ITEC 6322 - Assignment One
1. What is an incident?
An incident is not only a security-related adverse event, which may damage data integrity, confidentiality or availability, but also indicates a violation or imminent threat of violation of computer security policies or standard security practices.
2. Provide examples of several different types of incidents.
There are four types of incidents in today’s computer security field:
➢ Denial of service: the attacker begins the process of establishing a connection to the victim machine, but prevents the ultimate completion of the connection. The legitimate connections are denied while the victim machine is waiting to complete bogus "half-open" connections.
➢ Malicious code: A Trojan Horse code is hidden in some downloaded software to steal the host’s password.
➢ Unauthorized access: An attacker hacks a bank’s website to obtain customers’ ID and account number.
➢ Inappropriate usage: A company clerk sells out customers’ information to its competitor.
3. What is incident response?
Incident response is a process responding to a security incident quickly and efficiently.
4. Why is incident response important?
With systematical incident response, it would be a “knee-jerk” reaction to take appropriate steps to help personnel recover quickly and efficiently from security incidents with the minimum loss.
5. Describe the importance of communications during incident response.
It is a must to communicate with internal departments and outside parties to share information and investigate security incident regarding different functions. Faster and easier under proper guidelines helps to handle incident efficiently and quickly.
6. Name both external and internal entities with which communications needs to be maintained.
External: other incident response teams, law enforcement, the media, vendors and external victims.
Internal: incident response team members, human resources, and legal department.
7. What does NIST 800-61 define as a “jump kit”?
According NIST 800-61, a “jump kit” is a portable bag or case that contains materials that an incident handler may likely need during an offsite investigation. The jump kit is ready to go at all times so that when a serious incident occurs, incident handlers can grab the jump kit and go.
SP 800-61
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment