SlideShare une entreprise Scribd logo

Incident response process

Télécharger en tant que PPTX, PDF
B
Bhupeshkumar Nanhe

Incident Response Methodology is one of the popular process to investigate the incident which is unlawful, unauthorized or unacceptable action on computer system or computer network.

Formation
1  sur  15
PRESENTED BY BHUPESHKUMAR M.V. NANHE DEPARTMENT OF FORENSIC SCIENCE, SHRI SHIVAJI COLLEGE OF ARTS, COMMERCE & SCIENCE, AKOLA (MH)
Synopsis Introduction to Computer Security Incident Goals of Incident Response Experts involves in Incident Response Incident Response Methodology Pre-Incident Preparation Detection of Incident Formulate a Response Strategy Data Collection Data Analysis Reporting Resolution 02/15
Introduction to Computer Security Incident Computer Security Incident as any unlawful, unauthorized or unacceptable action that involve a computer system or a computer network. Such actions can be; Email harassment Embezzlement Possession and dissemination of child pornography DoS attacks Theft of trade secretes 03/15
Goals of Incident Response Confirms whether an incident occurred or not Minimizes disruption of business and network operation Promote accumulation of accurate information Protect privacy rights established by law and policy Provide accurate report and useful recommendations Allows criminal or civil actions against perpetrator(s) Protect your organization’s reputation and assest Educates senior management 04/15
Experts involves in Incident Response Process Computer Security Incident Response Team (CSIRT) respond the incident and that includes followings experts.  Technical experts,  Cyber Security experts,  Legal counsel,  Corporate security officer,  Business Managers,  End User  Human Recourses personnel  Workers 05/15
Incident Response Methodology Fig. Incident Response Methodology 06/15
Pre-Incident Preparation Preparation of Organization Implementing host based security Implementing network based security Employing an intrusion detection system (IDS) Creating strong access control Training end user Preparation of CSIRT The hardware needed to investigate computer security incidents The software needed to investigate computer security incidents The documentation needed to investigate computer security incidents 07/15
Detection of Incident IDS Detection of remote attack Numerous failed logon attempts Logins into dormant or default accounts New account not created by system administrator Unfamiliar file and executable program Altered pages on webserver Gaps in log files Slower System performance System Crash Receipt of Email Exporting your organization Child Pornography 08/15
Initial Response Interviewing the system administration Interviewing business unit personnel Reviewing the IDS report and network-based logs to identify the data Reviewing the network topologies and access control list . 09/15
Formulate a Response Strategy Based on the results of all known facts, determine the best response and obtain management approval. Determine what civil, criminal, administrative or other actions area appropriate to take, based on the conclusion drawn from the investigation. 10/15
Data Collection 1. Network Based Evidence Obtain IDS logs Obtain existing router logs Obtain relevant firewall logs Perform network monitoring Obtain Backup 2. Host Based Evidence Obtain volatile data during a live response Obtain the system time/date for every file on the victim system  Obtain backup 3. Other Evidence  Obtain oral testimony from witnesses 11/15
Forensic Analysis Fig. Forensic Analysis 12/15
Reporting Documents immediately Write concisely Use standard format 13/15
Resolution Identify the organization’s top priorities and resolve them  Returning all the system in operational status Implement proper computer as well as network security Restore any affected or compromised system  Apply corrections required to address any host-based vulnerabilities 14/15
15/15

Recommandé

Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
Yansi Keim
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
Dr Raghu Khimani
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
Network forensic
Network forensicNetwork forensic
Network forensic
Manjushree Mashal
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
Online
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
Cleverence Kombe
 

Recommandé

Incident response methodology
Incident response methodologyIncident response methodology
Incident response methodology
Piyush Jain
 
Cyber Forensics Overview
Cyber Forensics OverviewCyber Forensics Overview
Cyber Forensics Overview
Yansi Keim
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
Dr Raghu Khimani
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
Network forensic
Network forensicNetwork forensic
Network forensic
Manjushree Mashal
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
Online
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
Cleverence Kombe
 
Incident response
Incident responseIncident response
Incident response
Anshul Gupta
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
Online
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
Roberto Ellis
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
Kranthi
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
anupriti
 
