Incident Response (IR) Strategic Decisions
Monica Ford
Professor Shaun Gray
CIS 359 Disaster Recovery Management
Incident Response (IR) Strategic Decisions
A worm is a malicious program that is introduced to a host computer, affects the system, then finds a way to detect a nearby host where it replicates itself (Wang, González, Menezes, & Barabási, 2013). In essence, worms affect a single computer then corrupt it. Afterward, they scan for other hosts connected to the first computer and copy themselves to these other systems. As such, the most distinctive feature of worms is that they are self-replicating codes. If not detected early, they can spread and affect all the computers connected to the initial host. In a way, their
…show more content…
Possible attack vectors for worms include the internet, removable media, and emails. Detection will be achieved by deploying forensic analysis software and through the manual review of audit logs. File integrity checking software will also be implemented to review whether files in the breached systems have been corrupted. File integrity programs can detect changes during an incident and are useful for revealing corrupted files (Cichonski, Millar, Grance, & Scarfone, 2013). Worms can be detected via the monitoring of ‘trusted processes,' ‘untrusted processes,' byte patterns, IP address scanning, and through the use of guardian nodes. IP address scanning is used because most worms rely on IP addresses to identify other hosts (Rajesh, Reddy, & Reddy, 2015). The forensic analysis software will use these methods of detection to determine the existence of a worm and the initial …show more content…
At this point, the team will delete the malware from the breached computers and identify the point of entry of the intruder. The team will mitigate the vulnerabilities that were responsible for the incident. Afterward, the IR team will restore the system to normal operation. The computers that are breached to the point where the worm could not be eradicated will be restarted using uninfected backups. If the incident occurred due to human activity, the team would establish a policy to prevent future occurrence. The team will then review the lessons learned from the experience. The team will also perform an analysis of the incident data for several purposes including risk assessment and to measure the group's success.
References
Whitman, M. E., Mattord, H. J., & Green, A. (2014). Principles of incident response and disaster recovery. Australia: Course Technology Cengage Learning.
Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2013). Computer security incident handling guide. International Journal of Computer Research, 20(4), 459.
Wang, P., González, M. C., Menezes, R., & Barabási, A. L. (2013). Understanding the spread of malicious mobile-phone programs and their damage potential. International Journal Of Information Security, 12(5), 383-392.
Kumbhare, T., & Chobe, S. (2014). Secure Mining of the Outsourced Transaction Databases. International Journal of Science,
Kaylee Le MIS 201 U2 Assignment 10/18/2015 CERT/CERT-CC The development and dependence on the internet, and also complexity of interloper skills, additional resources is on demand. To fulfill this demand, the CERT/CC became one part of the larger CERT Division. The CERT is stand for the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI). The CERT Division is funded mostly by the U.S. Department of Defense and the Department of Homeland Security.
The Spyeye banking malware continues to plague computers across the world and is proving to be a difficult foe to detect and remove from infected Windows PCs. Athena is a stable DDoS botnet coded in C++ which is perfect for infecting and herding windows machines. This botnet has advanced DDoS tactics that will take down web servers, gaming servers, VoIP servers and home connections
Exercises #3: There are many classification methods that can be used with IDPS’s systems. The main point of this system is to detect hostile actions. The first classification is based on the place where ID systems can be placed and the second one is based on analysis of the technique used. These ID systems can be classified into three main groups starting with Host Based Intrusion Detection System (HIPS), then Network Behavior Analysis (NBA), Network Based Intrusion Detection System (NIPS), and Wireless Intrusion Prevention System (WIPS). The WIPS it analysis the traffic of wireless network, NBA examines traffic to identify threats that generate unusual traffic flow, HIPS monitor single host for suspicious activity, NIPS it analyzes the traffic of entire network.
