SlideShare a Scribd company logo

Incident Response & Contingency PlanningCase Journal

Download as DOCX, PDF
B
brittanyjespersen
1 of 19
Incident Response and Contingency Planning Journal Incident Response and Contingency Planning Journal By Brittany M Gilstrap ITEC 4341-01 Fall 2011 Macon State College
Incident Response and Contingency Planning Journal 1 Journal Entries for Week One 08/22/11 to 08/28/11 Journal Entry One: There is an incident in which someone on the inside of HAL is trying to get inside e-mail server by using several different accounts, but is failing to do so (Whitman & Mattord, 2007). There are multiple attacks, and even though they are using a proxy, and recently moved their servers into the DMZ, the question is who is creating such a disturbance, why are they trying to get into the e-mail server, and how are the attempting this incident (Whitman & Mattord, 2007). This would qualify as a deliberate act of trespass because it is an attempt by an unauthorized employee for informational access in the e-mail server (Whitman & Mattord, 2007). Risk identification would be to plan out this process, the system components being threatened is the e- mail server which could contain confidential information, depending on how critical this information is, it is an important asset to the company, and should be protected (Whitman & Mattord, 2007). Identifying the treat is in internal personnel trying to break into the e-mail server using other people’s log in information, but failing to get through (Whitman & Mattord, 2007). Lastly, in risk identification, the vulnerable assets are the e-mails on this server that could potentially be read by prying eyes that are not allowed to see, and possibly threatening critical information about business operations (Whitman & Mattord, 2007). Next is to do a risk assessment, and to determine how to value the assets on this e-mail server, it would depend on how highly critical the information is that is being stored there (Whitman & Mattord, 2007). There is a high likelihood of attack on the vulnerabilities because it is already in place that someone is trying to get into this e-mail server, and apparently is using others e-mail accounts to try to hack in, but is unable to (Whitman & Mattord, 2007). In the end, there will need to be a
Incident Response and Contingency Planning Journal 2 decision on risk control to decide what the best route is to protect the server, and to protect these accounts (Whitman & Mattord, 2007). Journal Entry Two: The first question asks who Paul should invite to this meeting to discuss this incident (Whitman & Mattord, 2007). Obviously Paul will be bringing himself, Amanda whose account was being used to try to access the e-mail server, and because she is Paul’s boss (Whitman & Mattord, 2007). Jonathon is the senior systems administrator who recognized these many failed attempts at being able to get through the proxy, and Paul also asked him to grab Tina who is the senior network administrator (Whitman & Mattord, 2007). I believe that Richard Xavier, chief operations officer, William Freund, manager of systems, and Roberta Briscoe, manager of corporation security, should be present because it did ask for senior personnel to be at this meeting, and their fields each give them some insight on what to do, and how to approach this incident (Whitman & Mattord, 2007). Richard would be able to provide potential directions to follow in this incident, and help to plan for a recovery afterwards to better train employs, and put policies in place to protect against this kind of incident. William would be able to provide information on the systems within the organization, and how such an attempt could have manifested. Roberta would be able to provide information on security needs within the organization, and would be able to point them in the right direction for protecting the e-mail server from this attack. Journal Entry Three: The second question asks what other information Paul and his team can use to track down this incident (Whitman & Mattord, 2007). For Paul and his team to track down this incident, it
Incident Response and Contingency Planning Journal 3 would be most beneficial to see all the accounts in which the personnel was using to hack into the e-mail server, also it would help to get all the IP addresses of the computers being used in this attack, so that they can identify possibly which personnel is making this attack. Also, they could install software on any IP addresses that show up, so that the computer can track all user activity, and they would be able to review the personnel in the process of attacking. They could also possibly find potential giveaways from what the personnel uses the computer for, such as: social networking, personal interests, etc. They may be able to find out who is causing the incident. Journal Entries for Week Two 08/29/11 to 09/04/11 Journal Entry One: There are twelve categories of threats facing information security, and the most recent top threats listed in the Computer Security Institute’s Computer Crime and Security Survey fall into the most of the twelve categories, but not all (Richardson, 