Incident Response and Handling (Cont'd)

Get Started. It's Free
or sign up with your email address
Rocket clouds
Incident Response and Handling (Cont'd) by Mind Map: Incident Response and Handling (Cont'd)

1. Help you to

1.1. Detect

1.2. Identify

1.3. Respond

1.4. Manage

2. How to identify an Incident?

2.1. Suspicious log entries

2.2. IDS/IPS generates an alarm

2.3. Suspicious files or unknown file extensions

2.4. Modified files or folders

2.5. Unusual services running or ports opened

2.6. Unusual System behavior

2.7. Icons of drive changed or not accessible

2.8. Number of packets are more

3. Basic Functions

3.1. 1. Reporting

3.2. 2. Analysis

3.3. 3. Response

4. Is a set of procedures

5. Advantages

5.1. Procedures that can be followed

5.2. Saves time, investment and effort

5.3. Learn lessons and minimize the losses

5.4. Skills and technologies

5.5. Saves legal consequences

5.6. Determine patterns

6. Need for Incident Response

6.1. Required to:

6.1.1. Identify the attacks

6.1.2. Protect System

6.1.3. Protect personnel

6.1.4. Efficiently use the resources

6.1.5. Deal with legal issues

6.2. Purpose

6.2.1. personnel to

6.2.1.1. quicklly

6.2.1.1.1. recover

6.2.1.2. efficiently

6.3. Systematic process

7. Goals

7.1. Examining incident

7.2. Limiting the impact

7.3. Preventing future attacks

7.4. Supporting enhancement of accurate information

7.5. Creating guidelines and control measures

7.6. Safeguarding privacy rights

7.7. Identify illegal activity

7.8. Providing useful recommendations

7.9. Swift detection, reporting, contaimment and recovery

7.10. Limiting the exposure and compromise

7.11. Securing the organization's reputation and assets

8. The Plan

8.1. Set of instructions to detect and respond to an incident

8.2. Defines responsibilities and procedures

8.3. Covers:

8.3.1. How information is passed

8.3.2. Assessment

8.3.3. Minimizing damage and response strategy

8.3.4. Documentation

8.3.5. Preservation

8.3.6. Reporting of incident

8.3.7. Restoration of system and resource

8.4. Provide details of

8.4.1. Members involved

8.4.2. Roles and responsabilities

8.4.3. Policies and Procedures

8.4.4. Decision making process

8.5. Purpose

8.5.1. Identify the scope and intesity

8.5.2. Safeguard the sensitive information stored

8.5.3. Secure the networks and systems

8.5.4. Recover the systems affected

8.5.5. Gather information

8.5.6. Take legal action against the offenders

8.6. Requirements

8.6.1. Expert teams (CERT or CSIRT)

8.6.2. Legal review and approved strategy

8.6.3. Company financial support

8.6.4. Executive/upper management support

8.6.5. Support from the top management

8.6.6. Corrective action plan

8.6.7. Physical resources

8.6.7.1. Data Storage devices

8.6.7.2. Support systems

8.6.7.3. BackUp Apps

9. Preparation

9.1. Most important aspect to respond

9.2. The success depends the pre-incident preparation

9.3. The strategies include

9.3.1. Examining security measures

9.3.2. Employing IDS/IPS and Firewall

9.3.3. Establishing access controls

9.3.4. Vulnerability assessments

9.3.5. Performing regular backups

9.3.6. Creating access control

9.3.7. Baseline

9.3.8. Updating patches and antimalware solution

9.3.9. Establishing communication plans

9.3.10. Maintaining audit trail

9.4. Team includes

9.4.1. Hardware, SW, FW...

9.4.2. Requirement of documents

9.4.3. Policies and operating procedures for Backup and recovery

9.4.4. Traigning programs

9.4.5. Documents incluiding forms and reports

10. Steps

10.1. 1. Identification

10.2. 2. Incident Recording

10.3. 3. Initial Response

10.4. 4. Communicating the incident

10.5. 5. Containment

10.6. 6. Formulating a response Strategy

10.7. 7. Incident Clasification

10.8. 8. Incident Investigation

10.9. 9. Data Colletion

10.10. 10. Forensic Analysis

10.11. 11. Evidence Protection

10.12. 12. Notifying External Agencies

10.13. 13. Erradication

10.14. 14. System Recovery

10.15. 15. Incident Documentation

10.16. 16. Incident Damage and Cost Assessment

10.17. 17. Review and Update the Response Policies