Database forensics
Database forensicsDatabase forensics
Database forensics
Denys A. Flores, PhD
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
Tawhidur Rahman
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
vishnuv43
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
Sweta Kumari Barnwal
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
rakesh mishra
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensics
Marco Alamanni
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
yash sawarkar
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
primeteacher32
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
Deepak Kumar (D3)
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
anilinvns
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
newbie2019
 
Difference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxDifference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptx
Applied Forensic Research Sciences
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
Dhiren Gala
 
SENG8060_Lesson01_Introduction (2).pptx
SENG8060_Lesson01_Introduction (2).pptxSENG8060_Lesson01_Introduction (2).pptx
SENG8060_Lesson01_Introduction (2).pptx
VatsalPatel147291
 

Contenu connexe

Tendances

04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
Kranthi
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensics
Marco Alamanni
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
Sonu Sunaliya
 

Tendances (20)

Incident response
Incident responseIncident response
Incident response
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes04 Evidence Collection and Data Seizure - Notes
04 Evidence Collection and Data Seizure - Notes
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
 
Database forensics
Database forensicsDatabase forensics
Database forensics
 
Computer Forensic
Computer ForensicComputer Forensic
Computer Forensic
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
 
Analysis of digital evidence
Analysis of digital evidenceAnalysis of digital evidence
Analysis of digital evidence
 
Brief introduction to digital forensics
Brief introduction to digital forensicsBrief introduction to digital forensics
Brief introduction to digital forensics
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat Intelligence
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
 
Difference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxDifference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptx
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 

Similaire à Incident response process

Insider Breaches and Data Theft by Employees and Contractors
Insider Breaches and Data Theft by Employees and ContractorsInsider Breaches and Data Theft by Employees and Contractors
Insider Breaches and Data Theft by Employees and Contractors
ButlerRubin
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1
stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
stevemeltzer
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
stevemeltzer
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
Mark Bennett
 
AgendaIntroduction Administrative Controls Physical Contro.docx
AgendaIntroduction Administrative Controls Physical Contro.docxAgendaIntroduction Administrative Controls Physical Contro.docx
AgendaIntroduction Administrative Controls Physical Contro.docx
daniahendric
 
3e - Computer Crime
3e - Computer Crime3e - Computer Crime
3e - Computer Crime
MISY
 
3e - Security And Privacy
3e - Security And Privacy3e - Security And Privacy
3e - Security And Privacy
MISY
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
Rahul Baghla
 

Similaire à Incident response process (20)

Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
SENG8060_Lesson01_Introduction (2).pptx
SENG8060_Lesson01_Introduction (2).pptxSENG8060_Lesson01_Introduction (2).pptx
SENG8060_Lesson01_Introduction (2).pptx
 
The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)The New Massachusetts Privacy Rules (February 2, 2010)
The New Massachusetts Privacy Rules (February 2, 2010)
 
New Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: HowlandNew Developments in Cybersecurity and Technology for RDOs: Howland
New Developments in Cybersecurity and Technology for RDOs: Howland
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
Data breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundationData breach-response-planning-laying-the-right-foundation
Data breach-response-planning-laying-the-right-foundation
 
Insider Breaches and Data Theft by Employees and Contractors
Insider Breaches and Data Theft by Employees and ContractorsInsider Breaches and Data Theft by Employees and Contractors
Insider Breaches and Data Theft by Employees and Contractors
 
The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1The new massachusetts privacy rules v5.35.1
The new massachusetts privacy rules v5.35.1
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Securing Management Information Systems.ppt
Securing Management Information Systems.pptSecuring Management Information Systems.ppt
Securing Management Information Systems.ppt
 
08 -Securing Information Systems at workplace.ppt
08 -Securing Information Systems at workplace.ppt08 -Securing Information Systems at workplace.ppt
08 -Securing Information Systems at workplace.ppt
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4The New Massachusetts Privacy Rules V4
The New Massachusetts Privacy Rules V4
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
 
What Every Organization Should Log And Monitor
What Every Organization Should Log And MonitorWhat Every Organization Should Log And Monitor
What Every Organization Should Log And Monitor
 
AgendaIntroduction Administrative Controls Physical Contro.docx
AgendaIntroduction Administrative Controls Physical Contro.docxAgendaIntroduction Administrative Controls Physical Contro.docx
AgendaIntroduction Administrative Controls Physical Contro.docx
 
3e - Computer Crime
3e - Computer Crime3e - Computer Crime
3e - Computer Crime
 
3e - Security And Privacy
3e - Security And Privacy3e - Security And Privacy
3e - Security And Privacy
 