2011). First, act of human error or failure is an accident of the user by deleting files on the desktop, deleting files on the server, releasing important information, modification of files, and unauthorized software installations, but there were no threats found in the survey for this category (Whitman & Mattord, 2007). Second, compromise of intellectual property consists of piracy, information leaks outside of policy, and violation of copyright material (Whitman & Mattord, 2007), from the survey “insider abuse of internet access or email (pornography, pirated software, etc.) falls within this category (Richardson, 2011). Third, deliberate acts of trespass consists of unauthorized access of logical and physical counterparts of an organization (Whitman & Mattord, 2007), from the survey “theft or unauthorized to intellectual property/PII/PHI due to mobile device theft/loss and all other
Incident Response and Contingency Planning Journal 4 causes, password sniffing, system penetration by an outsider, unauthorized access or privilege escalation by insider, exploit of wireless network/DNS server/user’s social network profile/client web browser/public facing website”, fall within this category (Richardson, 2011). Fourth, deliberate acts of information extortion consist of blackmailing for assets (Whitman & Mattord, 2007), from the survey “extortion or blackmail associated with threat of attack or release of stolen data”, falls within this category (Richardson, 2011). Fifth, deliberate acts of sabotage or vandalism consist of modification or destruction of information or physical assets (Whitman & Mattord, 2007), from the survey “website defacement and instant messenger abuse”, fall within this category (Richardson, 2011). Sixth, deliberate acts of theft consist of stealing assets from an organization (Whitman & Mattord, 2007), from the survey “financial fraud and laptop or mobile device theft or loss”, fall within this category (Richardson, 2011). Seventh, deliberate software attacks consist of phishing, email viruses, viruses, worms, malicious coding, DoS, and DDoS, from the survey “malware infection, bots/zombies within the organization, DoS, and fraudulently represented as sender of phishing messages”, fall within this category (Richardson, 2011). Eighth, forces of nature consists of threats from hurricanes, tornadoes, fire, floods, ESD, humidity, dust, mudslide, solar flare, and earthquake, there were no threats from the survey that would have been listed in this category (Whitman & Mattord, 2007). Ninth, quality of service deviations from service providers consist of power blackouts, surges, spikes, sags, and network outages, there were no threats from the survey that would have been listed in this category (Whitman & Mattord, 2007). Tenth, technical hardware failures or errors consist of device failures or defects; there were no threats from the survey that would have been listed in this category (Whitman & Mattord, 2007). Eleventh, technical software failures or errors consist of bugs or coding problems and trapdoors, there were no threats from the survey that would have
Incident Response and Contingency Planning Journal 5 been listed in this category (Whitman & Mattord, 2007). Twelfth, technological obsolescence consist of outdated technology, there were no threats from the survey that would have been listed in this category (Whitman & Mattord, 2007). Journal Entry Two: Reviewing the 2010-2011 Computer Crime and Security Survey, there is a lot of great information that supports the importance of security against these threats. After the previous threats were established, there are ways that were implemented to prevent or fix these threats, which is the most important thing to do, fix any security problems. The top most implemented action taken after a threat was to patch any software vulnerabilities, this is very important because security flaws in software can cause major problems, and can potentially leave a backdoor open for anyone to get into your system (Richardson, 2011). Next few actions that are taken after threats: patched hardware, additional security installed, forensics investigation, awareness training, and policy changes (Richardson, 2011). Two reasons why people did not report these incidents to enforcement is because they did not believe that enforcement could help or that the incident was not major enough to need to report (Richardson, 2011). The top eleven security technologies used for protection that is over a 50% rating, starting from the highest percentage is: anti-virus, firewall, anti-spyware, VPN, patch management, encryption of data being transferred, IDS, encryption of data being stored, URL filtering, application firewall, and intrusion prevent system (Richardson, 2011). The top five ways to evaluate security include from most to least: internal audits, automated tools, web monitoring, external audits, and internal penetration testing (Richardson, 2011). These are all important statistics that could help an organization see what areas they may need to focus in to fix their security problems or how they can measure the protection they’re really getting out of their security tools.
