FORESEC Academy FORESEC Academy Security Essentials (II)

Slides:



Advertisements
Similar presentations
Incident Handling in Academia What to do when you have been hacked!
Advertisements

Auditing Computer Systems
11 ASSESSING THE NEED FOR SECURITY Chapter 1. Chapter 1: Assessing the Need for Security2 ASSESSING THE NEED FOR SECURITY  Security design concepts 
Security Controls – What Works
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Handling Security Incidents
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Incidence Response & Computer Forensics, Second Edition
Disaster Prevention and Recovery. Team Members   Gwenn Cooper   Kristy Short   John knieling   Carissa Vancleave   Matthew Owens.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Lecture 11 Reliability and Security in IT infrastructure.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Computer Security: Principles and Practice
 What is incident handling?  Why is it important?  What is an incident?  Fundamentals  The Six Step process  Legal issues.
Session 3 – Information Security Policies
Topics in Information Security Prof. JoAnne Holliday Santa Clara University.
Network security policy: best practices
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Ensuring Information Security
Guide to Network Defense and Countermeasures Second Edition Chapter 8 Intrusion Detection: Incident Response.
Incident Response Updated 03/20/2015
APA of Isfahan University of Technology In the name of God.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Security of Data. Key Ideas from syllabus Security of data Understand the importance of and the mechanisms for maintaining data security Understand the.
PC Repair Fundamentals 1. Objectives Learn about tools you’ll need as a computer support technician Learn how to develop a preventive maintenance plan.
Intrusion Detection MIS ALTER 0A234 Lecture 11.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Assuring Reliable and Secure IT Services Chapter 6.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
PROCESS OF CONDUCTING A DOS/IDS INCIDENT ANALYSIS
Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.
Incident Response And a debrief of UNM’s response to the Heartbleed vulnerability 1 Presented by: Michael Burlison, Information Security Analyst – CISSP,
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Information Systems Security Operational Control for Information Security.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
What does secure mean? You have been assigned a task of finding a cloud provider who can provide a secure environment for the launch of a new web application.
Information Systems Security Operations Security Domain #9.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Guide to Network Defense and Countermeasures
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.
Appendix C: Designing an Operations Framework to Manage Security.
Note1 (Admi1) Overview of administering security.
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
INFORMATION SECURITY MANAGEMENT L ECTURE 3: P LANNING FOR C ONTINGENCIES You got to be careful if you don’t know where you’re going, because you might.
1 Intrusion Detection Methods “Intrusion detection is the process of identifying and responding to malicious activity targeted at computing and networking.
MIS 7003 MIS Core Course The MBA Program The University of Tulsa Professor: Akhilesh Bajaj Security: Personal & Business © Akhilesh Bajaj 2004,2005, 2007,
Chapter 16 Presented By: Stephen Lambert Disaster Recovery and Business Continuity.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Incident Response Christian Seifert IMT st October 2007.
MANAGING INCIDENT RESPONSE By: Ben Holmquist. 2 Outline Key Terms and Understanding Personnel and Plan Preparation Incident Detection Incident Response.
2015 TCPA WASHINGTON SUMMIT | SEPT. 27TH-29TH | WASHINGTON DC The Anatomy of a Breach Phillip Naples, Pritchard & Jerden, Inc. Jeremy Henley, ID Experts.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Contingency Management Indiana University of Pennsylvania John P. Draganosky.
1. Definition : Malicious code refers to a program that is covertly inserted into another program with the intent to Malicious activities. 2.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Washington State Auditor’s Office Cybersecurity Preparing for the Inevitable Washington State Auditor’s Office Peg Bodin, CISA, Local IS Audit Manager.
Security Incident Handling
WSU IT Risk Assessment Process
ISSeG Integrated Site Security for Grids WP2 - Methodology
Responding to Intrusions
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Tool Server Workstation Router Universal
Lesson 16-Windows NT Security Issues
Bethesda Cybersecurity Club
Intrusion Detection system
G061 - Network Security.
Presentation transcript:

