Response

20 Sep Response

Posted at 02:44h in 2Past Paper by Homework Writer

Chapter 11

Response

Cyber Attacks Protecting National Infrastructure, 1st ed.

• Incident response process is the most familiar component of any cyber security program

• A cyber security program will contain at least the following – Incident trigger

– Expert gathering

– Incident analysis

– Response activities

C h a p te

r 1 1 –

R e s p o n s e

Introduction

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.1 – General incident response process schema

• There are two fundamental types of triggers – Tangible, visible effects of an attack

– Early warning and indications information

• Thus, two approaches to incident response processes – Front-loaded prevention

– Back-loaded recovery

• The two approaches should be combined for comprehensive response picture

• Protecting national assets is worth suffering a high number of false positives

C h a p te

r 1 1 –

R e s p o n s e

Pre- Versus Post-Attack Response

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.2 – Comparison of front-loaded and back-loaded response processes

• Front-loaded prevention critical to national infrastructure protection

• Taxonomy of early warning process triggers – Vulnerability information

– Changes in profiled behavioral metrics

– Match on attack metric pattern

– Component anomalies

– External attack information

• Front-loaded prevention have a high sensitivity to triggers

C h a p te

r 1 1 –

R e s p o n s e

Indications and Warning

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.3 – Comparison of trigger intensity threshold for response

• Optimal incident response team includes two components – A core set of individuals

– A set of subject matter experts

• In complex settings, with multiple incidents, important for team to not work at cross-purposes

C h a p te

r 1 1 –

R e s p o n s e

Incident Response Teams

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.4 – Management of simultaneous response cases

• Response teams in a national setting must plan for multiple concurrent attacks aimed at a company or agency

• Considerations for proper planning include – Avoidance of a single point of contact individual

– Case management automation

– Organizational support for expert involvement

– 24/7 operational support

C h a p te

r 1 1 –

R e s p o n s e

Incident Response Teams

• Questions addressed in the forensic analysis process include – Root cause

– Exploits

– State

– Consequences

– Action

• Great care must be taken to protect and preserve evidence

C h a p te

r 1 1 –

R e s p o n s e

Forensic Analysis

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.5 – Generic high-level forensic process schema

• Internal expert most likely the best to lead a company investigation

• Forensic analysts need the following – Culture of relative freedom

– Access to interesting technology

– Ability to interact externally

C h a p te

r 1 1 –

R e s p o n s e

Forensic Analysis

• Should law enforcement be involved and called upon for support?

• Carefully review local, regional, and national laws regarding when law enforcement must be contacted

• Figure 11.6 outlines a decision process

C h a p te

r 1 1 –

R e s p o n s e

Law Enforcement Issues

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.6 – Decision process for law enforcement involvement in forensics

• Three Components of a Disaster Recovery Program – Preparation

– Planning

– Practice

C h a p te

r 1 1 –

R e s p o n s e

Disaster Recovery

Fig. 11.7 – Disaster recovery exercise configurations

C h a p te

r 1 1 –

R e s p o n s e

• National programs can provide centralized coordination – Intrasector coordination should be encouraged

• Currently, coordination is not the main focus of most national emergency response team programs

C h a p te

r 1 1 –

R e s p o n s e

National Response Program

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.8 – National response program coordination interfaces

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.

Do you need an answer to this or any other questions?

About Writedemy

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

To make an Order you only need to click on “Order Now” and we will direct you to our Order Page. Fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.

Are there Discounts?

All new clients are eligible for 20% off in their first Order. Our payment method is safe and secure.

Hire a tutor today CLICK HERE to make your first order

Print page

20 Sep Response

About Writedemy

We are a professional paper writing website. If you have searched a question and bumped into our website just know you are in the right place to get help in your coursework. We offer HIGH QUALITY & PLAGIARISM FREE Papers.

How It Works

Are there Discounts?

Hire a tutor today CLICK HERE to make your first order

Study Help

About Us