Computer +forensics
Computer +forensicsComputer +forensics
Computer +forensics
 

Plus de Bhupeshkumar Nanhe

Plus de Bhupeshkumar Nanhe (8)

Questioned Document.pptx
Questioned Document.pptxQuestioned Document.pptx
Questioned Document.pptx
 
L1 Basics of Forensic Science & FSL.pptx
L1 Basics of Forensic Science & FSL.pptxL1 Basics of Forensic Science & FSL.pptx
L1 Basics of Forensic Science & FSL.pptx
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptx
 
L5 Cyber Crime.pptx
L5 Cyber Crime.pptxL5 Cyber Crime.pptx
L5 Cyber Crime.pptx
 
Biometrics
BiometricsBiometrics
Biometrics
 
Geoforensic
Geoforensic Geoforensic
Geoforensic
 
Fingerprint Classification
Fingerprint ClassificationFingerprint Classification
Fingerprint Classification
 
Bhavana Shivankar
Bhavana ShivankarBhavana Shivankar
Bhavana Shivankar
 

Dernier

Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
MateoGardella
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 

Dernier (20)

Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 

Incident response process

  • 1. PRESENTED BY BHUPESHKUMAR M.V. NANHE DEPARTMENT OF FORENSIC SCIENCE, SHRI SHIVAJI COLLEGE OF ARTS, COMMERCE & SCIENCE, AKOLA (MH)
  • 2. Synopsis Introduction to Computer Security Incident Goals of Incident Response Experts involves in Incident Response Incident Response Methodology Pre-Incident Preparation Detection of Incident Formulate a Response Strategy Data Collection Data Analysis Reporting Resolution 02/15
  • 3. Introduction to Computer Security Incident Computer Security Incident as any unlawful, unauthorized or unacceptable action that involve a computer system or a computer network. Such actions can be; Email harassment Embezzlement Possession and dissemination of child pornography DoS attacks Theft of trade secretes 03/15
  • 4. Goals of Incident Response Confirms whether an incident occurred or not Minimizes disruption of business and network operation Promote accumulation of accurate information Protect privacy rights established by law and policy Provide accurate report and useful recommendations Allows criminal or civil actions against perpetrator(s) Protect your organization’s reputation and assest Educates senior management 04/15
  • 5. Experts involves in Incident Response Process Computer Security Incident Response Team (CSIRT) respond the incident and that includes followings experts.  Technical experts,  Cyber Security experts,  Legal counsel,  Corporate security officer,  Business Managers,  End User  Human Recourses personnel  Workers 05/15
  • 6. Incident Response Methodology Fig. Incident Response Methodology 06/15
  • 7. Pre-Incident Preparation Preparation of Organization Implementing host based security Implementing network based security Employing an intrusion detection system (IDS) Creating strong access control Training end user Preparation of CSIRT The hardware needed to investigate computer security incidents The software needed to investigate computer security incidents The documentation needed to investigate computer security incidents 07/15
  • 8. Detection of Incident IDS Detection of remote attack Numerous failed logon attempts Logins into dormant or default accounts New account not created by system administrator Unfamiliar file and executable program Altered pages on webserver Gaps in log files Slower System performance System Crash Receipt of Email Exporting your organization Child Pornography 08/15
  • 9. Initial Response Interviewing the system administration Interviewing business unit personnel Reviewing the IDS report and network-based logs to identify the data Reviewing the network topologies and access control list . 09/15
  • 10. Formulate a Response Strategy Based on the results of all known facts, determine the best response and obtain management approval. Determine what civil, criminal, administrative or other actions area appropriate to take, based on the conclusion drawn from the investigation. 10/15
  • 11. Data Collection 1. Network Based Evidence Obtain IDS logs Obtain existing router logs Obtain relevant firewall logs Perform network monitoring Obtain Backup 2. Host Based Evidence Obtain volatile data during a live response Obtain the system time/date for every file on the victim system  Obtain backup 3. Other Evidence  Obtain oral testimony from witnesses 11/15
  • 14. Resolution Identify the organization’s top priorities and resolve them  Returning all the system in operational status Implement proper computer as well as network security Restore any affected or compromised system  Apply corrections required to address any host-based vulnerabilities 14/15
  • 15. 15/15