Soumettre la recherche
Mettre en ligne
Forensic3e ppt ch13
•
Télécharger en tant que PPTX, PDF
•
0 j'aime
•
36 vues
S
Skillspire LLC
Suivre
cybersecurity
Lire moins
Lire la suite
Formation
Signaler
Partager
Signaler
Partager
1 sur 26
Télécharger maintenant
Recommandé
Funsec3e ppt ch07
Funsec3e ppt ch07
Skillspire LLC
Funsec3e ppt ch06
Funsec3e ppt ch06
Skillspire LLC
Forensic3e ppt ch03
Forensic3e ppt ch03
Skillspire LLC
Forensic3e ppt ch08
Forensic3e ppt ch08
Skillspire LLC
Forensic3e ppt ch06
Forensic3e ppt ch06
Skillspire LLC
Funsec3e ppt ch13
Funsec3e ppt ch13
Skillspire LLC
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
Dr. Ahmed Al Zaidy
Recommandé
Funsec3e ppt ch07
Funsec3e ppt ch07
Skillspire LLC
Funsec3e ppt ch06
Funsec3e ppt ch06
Skillspire LLC
Forensic3e ppt ch03
Forensic3e ppt ch03
Skillspire LLC
Forensic3e ppt ch08
Forensic3e ppt ch08
Skillspire LLC
Forensic3e ppt ch06
Forensic3e ppt ch06
Skillspire LLC
Funsec3e ppt ch13
Funsec3e ppt ch13
Skillspire LLC
Fundamentals of Information Systems Security Chapter 3
Fundamentals of Information Systems Security Chapter 3
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 12
Fundamentals of Information Systems Security Chapter 12
Dr. Ahmed Al Zaidy
Funsec3e ppt ch11
Funsec3e ppt ch11
Skillspire LLC
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Dr. Ahmed Al Zaidy
Funsec3e ppt ch14
Funsec3e ppt ch14
Skillspire LLC
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
Dr. Ahmed Al Zaidy
Hacking3e ppt ch10
Hacking3e ppt ch10
Skillspire LLC
Funsec3e ppt ch03
Funsec3e ppt ch03
Skillspire LLC
Hacking3e ppt ch02
Hacking3e ppt ch02
Skillspire LLC
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10
Dr. Ahmed Al Zaidy
Funsec3e ppt ch10
Funsec3e ppt ch10
Skillspire LLC
Hacking3e ppt ch13
Hacking3e ppt ch13
Skillspire LLC
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
Sec4
Sec4
Anne Starr
Security Policies and Implementation IssuesChapter 12Inciden.docx
Security Policies and Implementation IssuesChapter 12Inciden.docx
jeffreye3
Contenu connexe
Tendances
Funsec3e ppt ch11
Funsec3e ppt ch11
Skillspire LLC
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Dr. Ahmed Al Zaidy
Funsec3e ppt ch14
Funsec3e ppt ch14
Skillspire LLC
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
Dr. Ahmed Al Zaidy
Hacking3e ppt ch10
Hacking3e ppt ch10
Skillspire LLC
Funsec3e ppt ch03
Funsec3e ppt ch03
Skillspire LLC
Hacking3e ppt ch02
Hacking3e ppt ch02
Skillspire LLC
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10
Dr. Ahmed Al Zaidy
Funsec3e ppt ch10
Funsec3e ppt ch10
Skillspire LLC
Hacking3e ppt ch13
Hacking3e ppt ch13
Skillspire LLC
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Dr. Ahmed Al Zaidy
Tendances
(20)
Funsec3e ppt ch11
Funsec3e ppt ch11
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 14
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 13
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 2
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 7
Fundamentals of Information Systems Security Chapter 15
Fundamentals of Information Systems Security Chapter 15
Funsec3e ppt ch14
Funsec3e ppt ch14
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 8
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 6
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 5
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 11
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 4
Fundamentals of Information Systems Security Chapter 4
Hacking3e ppt ch10
Hacking3e ppt ch10
Funsec3e ppt ch03
Funsec3e ppt ch03
Hacking3e ppt ch02
Hacking3e ppt ch02
Fundamentals of Information Systems Security Chapter 10
Fundamentals of Information Systems Security Chapter 10
Funsec3e ppt ch10
Funsec3e ppt ch10
Hacking3e ppt ch13
Hacking3e ppt ch13
Fundamentals of Information Systems Security Chapter 9
Fundamentals of Information Systems Security Chapter 9
Similaire à Forensic3e ppt ch13
Sec4
Sec4
Anne Starr
Security Policies and Implementation IssuesChapter 12Inciden.docx
Security Policies and Implementation IssuesChapter 12Inciden.docx
jeffreye3
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
IBM Security
Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019
Pinzhang Chen 陈品璋
Security Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docx
jeffreye3
Security Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docx
kenjordan97598
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
CSNP
Topic11
Topic11
Anne Starr
)k
)k
Anne Starr
Top 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for Businesses
- Mark - Fullbright
Cyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated Discipline
Graeme Parker
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1
Anne Starr
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
mary772
20190123 LSEC CTI - Machine Learning in Infosec
20190123 LSEC CTI - Machine Learning in Infosec
Dominique Dessy
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Resilient Systems
Training Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdf
dotco
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
Cybertopic_1security
Cybertopic_1security
Anne Starr
Information Governance
Information Governance
Atle Skjekkeland
Cyber Risk and Marine Insurance
Cyber Risk and Marine Insurance
Peter Hulyer
Similaire à Forensic3e ppt ch13
(20)
Sec4
Sec4
Security Policies and Implementation IssuesChapter 12Inciden.docx
Security Policies and Implementation IssuesChapter 12Inciden.docx
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...