Incident Response and Contingency Planning Journal 6 Journal Entry Three: An important matter that organizations should use to better protect themselves from the potential threat of an attack is to do a business impact analysis which would determine how bad of an impact an attack would be for an organization (Whitman & Mattord, 2007). This helps with planning for threats allowing you to prioritize what would be most important to deal with first over others that may just be an annoyance than a real threat (Whitman & Mattord, 2007). The first step is to identify threats to the organization and prioritize them, and then a business unit analysis determines how different parts of the organization would be affected by treats (Whitman & Mattord, 2007). Next, scenarios should be developed to establish how a threat would be handled in a real situation listing information such as: possible vulnerabilities, threat agent, activities related to the attack, assets in trouble, and follow ups (Whitman & Mattord, 2007). Next, a potential damage assessment should be done, and this helps identify a worse, best, and most likely scenario for an attack including what would happen, the risk with it, the cost to the organization, and probability of it spreading (Whitman & Mattord, 2007). Lastly, a subordinate plan classification will use the different plans drawn together to establish the aftermath of a scenario (Whitman & Mattord, 2007). Journal Entries for Week Three 09/05/11 to 09/11/11 Journal Entry One: Scripted attacks are not as bad as live attacks because they are set up to do whatever the script says, so it will continuously be doing the same thing over and over. This would be more of an annoyance than anything, but it makes it a lot worse when a live person is doing the attacks because it would be for a more rewarding gain like stealing information than just being
Incident Response and Contingency Planning Journal 7 annoying. A live person attempting these attacks would be able to adapt to whatever defenses the organization throws up in its path which is what was happening in the scenario. They were blocking out the ports it was using, which if this was a scripted attack then it would have stopped this incident, but it didn’t (Whitman & Mattord, 2007). Paul decided to view the logs of the network, and found out that it was using a certain range of addresses, so they blocked this range to prevent this attacker from getting into the system (Whitman & Mattord, 2007). It is very important to take incidents like this as serious even when it may not pose a serious threat in the end because you never know how dangerous it is until something catastrophic happens that could jeopardize important business assets, and possibly put the company in some trouble. Never underestimate an attack no matter how simple it may seem because it could cost you more than you reckon. Journal Entry Two: This live attack was more of an annoyance than it was a real incident because attacker was performing the same attack over and over which eventually led him to being found out, and blocked from getting through (Whitman & Mattord, 2007). It would have been more of an incident if he was hiding his ports so that they wouldn’t be found out, if he used more sophisticated strategies to get through, and if he used a different range of ports that were not so easily blocked out by the range Paul had used (Whitman & Mattord, 2007). Had he used a port scanner to find a weakness in the defenses, and used that to exploit the system, I think he would’ve had better chances of getting through (Whitman & Mattord, 2007). Regardless an annoyance or real incident, they should both be treated seriously because you never really know what could possibly happen, and it is better to be overprotective of your assets than risk them.
Incident Response and Contingency Planning Journal 8 Journal Entry Three: The importance of the chapter that correlates to this case study is how to prepare, organize, and prevent incidents from occurring (Whitman & Mattord, 2007). This is typically done by the security incident response team (SIRT) which “is a set of policies, procedures, technologies, people, and data necessary to prevent, detect, react, and recover from an incident that could potentially damage the organization’s information” (Whitman & Mattord, 2007). There are three different ways of making up these SIRTs: centralized is one group maintaining the whole organization, distributed is several teams split up into different portions of the organization, and coordinating is a advice team that helps the others teams out without managing over them (Whitman & Mattord, 2007). The company should probably have a distributed SIRT set up to maintain the different portions of the organization, so that if problems arise in this large company, there are enough teams to handle it (Whitman & Mattord, 2007). These should be inside employees from the IT department doing these SIRTs, I don’t believe that outsourcing is necessary because it does not seem they are suffering too bad to maintain their own incidents (Whitman & Mattord, 2007). Services that are offered by SIRT include: reactive (alerts/warnings, incident/vulnerability/artifact handling), proactive (audits, announcements, maintenance, intrusion detection systems, and configuration), and security management (risk analysis, evaluation/certification, business continuity/disaster recovery planning, and training) (Whitman & Mattord, 2007). These are all very important services that will come in handy to better prepare the organization for incidents, and the SIRT will definitely be beneficial to the improvement of incident response and contingency planning (Whitman & Mattord, 2007).
