Incident Handling in Computer Security

Mind map of Incident Handling

Get Started. It's Free
or sign up with your email address
Incident Handling in Computer Security by Mind Map: Incident Handling in Computer Security

1. 1. Computer Security Incident

1.1. Real or suspected adverse event of computer systems or networks

1.2. Include

1.2.1. unsuccessfil login attempts

1.2.2. System and application crashes DoS attacks

1.2.3. Unauthorized use of system

1.2.4. Unintentional modifications to SW, FW,HW...

1.2.5. Unauthorized use of other users account

1.2.6. Privilege unauthorized

1.3. major-cause

1.3.1. Human interface

2. 2. Data Clasification

2.1. Level of sensitivity

2.1.1. 1. Top Secret

2.1.2. 2. Confidential information

2.1.3. 3. Proprietary Information

2.1.4. 4. Information for internal use

2.1.5. 5. Public documents

3. 3. Information Warfare or Infowar

3.1. Defensive

3.1.1. Attempt to protect the information assets

3.2. Offensive

3.2.1. Electronic Jamming

3.2.2. Nano machines and Microbes

3.2.3. Malware

3.3. Refers use of information and IS

4. 4. Key Concepts IS

4.1. CIA

4.1.1. Confidentiality Unauthorized access

4.1.2. Integrity Alteration or corruption

4.1.3. Availability Is up and running

4.2. Vulnerability

4.2.1. Flaw, Weakness or Bugs ej. Weak passwords

4.3. Threat

4.3.1. Event, person or circumstance ej. Disclosure of personal information

4.4. Attack

4.4.1. Exploiting or action ej. DoS or DDoS

5. 5. Types of Incidents

5.1. Malicious Code

5.1.1. Malware ej. Worms, Troyan, Viruses, Ramsomware...

5.2. Unauthorized access

5.2.1. Escalate privileges ej. Pass of Guest to Administrator in Operative System

5.3. Unauthorized use of Services

5.3.1. Transfer files or dirs to another organization's domain

5.4. Fraud and theft

5.4.1. Exploited by automating trandional methods of fraud ej. Phising or Pharming attack

5.5. Espionage

5.5.1. Stealing information with negatively impacting its reputation Confidential Proprietary Top Secret

5.6. Employee sabotage and abuse

5.6.1. action to abuse system ej. Modified System, Software, Firmware o Hardware...

5.7. DoS Attack

5.7.1. attemp to prevent authorized usage System Networks Apps

5.8. Misuse

5.8.1. accomplish personal benefits ej. Pirated software

6. Information as Business Asset

6.1. important for any business process

6.1.1. ej. patent information, trade secret, employee information

7. Common Terminologies

7.1. Information System

7.1.1. Input data, processing and output information for achieve goals

7.2. Information Owner

7.2.1. Creating

7.2.2. Storing

7.2.3. Control access

7.3. Information Custodian

7.3.1. Implementing

7.3.2. Security measures

8. 6. Signs Incident

8.1. Detecting and assessing incidents

8.2. Typical Indications

8.2.1. Alarm or Event in IDS security team reacts

8.2.2. Attempt to logon new user

8.2.3. System Crashes or poor system performance

8.2.4. Unauthorized operation program ej. Sniffer

8.2.5. Suspicious entries Network System other accounting inconsistencies

8.3. Categories

8.3.1. Precursor Sign of the future ej. Hacktivist group Use of vulnerability scanner (ej. Nessus) New found of vulnerability possibility occurrence proactive focus

8.3.2. Indications Sign that have already occurred or in progress Antivirus software alert Logs of IDS or IPS Detection of network traffic capturing Network slowdown Unusual occurrence or patherns Report malicious email reactive focus

8.4. Incident Categories

8.4.1. According to Severity Origin

8.4.2. Levels Low least severe kind Middle more serius High most severe kind

8.4.3. Incident Priorization Two factors Criticality of the affected resources Technical effect most function critical for the incident handling reduce the impact of business and minimize of losses Impact Business

9. 8. Incident Handling

9.1. Help to find out threads and partter

9.2. Help in...

9.2.1. prevention

9.2.2. containment

9.2.3. recovery

9.3. Refers to a set to procedures and policies

9.4. Handle unexpexcted threats and security breaches

9.5. Includes activities

9.5.1. prior to, during and after Host, webstite or network, asset of information

9.6. Estimating Cost

9.6.1. Tangible Loss productivity hours Investigation and recovery efforts Loss or thetf of resources Loss of business

9.6.2. Intangible damage to corporate recuperation Lost of goodwill Phycological damage Those directly impacted me feel victimized May impact moral and initiate fear Legal liability Damages of the shareholder value

9.7. Involes all the processes

9.7.1. Logistics

9.7.2. Communication

9.7.3. Coordination

9.7.4. Planning

10. 7. Incident Response

10.1. Computer System is compromised

10.2. Structured approach to address and manage various

10.3. Goal

10.3.1. Handle the security incident reduces the damage minimizes the cost and time recover from incident

10.4. Depends

10.4.1. actions to minimize the damage

10.4.2. restore resources

10.5. Includes

10.5.1. Step by step response

10.5.2. Recovery resulting from interruption in services

10.5.3. Preparing for handling future incident

10.5.4. Legal preparedness for issues

11. 9. Incident Reporting

11.1. Reported to

11.1.1. CERT Coordination Center

11.1.2. Site Security agencies (ej, FBI, USSS ECB

11.2. Process of reporting information of incident

11.3. Encountered by user

11.3.1. Intensity of the security breach

11.3.2. Circunstances

11.3.3. Shortcomings in the desing and impact

11.3.4. Entry logs

11.3.5. Correct time-zone of the region and synchronization of system affected

11.4. Incident Reporting Organizations

11.4.1. CERT

11.4.2. CSIRT

11.4.3. FIRST

11.4.4. CIRT

11.4.5. IRC

11.4.6. SERT

11.4.7. SIRT

11.4.8. IAIP

11.4.9. CERT/CC

11.4.10. ISAC