Week 7 Discussion Post

 In week 7, analyze the impact that business continuity planning has on risk management.   You must use at least one scholarly resource. Every discussion posting must be properly APA formatted. 

500 words

Don't use plagiarized sources. Get Your Custom Essay on
Week 7 Discussion Post
Just from $13/Page
Order Essay

CHAPTER 15

Mitigating Risk with a Computer Incident Response Team Plan

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

.

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Learning Objective(s) and Key Concepts
Perform business continuity, disaster, and incident response planning.

Definition of a computer incident response team (CIRT) plan
Purpose of a CIRT plan
Elements of a CIRT plan
How a CIRT plan can mitigate an organization’s risk
Best practices for implementing a CIRT plan
Learning Objective(s)
Key Concepts

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Computer Security Incident

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
A violation or imminent threat of a violation of a security policy or security practice

Examples

Denial of service (DoS) attack

Malicious code

Unauthorized access

Inappropriate usage

Multiple component

What Is a Computer Incident Response Team Plan?

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Computer incident response team (CIRT)

A group of people who respond to incidents

A CIRT plan

Formal document that outlines an organization’s response to computer incidents

Formally defines a security incident

May designate the CIRT team

Purpose of a CIRT Plan

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Helps organizations identify and prepare for computer incidents

Applies critical thinking to solve potential problems

Helps develop best responses to reduce damage

Outlines the purpose of the response effort

The five Ws: what, where, who, when, and why

Growth of Incidents
1988 – one incident was news
2003 – 137,529 incidents
Today – off the charts

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Elements of a CIRT Plan
CIRT members
IT staff and security professionals who understand risks and threats posed to networks and systems
Roles, responsibilities, and accountabilities
CIRT policies
Incident handling process
Communication escalation procedures
Incident handling procedures

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
CIRT Members

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Team leader

Information security members

Network administrators

Physical security personnel

Legal

Human resources (HR)

Communications

Responsibilities

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Developing incident response procedures

Investigating incidents

Determining the cause of incidents

Recommending controls to prevent future incidents

Protecting collected evidence

Using a chain of custody

Accountabilities

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Accountable to the organization to provide a proactive response to any incident

Expected to minimize the impact of any incident

Expected to keep up to date on security threats and possible responses

Dedication on the part of each team member

CIRT Policies
May be simple statements or contained in appendixes at the end of the plan
Provide the team with guidance in the midst of an incident
Primary policy to consider: whether or not CIRT members can attack back
Best practice is not to escalate an attack into a two-sided conflict
Leave retribution to law enforcement.
Other policies may be related to:
Evidence
Communications
Safety

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Incident Handling Process
Four phases defined by NIST SP 800-61

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Handling DoS Attack Incidents
DoS attacks attempt to prevent a system or network from providing a service by overwhelming it to consume its resources.
Indications that a DoS attack is occurring:
User reports of system unavailability
Intrusion detection system (IDS) alerts on the attack
Increased resource usage on the attacked system
Increased traffic through the firewall to the attacked system
Unexplained connection losses
Unexplained system crashes
Suspected attack can be confirmed by reviewing available logs

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Handling DoS Attack Incidents (Cont.)
Distributed denial of service (DDoS) attack from a botnet
What are the implications on the attacked server?

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Handling Malware Incidents
Primary protection is antivirus software
Secondary protection is to train and educate users
Create checklists that identify what users should do if their systems are infected
If malware infects an email server, isolate the server
Configure web browsers and email readers to prevent the execution of malicious mobile code

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Viruses

Worms

Mobile code

Trojan horses

Handling Unauthorized Access Incidents
Examples:
Viewing or copying sensitive data without authorization
Using social engineering
Guessing or cracking passwords and logging on with these credentials
Running a packet sniffer, such as Wireshark, to capture data transmitted on the network
Hardening steps:
Reducing the attack surface
Keeping systems up to date
Enabling firewalls
Enabling IDSs

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Handling Inappropriate Usage Incidents
Examples:
Spamming coworkers
Accessing websites that are prohibited
Circumventing security policies
Using file sharing or P2P programs
Sending files with sensitive data outside the organization
Launching attacks from within the organization against other computers
Means of prevention:
Security policies and acceptable use policies (AUPs)
Alerts
Log reviews
Reports by other users
Data loss prevention (DLP) software

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Handling Multiple Component Incidents
Multiple component incident is a single incident that includes two or more other incidents, which are related to each other but not always immediately apparent
Steps to take:
Identify the root cause of an incident.
Remote the root cause, if possible.

Example:
Incident 1: A user opens a malicious email attachment infects the system.
Incident 2: The malware releases a worm that infects other computers on the network.
Incident 3: The malware contacts a server, which forms a botnet. Infected systems on the network find other systems to infect.

