Incident Handling in Computer Security

Mind map of Incident Handling

Get Started. It's Free
or sign up with your email address
Rocket clouds
Incident Handling in Computer Security by Mind Map: Incident Handling in Computer Security

1. 1. Computer Security Incident

1.1. Real or suspected adverse event of computer systems or networks

1.2. Include

1.2.1. unsuccessfil login attempts

1.2.2. System and application crashes

1.2.2.1. DoS attacks

1.2.3. Unauthorized use of system

1.2.4. Unintentional modifications to SW, FW,HW...

1.2.5. Unauthorized use of other users account

1.2.6. Privilege unauthorized

1.3. major-cause

1.3.1. Human interface

2. 2. Data Clasification

2.1. Level of sensitivity

2.1.1. 1. Top Secret

2.1.2. 2. Confidential information

2.1.3. 3. Proprietary Information

2.1.4. 4. Information for internal use

2.1.5. 5. Public documents

3. 3. Information Warfare or Infowar

3.1. Defensive

3.1.1. Attempt to protect the information assets

3.2. Offensive

3.2.1. Electronic Jamming

3.2.2. Nano machines and Microbes

3.2.3. Malware

3.3. Refers use of information and IS

4. 4. Key Concepts IS

4.1. CIA

4.1.1. Confidentiality

4.1.1.1. Unauthorized access

4.1.2. Integrity

4.1.2.1. Alteration or corruption

4.1.3. Availability

4.1.3.1. Is up and running

4.2. Vulnerability

4.2.1. Flaw, Weakness or Bugs

4.2.1.1. ej. Weak passwords

4.3. Threat

4.3.1. Event, person or circumstance

4.3.1.1. ej. Disclosure of personal information

4.4. Attack

4.4.1. Exploiting or action

4.4.1.1. ej. DoS or DDoS

5. 5. Types of Incidents

5.1. Malicious Code

5.1.1. Malware

5.1.1.1. ej. Worms, Troyan, Viruses, Ramsomware...

5.2. Unauthorized access

5.2.1. Escalate privileges

5.2.1.1. ej. Pass of Guest to Administrator in Operative System

5.3. Unauthorized use of Services

5.3.1. Transfer files or dirs to another organization's domain

5.4. Fraud and theft

5.4.1. Exploited by automating trandional methods of fraud

5.4.1.1. ej. Phising or Pharming attack

5.5. Espionage

5.5.1. Stealing information with negatively impacting its reputation

5.5.1.1. Confidential

5.5.1.2. Proprietary

5.5.1.3. Top Secret

5.6. Employee sabotage and abuse

5.6.1. action to abuse system

5.6.1.1. ej. Modified System, Software, Firmware o Hardware...

5.7. DoS Attack

5.7.1. attemp to prevent authorized usage

5.7.1.1. System

5.7.1.2. Networks

5.7.1.3. Apps

5.8. Misuse

5.8.1. accomplish personal benefits

5.8.1.1. ej. Pirated software

6. 6. Signs Incident

6.1. Detecting and assessing incidents

6.2. Typical Indications

6.2.1. Alarm or Event in IDS

6.2.1.1. security team reacts

6.2.2. Attempt to logon new user

6.2.3. System Crashes or poor system performance

6.2.4. Unauthorized operation program

6.2.4.1. ej. Sniffer

6.2.5. Suspicious entries

6.2.5.1. Network

6.2.5.2. System

6.2.5.3. other accounting inconsistencies

6.3. Categories

6.3.1. Precursor

6.3.1.1. Sign of the future

6.3.1.1.1. ej. Hacktivist group

6.3.1.1.2. Use of vulnerability scanner (ej. Nessus)

6.3.1.1.3. New found of vulnerability

6.3.1.2. possibility occurrence

6.3.1.3. proactive focus

6.3.2. Indications

6.3.2.1. Sign that have already occurred or in progress

6.3.2.1.1. Antivirus software alert

6.3.2.1.2. Logs of IDS or IPS

6.3.2.1.3. Detection of network traffic capturing

6.3.2.1.4. Network slowdown

6.3.2.1.5. Unusual occurrence or patherns

6.3.2.1.6. Report malicious email

6.3.2.2. reactive focus

6.4. Incident Categories

6.4.1. According to

6.4.1.1. Severity

6.4.1.2. Origin

6.4.2. Levels

6.4.2.1. Low

6.4.2.1.1. least severe kind

6.4.2.2. Middle

6.4.2.2.1. more serius

6.4.2.3. High

6.4.2.3.1. most severe kind

6.4.3. Incident Priorization

6.4.3.1. Two factors

6.4.3.1.1. Criticality of the affected resources

6.4.3.1.2. Technical effect

6.4.3.2. most function critical for the incident handling

6.4.3.3. reduce the impact of business and minimize of losses

6.4.3.4. Impact Business

7. 8. Incident Handling

7.1. Help to find out threads and partter

7.2. Help in...

7.2.1. prevention

7.2.2. containment

7.2.3. recovery

7.3. Refers to a set to procedures and policies

7.4. Handle unexpexcted threats and security breaches

7.5. Includes activities

7.5.1. prior to, during and after

7.5.1.1. Host, webstite or network, asset of information

7.6. Estimating Cost

7.6.1. Tangible

7.6.1.1. Loss productivity hours

7.6.1.2. Investigation and recovery efforts

7.6.1.3. Loss or thetf of resources

7.6.1.4. Loss of business

7.6.2. Intangible

7.6.2.1. damage to corporate recuperation

7.6.2.2. Lost of goodwill

7.6.2.3. Phycological damage

7.6.2.3.1. Those directly impacted me feel victimized

7.6.2.3.2. May impact moral and initiate fear

7.6.2.4. Legal liability

7.6.2.5. Damages of the shareholder value

7.7. Involes all the processes

7.7.1. Logistics

7.7.2. Communication

7.7.3. Coordination

7.7.4. Planning

8. 7. Incident Response

8.1. Computer System is compromised

8.2. Structured approach to address and manage various

8.3. Goal

8.3.1. Handle the security incident

8.3.1.1. reduces the damage

8.3.1.2. minimizes the cost and time

8.3.1.3. recover from incident

8.4. Depends

8.4.1. actions to minimize the damage

8.4.2. restore resources

8.5. Includes

8.5.1. Step by step response

8.5.2. Recovery resulting from interruption in services

8.5.3. Preparing for handling future incident

8.5.4. Legal preparedness for issues

9. Information as Business Asset

9.1. important for any business process

9.1.1. ej. patent information, trade secret, employee information

10. Common Terminologies

10.1. Information System

10.1.1. Input data, processing and output information for achieve goals

10.2. Information Owner

10.2.1. Creating

10.2.2. Storing

10.2.3. Control access

10.3. Information Custodian

10.3.1. Implementing

10.3.2. Security measures

11. 9. Incident Reporting

11.1. Reported to

11.1.1. CERT Coordination Center

11.1.2. Site Security agencies (ej, FBI, USSS ECB

11.2. Process of reporting information of incident

11.3. Encountered by user

11.3.1. Intensity of the security breach

11.3.2. Circunstances

11.3.3. Shortcomings in the desing and impact

11.3.4. Entry logs

11.3.5. Correct time-zone of the region and synchronization of system affected

11.4. Incident Reporting Organizations

11.4.1. CERT

11.4.2. CSIRT

11.4.3. FIRST

11.4.4. CIRT

11.4.5. IRC

11.4.6. SERT

11.4.7. SIRT

11.4.8. IAIP

11.4.9. CERT/CC

11.4.10. ISAC