41. Do we use automated tools to assess system/network vulnerabilities?
Secondly, they should provide training and drills to emergency personnel. Finally, the city should also educate the community about potential disasters and teach the community how to respond to
Certain applications here at First World Bank Savings and Loan are mission-critical for our organization, we will want to monitor appropriate security lists maintained by their sponsoring groups. Linux has antivirus and anti-malware systems. Some of these systems are designed to minimize the risk of Linux as a malware carrier between Microsoft systems. But such systems also address malware written for Linux, such as rootkits, Trojan horses, worms, and more.
For each of the threats and vulnerabilities from the Identifying Threats and Vulnerabilities in an IT Infrastructure lab in this lab manual (list at least three and no more than five) that you have remediated, what must you assess as part of your overall COBIT P09 risk management approach for your IT infrastructure? Denial of service attack- close the ports and change the passwords. Loss of Production Data- Backup the data and restore the data from the most recent known safe point. Unauthorized access Workstation-
1. Installing antivirus software on all the systems, for example Norton antivirus. 2. Installing antivirus and anti spam software on email servers, examples of antispam software include: 3. Install antivirus and content filter software on firewalls 4.
First of all there are three of the same virus on the system that was scanned. That virus is called Win32/DH{eRUTxVzF3U} and it is one of the bad viruses that we do not want on our computers. The virus can replicate itself and attach and infect the files it attaches itself to. Once it starts to replicate itself that will take up space in your hard drive and make it so that you have less space for you to use. The virus can change the file that is in on or steal the information that inside that file, and it can send itself to other computers so that it will spread and continue replicating itself.
-We are number 1 -NIMS started because of hurricane Katrina. -The Incident command system (ICS) is a standardized approach used for incidents by all types of organizations and at all levels of government; Meant to be used in all situations big and small. However, the incident command system is not NIMS, it is just a portion of it.
Due to Colleges storing large amounts of sensitive data for the students and members of staff, there has to be protection in place to prevent viruses in the first instance. If, in the unlikely event of a virus infecting some devices, and it isn’t detected on the intrusion detection system the sensitive data and information may be compromised. This is incredibly important because if any information gets compromised then the college could be subject to many major lawsuits due to the Impact on Student Experience Solution Fault 3: Power lost for switch - single floor Impact of General Running of the college Impact on Student Experience Solution Fault 4: keyboard failure Impact of General Running of the college Impact on Student Experience Solution Fault 5: Site wide Software Crash Impact of General Running of the college Impact on Student Experience
A library of premium content will be created that customers can use to educate themselves about cyber security and make a more informed purchasing decision. I will help insurance agents promote cyber liability policies. Most standard policies don't cover many of the risks associated with a cyber attack. I will provide insurance firms and individual agents with products that promote these cyber
People often use the same username and password for many different systems, so these stolen credentials may be used to access other systems not yet infected. Once access is gained, additional information theft or malware installation can take place. Another way spyware puts systems at future risk is by installing backdoor access mechanisms. These backdoors give the malware operator access to control the system or to command the system to download and run arbitrary applications. Attackers can build vast collections of compromised systems without originally compromising a single
Be it the recent Nepal Earthquake or Hurricane Sandy or the Tsunami or other disastrous events such as attacks on World Trade Center - calamities like these often catch you in an unguarded moment. Such events not only claim hundreds and thousands of lives but also become disastrous to businesses which cannot revive if they did not have disaster recovery plans in place to recover critical business data. It is natural for business executives to think that catastrophes are not very common, but even things like virus in computer system, power failure or even a critical equipment failure can disrupt the organizational functioning. Disaster Recovery Plan is essentially a comprehensive strategy including people, processes, policies, and technologies,
Recently, natural disaster and technological-caused disaster bring about significant losses (Nirupama & Etkin, 2012). The losses caused by disaster can be from the aspects of physical, financial or both. Besides, a number of subsequence actions need to be undertaken after the disaster event. All these could happen in a workplace. There is an issue where employees have no ideas on how to react with when the emergency happened.