Free Essay

Week3 Chp2

In:

Submitted By yalavarthi78
Words 1390
Pages 6
Home Computer Incident Response Plan

Introduction
This paper contains a brief Incident response for my home computers. For the purpose of this paper two departments introduced, User department and Technology services department.
Virus Attack

Before Attack
Users
* Keep anti-virus software running? * Update virus signatures at least weekly. * Attend virus awareness training. * Learn how to detect and take basic steps during a virus attack. * Perform back-ups of vulnerable data on a regular basis. * Rotate most current backup media offsite.

Technology Services * Provide education and training about virus attack awareness. * Provide education about the dangers and attack profiles of the most prevalent kinds of malware attacks. * Instruct users about proper method for data backups. * Randomly test backups using restores to ensure the quality of the backup procedures, the training, and the quality of the media. * Provide offsite backup media service. * Ensure that a current Incident Response Plan is in place to deal with active attacks and post attack situations.

After an Attack
Users
* Work with Technology services to determine the extent of data loss. * Work with Technology Services to determine the root causes. * Work with Technology Services to provide input updates to the Lessons Learned * Work with Technology Services to provide input updates to the Incident Response Plan * Work with Technology Services to provide input updates to the Security Awareness Training * After Technology Services performs the restore, verify that the data restored properly.
Technology Services * Inspect equipment to ensure there was no permanent damage. * Obtain current backup media from offsite. * Assess the extent of the damage and to determine if the attack is over * Determine if the virus has polymorphed itself into a form were it is no is a quiescent state, waiting for some random period of to launch a new attack from the inside. * Perform a restore. * Review the incident to determine how the incident happened. * Determine how to increase controls to prevent future occurrences. * Update the Lessons Learned Log. * Update the Security Education materials to incorporate the Lessons Learned.
Update the Incident Response Plan, if necessary to incorporate Lessons Learned.
During Attack
Users
* Follow training instructions that tell the user what to do when a computer is identified as being under attack. * If possible, disconnect the network cable. * If the computer is a wireless network device, shut it down immediately. * Do not attempt to fix the problem. * Do not destroy or tamper with anything, because it could be evidence if a crime occurred.
Technology Services * Be available for contact at an emergency contact number in case a computer comes under attack. * Follow the Incident response plan and help the user to remain calm. * Do not destroy or tamper with anything, because it could be evidence if a crime occurred. * Contact the owner to inform them that an attack is in progress.
Power Failure

Before Attack
Users
* Attend Information Security Awareness Training that includes information about procedures for handling power outages * Ensure that all computer equipment is working normally. * Ensure that computers with critical data have an emergency UPS power supply and it the computer is plugged into the UPS, and working properly with the UPS, * Ensure that the battery will allow time for proper shutdown. * Perform back-ups of vulnerable data on a regular basis. * Rotate most current backup media offsite. * Have a flashlight with good batteries handy in case there is a power failure.
Technology Services * Ensure that the Information Security Awareness Training that includes information about procedures for handling power outages. * Ensure that the Information Security Awareness Training which includes information about Power Outages has been conducted with the user. * Ensure that all computer equipment is working normally. * Ensure that computers with critical data have an emergency UPS power supply and that the battery will allow time for proper shutdown. * Instruct users about proper method for data backups. * Randomly test backups using restores to ensure the quality of the backup procedures, the training, and the quality of the media. * Provide offsite backup media service.
After an Attack
Users
* Work with Technology services to determine the extent of data loss. * Work with Technology Services to determine the root causes. * Work with Technology Services to provide input updates to the Lessons Learned * Work with Technology Services to provide input updates to the Incident Response Plan * Work with Technology Services to provide input updates to the Security Awareness Training * After Technology Services performs the restore, verify that the data restored properly
Technology Services * Inspect equipment to ensure there was no permanent damage. * Obtain current backup media from offsite. * Assess the extent of the damage and to determine if the power outage is over * Perform a restore. * Review the incident to determine how the incident happened. * Determine how to increase controls to prevent future occurrences. * Update the Lessons Learned Log. * Update the Security Education materials to incorporate the Lessons Learned * Update the Incident Response Plan, if necessary to incorporate Lessons Learned
During Attack
Users
* Follow training instructions that tell the user what to do when a power failure occurs * Do not attempt to fix the problem. * Do not destroy or tamper with anything, because it could be evidence if a crime occurred. * Use a flashlight to get to a safe place.
Technology Services * Be available for contact at an emergency contact number in case a power failure occurs. * Follow the Incident response plan and help the user to remain calm. * Do not destroy or tamper with anything, because it could be evidence if a crime occurred. * Contact the owner to inform them that a fire is in progress.
Water Pipe

Before Attack
Users
* Attend Information Security Awareness Training that includes information about procedures for handling burst water pipes. * Ensure that all computer equipment is working normally. * Ensure that there are water pressure detectors nearby. * Perform back-ups of vulnerable data on a regular basis. * Rotate most current backup media offsite. * Have a flashlight with good batteries handy in case there is a power failure associated with the fire.
Technology Services

* Ensure that the Information Security Awareness Training that includes information about procedures for handling burst water pipes. * Ensure that the Information Security Awareness Training which includes information about burst water pipes has been conducted with the user. * Ensure that all water pressure detectors are working normally. * Instruct users about proper method for data backups. * Randomly test backups using restores to ensure the quality of the backup procedures, the training, and the quality of the media. * Provide offsite backup media service. * Obtain current backup media from offsite. * Assess the extent of the damage and to determine if the power outage is over * Perform a restore. * Provide offsite backup media service
After an Attack
Users
* Do not destroy or tamper with anything, because it could be evidence if a crime occurred. * Work with Technology services to determine the extent of data and equipment loss. * Work with Technology Services to acquire new equipment if necessary. * Work with Technology Services to determine the root causes. * Work with Technology Services to provide input updates to the Lessons Learned * Work with Technology Services to provide input updates to the Incident Response Plan * Work with Technology Services to provide input updates to the Security Awareness Training * After Technology Services performs the restore, verify that the data restored properly
Technology Services * Do not destroy or tamper with anything, because it could be evidence if a crime occurred. * Assess the extent of the damage. * Determine if new equipment is required. If so, work through the owner to purchase it. * Obtain current backup media from offsite. * Perform a restore. * Review the incident to determine how the incident happened. * Determine how to increase controls to prevent future occurrences. * Update the Lessons Learned Log. * Update the Security Education materials to incorporate the Lessons Learned. * Update the Incident Response Plan, if necessary to incorporate Lessons Learned
During Attack
Users
* Call Technology Services. * Follow training instructions that tell the user what to do when a burst water pipe occurs. * Turn off computer equipment. * If the flooding becomes severe, evacuate the building.
Technology Services * Be available for contact at an emergency contact number in case a burst water pipe occurs. * Follow the Incident response plan and help the user to remain calm. * Do not destroy or tamper with anything, because it could be evidence if a crime occurred. * Contact the owner to inform them that a burst water pipe situation is in progress.

Similar Documents