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Communication Escalation Procedures
Escalation
When someone determines an event is an incident and declares it
One of the first steps is to recall one or more CIRT members
If the incident is worse than expected:
CIRT member can escalate the response
Organization can activate the full CIRT
If ordinary communications are hampered:
CIRT members can be issued push-to-talk phones or walkie-talkies
A war room can be set up for face-to-face communications

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Incident Handling Procedures

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Calculating the impact and priority

Using a generic checklist

Handling DoS attack incidents

Handling malware incidents

Handling unauthorized access incidents

Handling inappropriate usage incidents

Calculating the Impact and Priority (Example)
Current effect rating
Minimal because the attack is currently affecting only one web server in the web farm. Score of 10. This rating will be used for 25 percent, or one-quarter, of the overall impact score (10 × .25 = 2.5).
Projected effect rating
Medium because the attack has the potential to spread to more web servers in the web farm. Score of 50. This rating will be used for 25 percent, or one-quarter, of the overall impact score (50 × .25 = 12.5).
Criticality rating
Medium because the web server does affect a mission-critical system in a single location. Score of 50. This rating will be used for 50 percent, or one-half, of the overall impact score (50 × .50 = 25).

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Calculating the Impact and Priority (Example) (Cont.)
The following formula can then be used to determine the impact:
(Current effect rating × .25) + (Projected effect rating × .25) + (Criticality rating × .50)
(10 × .25) + (50 × .25) + (50 × .50)
2.5 + 12.5 + 25
Incident impact score = 40

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

Using a Generic Checklist
Verify that an incident has occurred
Determine the type of incident
Determine the impact or potential impact of the incident
Report the incident
Acquire any available evidence on the incident
Contain the incident
Eradicate the incident
Recover from the incident
Document the incident

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Handling DoS Attack Incidents

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Containment

Add filters at routers or firewalls to block the traffic based on the IP address, port, or protocol used in the attack

Recovery

Repair and test the affected system

Contact the Internet service provider (ISP)

Eradication

Identify vulnerabilities and take steps to mitigate them

Handling Malware Incidents

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Containment

Identify infected systems

Eradication

Run full scans on systems

Recovery

Replace deleted or quarantined files needed for system operation

Disconnect them from the network

Determine why antivirus software didn’t detect the malware

Remove all elements of the malware from the system

Disinfect, quarantine, or delete infected files

Verify the system is no longer infected

Run another full scan before returning the system to operation

Handling Unauthorized Access Incidents

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Containment

Eradication

Recovery

Identify and isolate attacked system from the network

Block all traffic at firewall; log attempts to connect

Disable internal account (if source) and verify least privilege

Identify weaknesses that allowed attack to succeed

Verify system hardening

Disable/delete addl accounts created during attack

Resolve vulnerabilities

Reconnect, verify, and test systems

Consider adding monitoring, such as an IDS

Handling Inappropriate Usage Incidents

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Containment

Eradication

Recovery

Disable user’s account until management takes action

Require specific user training before access is returned

Document activity in employee’s record

Enable account after appropriate action has been completed

How Does a CIRT Plan Mitigate an Organization’s Risk?

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Quick and focused response to incidents

Clearly defined roles and responsibilities

Enhanced understanding of needed skills

Enhanced ability to respond to threats and attacks

Best Practices for Implementing a CIRT Plan

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com
Define a computer security incident

Include policies in CIRT plan to guide members

Provide training

Develop CIRT checklists

Subscribe to security notifications

Summary
Definition of a computer incident response team (CIRT) plan
Purpose of a CIRT plan
Elements of a CIRT plan
How a CIRT plan can mitigate an organization’s risk
Best practices for implementing a CIRT plan

Copyright © 2022 by Jones & Bartlett Learning, LLC an Ascend Learning Company. www.jblearning.com

10/11/2020
30

Calculate your order
Pages (275 words)
Standard price: $0.00
Client Reviews
4.9
Sitejabber
4.6
Trustpilot
4.8
Our Guarantees
100% Confidentiality
Information about customers is confidential and never disclosed to third parties.
Original Writing
We complete all papers from scratch. You can get a plagiarism report.
Timely Delivery
No missed deadlines – 97% of assignments are completed in time.
Money Back
If you're confident that a writer didn't follow your order details, ask for a refund.

Calculate the price of your order

You will get a personal manager and a discount.
We'll send you the first draft for approval by at
Total price:
$0.00
Power up Your Academic Success with the
Team of Professionals. We’ve Got Your Back.
Power up Your Study Success with Experts We’ve Got Your Back.
error: Content is protected !!
Live Chat+1(978) 822-0999EmailWhatsApp

Order your essay today and save 20% with the discount code ORIGINAL