Chapter 2 Incident Response Management Handbook Spring 2016 - Incident Response & Computer Forensics.

Slides:

Advertisements

Similar presentations

Identifying and Responding to Security Incidents in the Law Firm

Advertisements

14 September Digital Investigations With the proliferation of devices, do organisations really know where their most sensitive data is held? Companies.

Systems Availability and Business Continuity Chapter Four Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc

Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

Forensic and Investigative Accounting

By Drudeisha Madhub Data Protection Commissioner Date:

Cyber Security Finance Forum 2012 Michael DuBose Managing Director & Practice Leader Cyber Investigations.

Guide to Computer Forensics and Investigations, Second Edition

Securing Information Systems

General Awareness Training

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

Cybersecurity and the Department of Justice Vincent A. Citro, Assistant United States Attorney July 9-10, 2014 Unclassified – For Public Use.

Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

Undergraduate Technology Programs John Baker Johns Hopkins University Carey Business School

Unethical use of Computers and Networks

Cloud computing is a technological advancement that can be advantageous to credit unions because of potential benefits such as: cost reduction, flexibility,

Corporate Information Reconnaissance Cell (CIRC).

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.

A PRACTICAL GUIDE TO RESPONDING TO A HEALTHCARE DATA SECURITY BREACH May 19, 2011 | State College, PA Matthew H. Meade Stephanie Winer-Schreiber.

Preparing for the worst,

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

COEN 252 Computer Forensics Introduction to Computer Forensics  Thomas Schwarz, S.J

Computers Computer & Internet Security How Computer Forensics Works What is the Year 2038 problem? Could hackers devastate the U.S. economy?

An Introduction to Computer Forensics Jim Lindsey Western Kentucky University September 28, 2007.

Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.

By: Megan Guild and Lauren Moore. Concept Map Mountain Stream Co. OS Active wear Computer Security Their Questions Details Examples Computer Forensics.

Forensic and Investigative Accounting Chapter 16 Cybercrime Loss Valuations © 2013 CCH Incorporated. All Rights Reserved W. Peterson Ave. Chicago,

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.

Institutional affiliation Date.  Security is very important as it keeps your secret from other know.  An insecure network exposes a business to various.

Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

1 Figure 10-4: Intrusion Detection Systems (IDSs) Actions  Alarms  Interactive analysis Manual event inspection of raw log file Pattern retrieval 

Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.

© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 1 Chapter Extension 24 Computer Crime and Forensics.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.

Chapter 1 Real World Incidents Spring Incident Response & Computer Forensics.

LIVE TALK - Security Speed Pitch di Luigi Tamburini, Product Management Team Leader Auditorium Gruppo 24 ORE Milano – 11 febbraio 2016.

Chapter 3-Auditing Computer-based Information Systems.

Forensic and Investigative Accounting Chapter 13 Computer Forensics: A Brief Introduction © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago,

Chapter 7 Live Data Collection Spring Incident Response & Computer Forensics.

Incident Response Christian Seifert IMT st October 2007.

Chapter 11 Analysis Methodology Spring Incident Response & Computer Forensics.

2015 TCPA WASHINGTON SUMMIT | SEPT. 27TH-29TH | WASHINGTON DC The Anatomy of a Breach Phillip Naples, Pritchard & Jerden, Inc. Jeremy Henley, ID Experts.

Intrusion Detection MIS ALTER 0A234 Lecture 1.

Welcome Information Security Office Services Available to Counties Security Operations Center Questions.

S ECURE E-S YSTEMS AS A COMPETITIVE ADVANTAGE IN A GLOBAL MARKETS By Cade Zvavanjanja Cybersecurity Strategist By Cade Zvavanjanja Cybersecurity Strategist.

Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.

Prof. I. J. Chung Dept. of Computer & Information Science, Korea Univ. 컴퓨터와 인터넷 윤리 Professor I. J. Chung.

Cybersecurity First Principles

Information Technology Controls

Responding to Intrusions

Putting It All Together

Putting It All Together

CYBER CRIME Matthew Purchase.

Introduction to Computer Forensics

Chapter 5 Image Restoration.

Introduction to Digital Forensics

Enhanced alerting and collaborative incident management

1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.

Incident response and intrusion detection

Effective Risk Management in Decision Making Process

Lethal Agents Introduction.

Security intelligence: solving the puzzle for actionable insight

Anatomy of a Common Cyber Attack

Presentation transcript:

Chapter 2 Incident Response Management Handbook Spring Incident Response & Computer Forensics

What is a Computer Security Incident?  An event  Intended for causing harm  Performed by a person (i.e., not due to factors beyond one’s control)  Involves a computing resource Examples  Data theft  Theft of funds  Extortion  Unauthorized access  Presence of malware  Possession of illegal or unauthorized materials

Goals of Incident Response  Remove threats  Minimize damages  Restore normal operations quickly

Who is Involved in IR Process?  HR  IT  Legal  Business line managers  Network infrastructure  Compliance  Core investigative team

IR Process  Initial Response  Investigation  Remediation

Initial Response  Assemble the response team  Review readily available data  Determine the type of incident  Assess the potential impact

Investigation  What? How? Who? etc.  Start with initial leads  Identify systems of interest  Preserve evidence  Live response  Memory collection  Forensic disk image  Analyze data  Malware analysis  Live response analysis  Forensic examination

Remediation  Consider all aspects  Legal, business, political, technical, etc.  Time is critical  Too soon - may fail to discover some important information  Too late – may increase the damage

Reporting  Very important step  From legal and other viewpoints  Also help stay focused and perform quality investigations