IS 4220 FINAL

incident response
Click the card to flip 👆
1 / 42
Terms in this set (42)
incident response
combination of policy and procedure
- different orgs may set theirs up differently
- document everything
- treat every incident as if its going to court
- preparation is key
priorities
1. protect human life
2. protect org's operations, restricted data, prevent exploits
3. protect limited access of data
4. prevent damage to org's systems
5. minimize disruption of resources
ir procedure
1. incident reported/discovered
2. evidence acquisition and preservation
3. analysis
4. preliminary findings report
5. follow up analysis
6. final findings report
- repeat 2-5
csirt leadership
has complete ownership for ensuring that IR efforts are conducted properly
core IR team
comprised of org and personnel that are the forefront of IR efforts
extended IR team
comprised of org and personnel that engage their expertise during IR efforts
external IR team
external to org that may be called to provide support in response to incident
disaster recovery
plan developed to help an org mitigate the effects of a disaster
- expected that the org would be functioning in a degraded state
business continuity planning
provide immediate and appropriate response to emergency situations
bcp steps
1. develop the continuity plan policy statement
2. conduct the BIA
3. ID preventative controls
4. develop recovery strategies
5. develop the contingency plan
6. test the plan and conduct trainings and exercises
7. maintain the plan
risk assessment (BIA)1: ID assets and their value 2: ID vulnerabilities and threats 3: Quantify probability and impact 4: Provide appropriate countermeasureBCP impacts1. reputation and public confidence 2. competitive advantage 3. loss in revenue and productivity 4. increased in operational expensescyberlaws and policiescreated after something bad happened - lawmakers are behind and don't understandcybercrimenot understood and hard to detect and tracelawset the minimum standard - result when society realize that certain ethical standards should be applied - takes time to be created to apply to changing techethicprovide a higher level of valueslegal lagwhen the legal institution fail to keep up with changing societal conditionscomputer crimes categories1. computer-assisted crime (financial, IP, spying) 2. computer-targeted crime (malware, unauthorized access) 3. computer is incidental (drug dealing, child porno)trade secretproprietary to a company and important for its survival and profitabilitycopyrightprotects the right of an author to control the public distribution, reproduction, display and adaption of his/her original worktrademarkused to protect a word, name, symbol, sound, shape, color, etcpatentgrants legal ownership of, and enable them to exclude others from using or copying the invention covered by itexport controlslaws which control the export of certain products and techs for strategic reasons - violators face penalties - licenses are requiredPCI DSS2004; payment card industry data security standard - secures cardholder's data when it goes on through a secure network that undergoes tests, policies, control measuresSOX2002; sarbanes-oxley act - protects investors from fraudulent accounting activities by corporationsHIPPA2003; health insurance portability and accountability act - allows one to access one health records, not othersred flag rulehelp identify identity theft - written records - make sure documents belongs to customerFERPA1974; family education rights and privacy act - fed law that protects students' educational records - specific protected rights regarding release of records that institutions need to followGLBA2003; Gramm-Leach-Billey Act - develop, implement, and maintain documented data security programGDPRGeneral Data Protection Regulation - right to data correction - tighter consent requisition - right to be forgotten - notification on data endangerment and current state - privacy by defaultcompliance programsdocumenting and proving that the controls are effective - orgs need to require/support their efforts - compliance officer is responsible for thiscompliance officercoordinates checklist of things that need to occur to provide to auditors/regulators - provides guidance on tech and business practices to ensure compliantIS auditortests to make sure that systems and processes are being done in a secure manner - some are technical and others aren'tsecurityrefers to protection against the unauthorized access of data - limits who can access the informationprivacyharder to define, in part because user-specific details can also be secured dataCambridge Analyticacompany that combines data mining and data analysis with strategic communication for the electoral processNIST Framework1. identify 2. protect 3. detect 4. respond 5. recoveridentify1. asset management 2. business environment 3. governance 4. risk assessment 5. risk management strategyprotect1. processes and procedure 2. maintenance 3. protective techdetect1. anomalies and events 2. security continuous monitoring 3. detection processesrespond1. response planning 2. communications 3. analysis 4. mitigation 5. improvementrecover1. recovery planning 2. improvement 3. communications