Summary: Disaster Recovery Management

1097 Words5 Pages

Incident Response (IR) Strategic Decisions
Monica Ford
Professor Shaun Gray
CIS 359 Disaster Recovery Management

Incident Response (IR) Strategic Decisions
A worm is a malicious program that is introduced to a host computer, affects the system, then finds a way to detect a nearby host where it replicates itself (Wang, González, Menezes, & Barabási, 2013). In essence, worms affect a single computer then corrupt it. Afterward, they scan for other hosts connected to the first computer and copy themselves to these other systems. As such, the most distinctive feature of worms is that they are self-replicating codes. If not detected early, they can spread and affect all the computers connected to the initial host. In a way, their …show more content…

Possible attack vectors for worms include the internet, removable media, and emails. Detection will be achieved by deploying forensic analysis software and through the manual review of audit logs. File integrity checking software will also be implemented to review whether files in the breached systems have been corrupted. File integrity programs can detect changes during an incident and are useful for revealing corrupted files (Cichonski, Millar, Grance, & Scarfone, 2013). Worms can be detected via the monitoring of ‘trusted processes,' ‘untrusted processes,' byte patterns, IP address scanning, and through the use of guardian nodes. IP address scanning is used because most worms rely on IP addresses to identify other hosts (Rajesh, Reddy, & Reddy, 2015). The forensic analysis software will use these methods of detection to determine the existence of a worm and the initial …show more content…

At this point, the team will delete the malware from the breached computers and identify the point of entry of the intruder. The team will mitigate the vulnerabilities that were responsible for the incident. Afterward, the IR team will restore the system to normal operation. The computers that are breached to the point where the worm could not be eradicated will be restarted using uninfected backups. If the incident occurred due to human activity, the team would establish a policy to prevent future occurrence. The team will then review the lessons learned from the experience. The team will also perform an analysis of the incident data for several purposes including risk assessment and to measure the group's success.

References
Whitman, M. E., Mattord, H. J., & Green, A. (2014). Principles of incident response and disaster recovery. Australia: Course Technology Cengage Learning.
Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2013). Computer security incident handling guide. International Journal of Computer Research, 20(4), 459.
Wang, P., González, M. C., Menezes, R., & Barabási, A. L. (2013). Understanding the spread of malicious mobile-phone programs and their damage potential. International Journal Of Information Security, 12(5), 383-392.
Kumbhare, T., & Chobe, S. (2014). Secure Mining of the Outsourced Transaction Databases. International Journal of Science,

More about Summary: Disaster Recovery Management