"Information Security: Agencies Need to Improve Implementation of Federal Approach to Securing Systems and Protecting against Intrusions" Identify and analyze the incident or security event. Elaborate on the business response and recovery of the incident. Explain the impact on business continuity and operations. Provide feedback on what could have been done differently.
Added by Lorenzo S.
Step 1
This could involve unauthorized access to sensitive data, malware infections, or denial-of-service attacks. The analysis should focus on the vulnerabilities exploited, the methods used by attackers, and the specific systems or data that were compromised. Show more…
Show all steps
Your feedback will help us improve your experience
Sri K and 91 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
Planning and preparing for the unexpected, especially in response to a security incident, is one of the greatest challenges faced by information technology professionals today. An incident is described as any violation of policy, law, or unacceptable act that involves information assets. Incident Response (IR) teams should be evaluating themselves on metrics, such as incident detection or dwell time, to determine how quickly they can detect and respond to incidents in the environment. In a recent year, an institute surveyed organizations about internal response capabilities. The frequency distribution that summarizes the average time organizations took to detect incidents is given below.
Sri K.
Study the following scenario and discuss and determine the incident response handling questions that should be asked at each stage of the incident response process. Consider the details of the organization and the CSIRC when formulating your questions. This scenario is about a small, family-owned investment firm. The organization has only one location and fewer than 100 employees. On a Tuesday morning, a new worm is released; it spreads itself through removable media, and it can copy itself to open Windows shares. When the worm infects a host, it installs a DDoS agent. It was several hours after the worm started to spread before antivirus signatures became available. The organization had already incurred widespread infections. The investment firm has hired a small team of security experts who often use the diamond model of security incident handling. Preparation:____________________________________________
Akash M.
On a Thursday afternoon, a network intrusion detection sensor records vulnerability scanning activity directed at internal hosts that is being generated by an internal IP address. Because the intrusion detection analyst is unaware of any authorized, scheduled vulnerability scanning activity, she reports the activity to the incident response team. When the team begins the analysis, it discovers that the activity has stopped and that there is no longer a host using the IP address. The following are additional questions for this scenario: 1. What data sources might contain information regarding the identity of the vulnerability scanning host? 2. How would the team identify who had been performing the vulnerability scans? 3. How would the handling of this incident differ if the vulnerability scanning were directed at the organization's most critical hosts? 4. How would the handling of this incident differ if the vulnerability scanning were directed at external hosts? 5. How would the handling of this incident differ if the internal IP address was associated with the organization's wireless guest network? 6. How would the handling of this incident differ if the physical security staff discovered that someone had broken into the facility half an hour before the vulnerability scanning occurred?
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
18,000,000+
Students on Numerade
Trusted by students at 8,000+ universities
Watch the video solution with this free unlock.
EMAIL
PASSWORD