Ey Asia-Pacific Cyber Case Competition 2019
Ey Asia-Pacific Cyber Case Competition 2019
Security Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docx
Security Strategies in Windows Platforms and ApplicationsL.docx
Aon Ransomware Response and Mitigation Strategies
Aon Ransomware Response and Mitigation Strategies
Topic11
Topic11
)k
)k
Top 5 Steps to Disaster Preparedness for Businesses
Top 5 Steps to Disaster Preparedness for Businesses
Cyber Security and Business Continuity an Integrated Discipline
Cyber Security and Business Continuity an Integrated Discipline
gkkSecurity essentials domain 1
gkkSecurity essentials domain 1
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
CMGT400 v7Threats, Attacks, and Vulnerability Assessment Templa.docx
20190123 LSEC CTI - Machine Learning in Infosec
20190123 LSEC CTI - Machine Learning in Infosec
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
Training Catalogue - CyberSec_Technocracy.pdf
Training Catalogue - CyberSec_Technocracy.pdf
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Cybertopic_1security
Cybertopic_1security
Information Governance
Information Governance
Cyber Risk and Marine Insurance
Cyber Risk and Marine Insurance
Plus de Skillspire LLC
Logistics
Logistics
Skillspire LLC
Introduction to analytics
Introduction to analytics
Skillspire LLC
Lecture 31
Lecture 31
Skillspire LLC
Lecture 30
Lecture 30
Skillspire LLC
Lecture 29
Lecture 29
Skillspire LLC
Review
Review
Skillspire LLC
Review version 4
Review version 4
Skillspire LLC
Review version 3
Review version 3
Skillspire LLC
Review version 2
Review version 2
Skillspire LLC
Lecture 25
Lecture 25
Skillspire LLC
Lecture 24
Lecture 24
Skillspire LLC
Lecture 23 p1
Lecture 23 p1
Skillspire LLC
Lecture 21
Lecture 21
Skillspire LLC
Lecture 17
Lecture 17
Skillspire LLC
Lecture 16
Lecture 16
Skillspire LLC
Lecture 15
Lecture 15
Skillspire LLC
Lecture 14
Lecture 14
Skillspire LLC
Lecture 14
Lecture 14
Skillspire LLC
Lecture 13
Lecture 13
Skillspire LLC
Lecture 12
Lecture 12
Skillspire LLC
Plus de Skillspire LLC
(20)
Logistics
Logistics
Introduction to analytics
Introduction to analytics
Lecture 31
Lecture 31
Lecture 30
Lecture 30
Lecture 29
Lecture 29
Review
Review
Review version 4
Review version 4
Review version 3
Review version 3
Review version 2
Review version 2
Lecture 25
Lecture 25
Lecture 24
Lecture 24
Lecture 23 p1
Lecture 23 p1
Lecture 21
Lecture 21
Lecture 17
Lecture 17
Lecture 16
Lecture 16
Lecture 15
Lecture 15
Lecture 14
Lecture 14
Lecture 14
Lecture 14
Lecture 13
Lecture 13
Lecture 12
Lecture 12
Dernier
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
OH TEIK BIN
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
EduSkills OECD
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
UnboundStockton
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
JemimahLaneBuaron
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
Sakshi Ghasle
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
sanyamsingh5019
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
VS Mahajan Coaching Centre
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Krashi Coaching
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
iammrhaywood
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
RoyAbrique
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
eniolaolutunde
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
manuelaromero2013
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
TechSoup
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
Thiyagu K
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
SoniaTolstoy
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
pboyjonauth
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
9953056974 Low Rate Call Girls In Saket, Delhi NCR
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
pboyjonauth
Dernier
(20)
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
Forensic3e ppt ch13
1.
