Presentation is loading. Please wait.

Presentation is loading. Please wait.

FORESEC Academy FORESEC Academy Security Essentials (II)

Published byJason Todd Modified over 8 years ago

Similar presentations

Presentation on theme: "FORESEC Academy FORESEC Academy Security Essentials (II)"— Presentation transcript:

1 FORESEC Academy FORESEC Academy Security Essentials (II)

2 FORESEC Academy Agenda  What is incident handling?  Why is it important?  What is an incident?  Fundamentals  The Six Step process  Legal issues

3 FORESEC Academy Incident Handling  Incident Handling is an action plan for dealing with intrusions, cyber-theft, denial of service, malicious code, fire, floods, and other security-related events  Having procedures and policy in place so you know what to do when an incident occurs

4 FORESEC Academy Why is it Important?  Sooner or later an incident is going to occur. Do you know what to do?  It is not a matter of “if” but “when”  Planning is everything  Similar to backups - You might not use it every day, but if a major problem occurs you are going to be glad that you did

5 FORESEC Academy Legal Aspects of Incident Handling  Plans, policies and procedures developed for incident handling must comply with applicable laws.  This is not a legal course, have them reviewed by legal counsel.

6 FORESEC Academy What is an Incident?  An “incident” is an adverse event in an information system, and/or network, or the threat of the occurrence of such an event.  Incident implies harm, or the attempt to do harm - Incident handler reduces or minimizes harm  The fact that an incident has occurred may mean a law has been broken

7 FORESEC Academy Types of Incidents  Bombings, Explosions  Earthquakes, Fires, Floods  Power outages, Storms  Hardware/software failures  Strikes, Employees unavailable  Hazard material spills  Cyber-theft, Intellectual property theft  Viruses, worms or other malicious software  Unauthorized use  Intrusions, Internal or external attack  Denial of Service.

8 FORESEC Academy What is an Event?  An “event” is any observable occurrence in a system and/or network  Examples of events include: - the system boot sequence - a system crash - packet flooding within a network  These observable events compose an incident  All incidents are composed of events, but not all events are incidents

9 FORESEC Academy Examples of an Incident  Which of the following is an incident: 1. An attacker running NetBIOS scans against a Unix system. 2. An attacker exploiting Sendmail on a Unix system. 3. A backup tape containing sensitive information is missing.

10 FORESEC Academy Overview of the Incident Handling Process Incident Handling is similar to first aid. The caregiver tends to be under pressure and mistakes can be very costly. A simple, well- understood approach is best. Keep the six stages, (preparation, detection, containment, eradication, recovery, and follow-up) in mind. Use pre-designed forms, and call on others for help.

11 FORESEC Academy Incident Handling - 6 Steps  Preparation  Identification  Containment  Eradication  Recovery  Lessons Learned

12 FORESEC Academy Preparation  Planning is everything  Policy - Organizational approach - Inter-organization  Obtain management support  Select team members  Identify contacts in other organizations (legal, law enforcement)

13 FORESEC Academy Preparation (2)  Update disaster recovery plan  Compensate team members  Provide checklists and procedures  Have emergency communications plan  Escrow passwords and encryption keys  Provide training  Have a jump bag with everything you need to handle an incident

14 FORESEC Academy Identification  How do you identify an incident  Be willing to alert early but do not jump to a conclusion - “Boy that cried wolf” syndrome - Look at all of the facts  Notify correct people  Utilize help desk to track trouble tickets to track the problem

15 FORESEC Academy Signs of an Incident  IDS tool has an alert  Unexplained entries in a log file  Failed events, such as logon  Unexplained events (new accounts)  System reboots  Poor performance

16 FORESEC Academy Identification (2)  Assign a primary handler  Determine whether an event is an incident  Identify possible witnesses and evidence  Make a clean backup of the system

17 FORESEC Academy Containment  An incident handler should not make things worse, liability and negligence  Secure the area  Make a backup  Possibly pull the system off the network  Change passwords

18 FORESEC Academy Eradication  Must fix problem before putting it back online  Determine cause and symptom  Improve defenses  Perform vulnerability analysis

19 FORESEC Academy Recovery  Make sure you do not restore compromised code  Validate the system  Decide when to restore operations  Monitor the systems

Download ppt "FORESEC Academy FORESEC Academy Security Essentials (II)"

Similar presentations

Incident Handling in Academia What to do when you have been hacked!

Incident Handling in Academia What to do when you have been hacked!
Auditing Computer Systems

Auditing Computer Systems
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 

11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Security Controls – What Works

Security Controls – What Works
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Handling Security Incidents

Handling Security Incidents
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Incidence Response & Computer Forensics, Second Edition

Incidence Response & Computer Forensics, Second Edition
Disaster Prevention and Recovery. Team Members   Gwenn Cooper   Kristy Short   John knieling   Carissa Vancleave   Matthew Owens.

Disaster Prevention and Recovery. Team Members   Gwenn Cooper   Kristy Short   John knieling   Carissa Vancleave   Matthew Owens.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
 What is incident handling?  Why is it important?  What is an incident?  Fundamentals  The Six Step process  Legal issues.

 What is incident handling?  Why is it important?  What is an incident?  Fundamentals  The Six Step process  Legal issues.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.

Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
Network security policy: best practices

Network security policy: best practices
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Introduction to Computer Forensics Fall 2007. Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl).http://www.forensics.nl.

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google