SEC – 280-19780: Security
Professor: Jack Sibrizzi
Date: [ 2/12/2015 ]
This security incident response policy will explain the list of procedures that need to be taken after a malware attack that made the network operation shuts down for Gem Infosys. The policy plan will have multiple phases that include defining what comprises the security incident and the response phases. The response phases would include defining roles and responsibilities, assessment of the incident, and procedures explaining in detail what actions taken during the incident. Although the incident was caused by a ...view middle of the document...
Also, Gem Infosys has a professional security consultant.
Cyber incident response team is responsible for the following steps:
1. Determine the cyber attack: This step might take awhile and could be challenging. The most important part is to be aware of how the company’s network designed and how much bandwidth users have been utilizing compared to their bandwidth usage on a regular basis. Also warnings such as computers are suddenly crashing or huge transfer of data to weird IP addresses would help identify the attack.
2. Investigate the scope of the compromise: This step is to inventory all the machines that got affected by the attack. At this point the professional consultant would need to do a network and malware analysis to:
a. See which machines and files got affected such as customer records, databases, individual files, and financial data. Assess what business information was stolen or damaged.
b. Collect information from network logs and any software error reports.
c. Determine where the malware entered the network.
3. Control the attack: After the cyber attack is determined, contain the attack.
d. Pull offline all affected systems simultaneously.
e. Check the firewall and make sure it is configured to its maximum security. While doing assessment, disable packets traveling between the LAN and the Internet, then enable packet filtering.
f. Disable network ports such as port 80 to block any data transmition while doing the assessment.
g. Repair the affected systems. Either re-images the machine or reinstall all software from master disk and restore files and databases from backup.
h. Check the anti-virus software and...