Incident Response and Contingency Planning Journal 9 Journal Entries for Week Four 09/12/11 to 09/18/11 Journal Entry One: This case study consists of a new way to protect the organization from security threats that firewalls, intrusion detection systems, and scanners are doing, but this can be a pretty costly expense for the company because of yearly subscription fees, and hardware costs (Whitman & Mattord, 2007). JJ had mentioned a better way to save money, and protect the company the same way that all these technologies had that he learned from a meeting at another company (Whitman & Mattord, 2007). His approach was to use open source software which would save a lot of money in the long run, but could prove costly up front because they would either have to hire someone who is trained for this software or send their own employees off for training (Whitman & Mattord, 2007). It is important for companies to try to save as much money as possible because they do have to cover very large costs, but they shouldn’t cut money in a very important part of the company because securing the systems from any attacks should be top priority (Whitman & Mattord, 2007). It could prove to be more costly if this newer approach doesn’t work as well as they think because an attack could cost the company its business if it were too catastrophic, and did more damage than repairable. Management would need to weigh the option of sticking with what they have because they know it works or trade it out for the new open source approach to see if it can cover what the other approach was doing, and save them the expected amount of money (Whitman & Mattord, 2007). Journal Entry Two: JJ suggested that the intrusion detection system should be dropped from being network- based to being host-based instead; Paul agrees that this will be a great idea, and asks for
Incident Response and Contingency Planning Journal 10 technology to be found for this suggestion (Whitman & Mattord, 2007). Easily enough, a host- based intrusion detection system would be the solution because rather than it being placed on the network, and monitoring everything over the network (network-based IDS), it actually is placed on one host, and only monitors everything happening on that host (Whitman & Mattord, 2007). HIDS basically monitors any alterations, deletions, or creations in the system files and system configuration of the host computer (Whitman & Mattord, 2007). “The HIDS triggers an alert or alarm when one of the following changes occurs: file attributes change, new files are created, or existing files are deleted” (Whitman & Mattord, 2007). The HIDS can determine if an attack is going to happen, if it has happened, or is going on, and can tell if it was successful at its attempt, but fortunately keeps its own log file of everything that has happened to better identify what happened (Whitman & Mattord, 2007). The advantages to implementing HIDS is specific to the host computer that it is on, so it is capable of detecting things on that host that slipped by a NIDS, not affected by switched networks, and by comparing audit files to the current files, the HID can detect problems (Whitman & Mattord, 2007). The disadvantages of implementing HIDS is that it takes a lot more managing because it resides on each host rather than a whole network, unable to defend against direct attacks or operating system targeted attacks, only capable of monitoring that one sole device, vulnerable to DOS, requires large amounts of storage for audit logs, and reduction in performance of the host computer (Whitman & Mattord, 2007). I think host-based IDS would be beneficial to implement because it does solely target that host computer, and can protect it better than just a network wide IDS that could have things slip through if there is a lot of traffic over the network (Whitman & Mattord, 2007). The only reason I would not suggest doing a host-based IDS is that it does require a lot of additional attention to each host with this software because it isn’t watching over the whole network, just whichever
Incident Response and Contingency Planning Journal 11 devices you decide to install it on, so if problems arise, you may have to go to each computer to determine the problem (Whitman & Mattord, 2007). Journal Entry Three: JJ is looking for more information on open source software, and training for it, so I found a company that offers both OpenLogic.com. “OpenLogic provides enterprises with open source support, scanning, provisioning and governance solutions to safely and efficiently leverage open source software. OpenLogic gives enterprises the choice, confidence, and control necessary to mitigate open source risks while maximizing cost savings” (OpenLogic, Inc., 2011). OpenLogic provides open source software packages with support in developer or production options (OpenLogic, Inc., 2011). The developer support is offered with more than 500 Linux packages, but only supports during business hours (five days a week, twelve hours each) with a four hour response, and can work through phone, email, or online support (OpenLogic, Inc., 2011). The production support is offered with more than 500 Linux packages, and supports all day every day with a one hour response, and can work through phone, email, or online support (OpenLogic, Inc., 2011). For all packages, OpenLogic offers updates for all bugs or security vulnerabilities to keep software up to date, and keep your systems protected (OpenLogic, Inc., 2011). One of the great aspects of this open source option is that it does offer training depending on the package, for example: open source build and test tools range from two to ten days per each subtopic, and open source clustering lasts three days, but also offers package training for: apache HTTP server, application framework/servers, databases, Java, PHP, and web services (OpenLogic, Inc., 2011). I would recommend this HAL because it is open source as they wanted, it does focus packages around Linux, it offers training for particular packages, and I think this would be a beneficial in their search for open source software (OpenLogic, Inc., 2011).
