In this phase of incident handling, you may need to rebuild systems using uninfected applications and data backups or clean malicious content from the systems to prevent reinfection. Planning Recovery Lessons-learned Containment
Added by Tammy L.
Step 1
Step 1: Identify the affected systems and assess the extent of the infection to determine the best recovery approach. Show more…
Show all steps
Your feedback will help us improve your experience
Haricharan Gupta and 88 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
Known as incident response, procedures for regaining control of systems and restoring operations to normalcy are the heart of the IR plan and the CSIRT's operations.
Haricharan G.
Study the following scenario and discuss and determine the incident response handling questions that should be asked at each stage of the incident response process. Consider the details of the organization and the CSIRC when formulating your questions. This scenario is about a small, family-owned investment firm. The organization has only one location and fewer than 100 employees. On a Tuesday morning, a new worm is released; it spreads itself through removable media, and it can copy itself to open Windows shares. When the worm infects a host, it installs a DDoS agent. It was several hours after the worm started to spread before antivirus signatures became available. The organization had already incurred widespread infections. The investment firm has hired a small team of security experts who often use the diamond model of security incident handling. Preparation:____________________________________________
Akash M.
The LMJ-Ad corporate management has been informed by the network administration team that there was a malware/ransomware attack and infection overnight at the system level, now spreading to the network enterprise-level, requiring the incident response team to take immediate action. The infection came from a malware attachment on a phishing email and was reported by a user with a priority trouble ticket. Initial interviews suggest the incident may have come from an internal employee. Provide an investigative report. General Incident Information Cover page Date: Incident POC Name Time: Incident POC Name Time: Incident POC Email Initial Identification Section 1.0: Date, Time, and time zone for the first detection. Section 2: Impacted Personnel: List name and contact information for any personnel involved in the detection and initial investigation. Section 3.0: Incident Detection Specific. How was the incident detected? Suspicious network traffic pattern, ransomware, or malware alerts from anti-virus/malware software? Section 4.0: Threat Identification. What do you think? Section 5: Infected Resources. List of system and network components involved, both at the system level.
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
18,000,000+
Students on Numerade
Trusted by students at 8,000+ universities
Watch the video solution with this free unlock.
EMAIL
PASSWORD