© 2019 Jones
and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. System Forensics, Investigation, and Response Lesson 13 Incident and Intrusion Response
2.
Page 2 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective Describe incident and intrusion response. Understand how to forensically respond to intrusions.
3.
Page 3 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Key Concepts Disaster recovery Evidence preservation How to integrate forensics to incident response
4.
Page 4 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. What Is Disaster Recovery? Steps taken after an information technology- related disaster to restore operations Forensic techniques may be best method for determining what caused the disaster and for avoiding a repeat of it Forensic process begins once an incident has been discovered • Is not fully underway until after the disaster or incident is contained
5.
Page 5 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Incident Response Plan In place to respond to: • Fire • Flood • Hurricane • Tornado • Hard drive failure • Network outage • Malware infection • Data theft or deletion • Intrusion
6.
Page 6 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Business Continuity, Incident Response, and Disaster Recovery Incident response Disaster recovery Business continuity Digital forensics
7.
Page 7 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Plans Business continuity plan (BCP) • Focuses on keeping an organization functioning as well as possible until a full recovery can be made Disaster recovery plan (DRP) • Focuses on executing a full recovery to normal operations • Sometimes referred to as an incident response plan (IRP)
8.
Page 8 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Plans (Cont.) In other words: • BCP concerned with maintaining at least minimal operations until organization can be returned to full functionality • DRP focuses on returning to full functionality
9.
Page 9 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Standards for BCPs ISO 27001 NIST 800-34 NFPA 1600
10.
Page 10 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Federal Standards for BCPs (Cont.) ISO 27035 NIST 800-61
11.
Page 11 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Business Impact Analysis (BIA) A study that identifies the effects a disaster would have on business and IT functions • Studies include interviews, surveys, meetings, and so on Identifies the priority of different critical systems Considers maximum tolerable downtime (MTD)
12.
Page 12 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Maximum Tolerable Downtime (MTD) A measure of how long a system or systems can be down before it is impossible for the organization to recover Related to: • Mean time to repair (MTTR) – The average time it takes to repair an item • Mean time to failure (MTTF) – The amount of time, on average, before a given device is likely to fail through normal use
13.
Page 13 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Recovery Plan Recovery plan BCP DRP BIA
14.
Page 14 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Recovery Plan (cont.) 1. Alternate equipment identified? 2. Alternate facilities identified? 3. Mechanism in place for contacting all affected parties, employees, vendors, customers, and contractors, even if primary means of communication are down? 4. Off-site backup of the data exists? 5. Can backup be readily retrieved and restored?
15.
Page 15 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Types of Backups Full – All changes Differential – All changes since the last full backup Incremental – All changes since the last backup of any type Hierarchical storage management (HSM) – Continuous backup
16.
Page 16 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. The Post-Recovery Follow-Up After recovery, find out what happened and why (involves forensics): • Was disaster caused by some weakness in the system? • Negligence by an individual? • A gap in policy? • An intentional act?
17.
Page 17 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Incident Response Containment Eradication Recovery Follow-up
18.
Page 18 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Containment Limit the incident Prevent it from affecting more systems
19.
Page 19 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Eradication Fix vulnerabilities • Example: Remove the malware Perform comprehensive examination of what occurred and how far it reached Ensure that the issue was completely addressed Forensics begins at this stage
20.
Page 20 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Recovery Involves returning the affected systems to normal status If malware: • Ensure the system is back in full working order with no presence of malware • Might need to restore software and data from backup
21.
Page 21 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Follow-up Forensics plays a critical role IT team must determine: • How incident occurred • What steps can be taken to prevent incident from reoccurring
22.
Page 22 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Preserving Evidence An event: • Is any observable occurrence within a system or network • Includes network activity, such as when a user accesses files on a server or when a firewall blocks network traffic Adverse events have negative results or negative consequences • Example: An attack on a system
23.
Page 23 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Computer Security Incidents Denial of service (DoS) attacks Malicious code Unauthorized access Inappropriate usage
24.
Page 24 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Preserving Evidence (Cont.) Recovery often performed at the expense of preserving forensic evidence Failure to preserve forensic information: • Prevents IT team from effectively evaluating cause of incident • Makes it difficult to modify company policies and procedures to reduce risk Forensic data is key to preventing future incidents
25.
Page 25 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Adding Forensics to Incident Response Identify forensic resources the organization can use in case of an incident Identify an outside party that can respond to incidents with forensically trained personnel Weave forensic methodology into organization's incident response policy Provide appropriate training to staff for preserving evidence
26.
Page 26 System Forensics,
Investigation, and Response © 2019 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Summary Disaster recovery Evidence preservation How to integrate forensics to incident response
Télécharger maintenant