Course name and Number: ISSC 362 attack and security 1. When you are notified that a user’s workstation or system is acting strangely and log files indicate system compromise, what is the first thing you should do to the workstation or system and why? a. Disconnect from the network via unplugging the network interface and pull the power cord. Through doing this you can isolate the damage to the areas that it is located without the chances of it uploading data or changing the system during power down. 2. When an antivirus application identifies a virus and quarantines this file, does this mean the computer is free of the virus and any malicious software? b. No it does not. When the virus quarantines the file it …show more content…
e. Damaging the evidence and the logs of the evidence. 7. Why do you want to have the incident response handled by the security incident response team and not the IT organization? f. Because the IT organization isn’t trained in the forensic analysis of incidences. They would be more concerned with getting the system back up then collecting the necessary information. In doing so they would most likely contaminate the evidence beyond use. 8. Do you think it is a good idea to have a security policy that defines the incident response process in your organization? Why or why not? g. Yes I think it is a good idea. Through having a process with a checklist it can insure that all of the information is collected and in such a way that it is usable. Through creating the checklist for the incident handler they can insure 100% success. This also keeps unqualified hands off the evidence. 9. Why should internal legal counsel be notified when a “critical” security incident occurs? h. This is important so that the company can continue in such a way as to be judicially prudent. They must know what is the acceptable method of getting evidence to keep it safe for court admission. There may also be extenuating circumstances that must be taken into account depending on the organization and the event. 10. The post-mortem “lessons learned” step is the last in the incident response process. Why is this the
2. Explain the purpose of following health, safety and security procedures in a business environment.
2. Explain the purpose of following health, safety and security procedures in a business environment.
The purpose of an After Action Report and Improvement Plan (AAR/IP) is to analyze the strengths and weaknesses of certain events. These reports help breakdown incidents and to check processes that have either worked as planned or processes that need improvement. The reports can also be stored for future use in order for people to use them as past lessons learned. This AAR will give a summary of events, strengths and weaknesses, recommendations, and finally finished off with an IP that addresses the recommendations.
As lead forensic investigator for XYZ, Inc., my first task in planning to process the potential crime/incident scene at HCC Partners in Life, is how to collect computers involved in the incident scene methodically and thoroughly. First and foremost, I would attempt to ascertain the type of case I am investigating. In this instance, I know that there is a possible breach in the medical records system at HCC. I would need to talk to employees involved in the incident and ask questions. For instance, I would need to know if police (and hopefully not their Information Technology (IT) department) taken custody of any computers,
The officer may also collaborate on solutions with other law enforcement officers or emergency personal. The fourth step is assessing results, process and impact evaluation and conduct a new problem
Although this systematic approach has improved first responder’s ability to communicate effectively it is important to continuously evaluate not only the incident itself, but also the agency’s preparation and
“Checking all incident reports (highered.mheducation.com)”; Checking these reports are key, because one problem in law enforcement is false reports. This check can aid to review the value of the review to see if it matches the scene and it can also piece information about the scene. 5. “Reviewing crime laboratory reports (highered.mheducation.com)” ; This is pertinent due to test results of the evidence the team has sent to the lab.
Having been briefed on the nature of the incident, the forensic investigator will conduct interviews of the database (DB), Email, and network administrators to determine what she knows about the chain of events leading up to the receipt and subsequent
The organization implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment,
The organization has defined procedure for the identification, collection, acquisition, preservation of information that will be utilized as evidence. Evidence identifies unauthorized changes and helps reconstruct the activities involved in an incident. Forensic analysis can be used to determine and subsequently understand the extent to which a system or network has been compromised or otherwise affected. Due to the specialization of forensic analysis some organizations may choose to outsource these activities in order to transfer the responsibility.
Assessment, Evaluation and Improvement – had to adopt a systematic approach to evaluating their successes and failures. They conducted real time evaluations to assess and influence emergency response. These exercises provided vital information about the effectiveness of their response and allowed them to make crucial adjustments to their process.
Readiness is important to alleviate the danger of an assault or episode before issues emerge inside of the association. This incorporates guaranteeing the association 's system security, frameworks, and applications. The Incident Response Team ought to have every one of the instruments and assets important to perform their employment obligations when episodes happen. Contact data including accessible if the need arises and heightening ought to be dispersed to the group and administration. Best security practices ought to be actualized and continually refined in the territories of danger appraisals, system edge security, malware aversion, and representative security mindfulness.
In this report I will be talking about different security policies and guideline and how they are needed in an organisation. The first one I will be talking about will be the disaster recovery policy, what this policy is basically about is that the organization will have so kind of plan or strategy put in place for things like natural disasters for example floods, fire, earthquake and things like theft and major human error that can cause major data loss, which and ultimately impact the organization security and the functions the organization provides. What this disaster recovery policy might have in it is if a natural disaster or a virus enters the organization one police can be to basically move all the data to an off-site location
Q2: Do you believe that our company places a priority on security in the organization?
Q2: Do you believe that our company places a priority on security in the organization?