FORESEC Academy FORESEC Academy Security Essentials (II)

FORESEC Academy Agenda  What is incident handling?  Why is it important?  What is an incident?  Fundamentals  The Six Step process  Legal issues

FORESEC Academy Incident Handling  Incident Handling is an action plan for dealing with intrusions, cyber-theft, denial of service, malicious code, fire, floods, and other security-related events  Having procedures and policy in place so you know what to do when an incident occurs

FORESEC Academy Why is it Important?  Sooner or later an incident is going to occur. Do you know what to do?  It is not a matter of “if” but “when”  Planning is everything  Similar to backups - You might not use it every day, but if a major problem occurs you are going to be glad that you did

FORESEC Academy Legal Aspects of Incident Handling  Plans, policies and procedures developed for incident handling must comply with applicable laws.  This is not a legal course, have them reviewed by legal counsel.

FORESEC Academy What is an Incident?  An “incident” is an adverse event in an information system, and/or network, or the threat of the occurrence of such an event.  Incident implies harm, or the attempt to do harm - Incident handler reduces or minimizes harm  The fact that an incident has occurred may mean a law has been broken

FORESEC Academy Types of Incidents  Bombings, Explosions  Earthquakes, Fires, Floods  Power outages, Storms  Hardware/software failures  Strikes, Employees unavailable  Hazard material spills  Cyber-theft, Intellectual property theft  Viruses, worms or other malicious software  Unauthorized use  Intrusions, Internal or external attack  Denial of Service.

FORESEC Academy What is an Event?  An “event” is any observable occurrence in a system and/or network  Examples of events include: - the system boot sequence - a system crash - packet flooding within a network  These observable events compose an incident  All incidents are composed of events, but not all events are incidents

FORESEC Academy Examples of an Incident  Which of the following is an incident: 1. An attacker running NetBIOS scans against a Unix system. 2. An attacker exploiting Sendmail on a Unix system. 3. A backup tape containing sensitive information is missing.

FORESEC Academy Overview of the Incident Handling Process Incident Handling is similar to first aid. The caregiver tends to be under pressure and mistakes can be very costly. A simple, well- understood approach is best. Keep the six stages, (preparation, detection, containment, eradication, recovery, and follow-up) in mind. Use pre-designed forms, and call on others for help.

FORESEC Academy Incident Handling - 6 Steps  Preparation  Identification  Containment  Eradication  Recovery  Lessons Learned

FORESEC Academy Preparation  Planning is everything  Policy - Organizational approach - Inter-organization  Obtain management support  Select team members  Identify contacts in other organizations (legal, law enforcement)

FORESEC Academy Preparation (2)  Update disaster recovery plan  Compensate team members  Provide checklists and procedures  Have emergency communications plan  Escrow passwords and encryption keys  Provide training  Have a jump bag with everything you need to handle an incident

FORESEC Academy Identification  How do you identify an incident  Be willing to alert early but do not jump to a conclusion - “Boy that cried wolf” syndrome - Look at all of the facts  Notify correct people  Utilize help desk to track trouble tickets to track the problem

FORESEC Academy Signs of an Incident  IDS tool has an alert  Unexplained entries in a log file  Failed events, such as logon  Unexplained events (new accounts)  System reboots  Poor performance

FORESEC Academy Identification (2)  Assign a primary handler  Determine whether an event is an incident  Identify possible witnesses and evidence  Make a clean backup of the system

FORESEC Academy Containment  An incident handler should not make things worse, liability and negligence  Secure the area  Make a backup  Possibly pull the system off the network  Change passwords

FORESEC Academy Eradication  Must fix problem before putting it back online  Determine cause and symptom  Improve defenses  Perform vulnerability analysis

FORESEC Academy Recovery  Make sure you do not restore compromised code  Validate the system  Decide when to restore operations  Monitor the systems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.