first released COBIT in 1996, then designed for helping financial auditors.
Now it has focus on Enterprise Governance

Cobit 'current' versions

  • Cobit 4 / 4.1 (2007)
  • Cobit 5 (2012)
  • Cobit 2019 (2018)

All versions are free

Tip

Download the Excel framework for inspiration of controls (TPA etc.)

What does it contain?

40 objectives
231 practices (controls)
1202 activities...

Example Object BAI07:

test and accept, communication, release preparation....

Example control BAI07.05:

Test changes independently, in accordance with the defined test plan....

More than GITC..

  • Innovation
  • Understanding Enterprise Strategy
  • Perform Risk Assessment
  • Managed Organizational Change

Trending...

Cobit is mapped to NIST Cyber framework (Identify, protect, detect, respond, recover)

Example...

Dutch practice...

It's important in financial sector

DNB uses Cobit 4.1 and adjusted it to have more focus an outsourcing, security anno 2020, third line of defence

Good practice in EN and NL..

But adjustments are on their way...

EBA publiced new guidelines, have to be implemented after June 2020. And rumors say DNB is switching to NIST.

Ultimate learn and share

Transparant

Two hour Symposium and a complete detailed report (Dutch only)

Chairman Executive Board

Source: Maastricht University

Step 1: Phising mail (15-10-2019)

Communication

Every 15 minutes: drm-server13-login-microsoftonline.com

Step 2: First comprimised servers were W2003 R2 (17-10-2019)

Microsoft ended support for the Windows Server 2003 R2 operating system on July 14, 2015.

Step 3: Network investigation

Step 4: Compromise of another server (21-11-2019)

Also because a recent update, was later installed in december 2019.

Step 5: Analyse another (21-11-2019)

Probably a memory dump was used. Via this server the hacker gained credentials of the domain-admin ('administrator'-account).

Step 6: Compromise of Domain Controller (21-11-2019)

Step 7: Alarm goes off (19-12-2019)

Mcafee detects attack, but it is in observer mode

Step 8: Deactivate MCafee and enroll (23-12-2019)

In 50 minutes 267 Windows servers were encrypted. All linux-servers were not encrypted.

Step 9: Receive decryption key (31-12-2019)

Questions?