Assignment One-SP 800-61

ITEC 6322 - Assignment One

1. What is an incident?
An incident is not only a security-related adverse event, which may damage data integrity, confidentiality or availability, but also indicates a violation or imminent threat of violation of computer security policies or standard security practices.

2. Provide examples of several different types of incidents.
There are four types of incidents in today’s computer security field:
➢ Denial of service: the attacker begins the process of establishing a connection to the victim machine, but prevents the ultimate completion of the connection. The legitimate connections are denied while the victim machine is waiting to complete bogus "half-open" connections.
➢ Malicious code: A Trojan Horse code is hidden in some downloaded software to steal the host’s password.
➢ Unauthorized access: An attacker hacks a bank’s website to obtain customers’ ID and account number.
➢ Inappropriate usage: A company clerk sells out customers’ information to its competitor.

3. What is incident response?
Incident response is a process responding to a security incident quickly and efficiently.

4. Why is incident response important?
With systematical incident response, it would be a “knee-jerk” reaction to take appropriate steps to help personnel recover quickly and efficiently from security incidents with the minimum loss.

5. Describe the importance of communications during incident response.
It is a must to communicate with internal departments and outside parties to share information and investigate security incident regarding different functions. Faster and easier under proper guidelines helps to handle incident efficiently and quickly.

6. Name both external and internal entities with which communications needs to be maintained.
External: other incident response teams, law enforcement, the media, vendors and external victims.
Internal: incident response team members, human resources, and legal department.

7. What does NIST 800-61 define as a “jump kit”?
According NIST 800-61, a “jump kit” is a portable bag or case that contains materials that an incident handler may likely need during an offsite investigation. The jump kit is ready to go at all times so that when a serious incident occurs, incident handlers can grab the jump kit and go.


SP 800-61

Online Journal-Incident Response

Harvard Dealing With 10,000 Hacked Applicants' Files

On March 13, Harvard University apologized for allowing computer files to be hacked by an ``outsider,'' potentially exposing personal information of about 10,000 graduate students or applicants. The information that may have been hijacked includes names, Social Security numbers, birth dates, addresses, e-mail addresses, telephone numbers, test scores, school records, and in some cases health information.

It happened firstly on Feb. 16 with 19 graduate application files, and Harvard reported it to FBI for investigation. Until Feb. 20, the victim numbers reached up to 6,600 include birth dates and Social Security numbers. To realize the large vulnerable extent, Harvard disabled the server, removed the sensitive information, addressed the vulnerability and brought it back online on Feb. 21. And Harvard even hired Kroll Inc. to provide identity theft- recovery services for people whose information might have been taken.

ID theft is a typical incident seen in every field. What Harvard did is efficient but not quick enough. When the intrusion happened in the first time even in small scope, the official needs to take response measures to take of that and prevent future incidents of this kind.

From this lesson, we know that the university is not a peaceful garden as it seems; therefore it also needs security incident response plan, which can be applied quickly and efficiently when any incident occurs. It is a good choice to hire a third party to handle incident due to in short of specific functional department in universities.


See the complete article