Incident Response and Contingency Planning Journal 12 Journal Entries for Week Five 09/19/11 to 09/25/11 Journal Entry One: The Fourth Amendment states “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by the Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized” (Whitman & Mattord, 2007). The Fourth Amendment is very important to a company because you never know when a disaster could happen that an employee caused, you have to wonder how the best way is to prove it, and that is through the legal use of search warrants (Whitman & Mattord, 2007). Journal Entry Two: The Fourth Amendment may protect against unlawful searches and seizures without a warrant, but there are ways to get around this, there are seven exceptions to the Fourth Amendment, they include: “consent, plain view, exigent circumstance, inventory search, border search, international issues, and search incident to a lawful arrest” (Whitman & Mattord, 2007). The two most prominent exceptions are consent and plain view; consent states that the person of interest allows for law enforcement to search their personal belongings without refusal, and plain view states that an item is observable without having to change anything in the environment to have access to it (Whitman & Mattord, 2007). Now two problems arise with consent, if consent is given how much consent is truly given to search the environment or just a small piece of it, and the other refers to who can actually give consent to search something (Whitman & Mattord, 2007). This relates to the class material because you may need to search an employee’s
Incident Response and Contingency Planning Journal 13 computer, and you need to know the best way to do that, even if you have to follow one of these exceptions to do it. Journal Entry Three: It is rough determining what is pushing passed the limit, and what isn’t whether they require a warrant or just probable cause to search someone (Whitman & Mattord, 2007). The 1976 Copyright Act was created to help protect not only physical property, but intellectual property as well (Whitman & Mattord, 2007). Though it may be a person’s property, if they are at work, and they decide to store their personal information on a computer leased to them through the company, then they are set to stand by the polices of the company because it is the company’s property (Whitman & Mattord, 2007). The Electronic Communications Privacy Act of 1986 states the regulation of wire, electronic, and oral interceptions, this includes: disclosure, distribution, possession, confiscation, authorization, and reports of these interceptions (Whitman & Mattord, 2007). The Privacy Protection Act of 1980 states that journalists do not have to forfeit their work to law enforcement until it is published for the public to view (Whitman & Mattord, 2007). Journal Entries for Week Six 09/26/11 to 10/02/11 Journal Entry One: Due to the anthrax scare the mailroom had, there are other catastrophes that could take place in the mailroom that could cause problems for company (Whitman & Mattord, 2007). I think the next obvious scare in the mailroom that is related to the anthrax scare would be a package with a bomb inside, that could cost many lives, or even disrupt business for a very long time (Whitman & Mattord, 2007). Another catastrophe that could possibly happen is the mailing
Incident Response and Contingency Planning Journal 14 of an electronic device such as a jump drive that someone may put in their computer, and it starts infecting the system, then the network, putting everything at risk of being compromised (Whitman & Mattord, 2007). Business operations need to be careful in order to protect human lives, but also the company itself because a catastrophe could put the business out for weeks or months, maybe even forever depending on how drastic it is (Whitman & Mattord, 2007). Journal Entry Two: I believe the most important goal when planning for the resumption of critical business functions at an alternate site for four weeks would be to plan to be back at the primary site as soon as possible, and only take what is absolutely necessary for work with them to the alternate because it is not a long term standing (Whitman & Mattord, 2007). If instead it lasted for thirty weeks, I would suggest just focusing on maintaining business to the utmost, and taking everything that you can easily enough, so that it is readily available in case you need it (Whitman & Mattord, 2007). With it being such a long time, the business continuity plan would be used to help keep everything flowing smoothly because it helps with business functions for long periods of time, and would work concurrently with the disaster recovery plan (Whitman & Mattord, 2007). For devices you are unable to move off-site there is the option to do remote journaling where it would transfer data from the primary site to the off-site, so that it is still available (Whitman & Mattord, 2007). Journal Entry Three: The contingency planning management team (CPMT) is normally involved with setting up alternate sites in the case of a disaster, and they generally focus on the cost that is acceptable for what has happened (Whitman & Mattord, 2007). There are five sites that are capable of
Incident Response and Contingency Planning Journal 15 supporting a company at an alternate, and there are three agreements that can also be considered (Whitman & Mattord, 2007). If cost is a big deal then the CPMT would go with a cold site which would have long term setup time, but does not have hardware or telecommunications (Whitman & Mattord, 2007). If cost isn’t too important then a warm or hot site would be used; a warm site would offer partial hardware and telecommunications for a medium setup of time, and a hot site would offer full hardware and telecommunications, and a short setup time (Whitman & Mattord, 2007). If cost just doesn’t matter at all then the CPMT could choose to go with mobile or mirrored sites which are costly; a mobile site is hardware, telecommunications, and setup time dependent, so it would need to be researched if they are capable of making this mobile, and a mirrored site would have full hardware and telecommunications, with no setup time because it is already setup (Whitman & Mattord, 2007). Three agreements that a company can decide on are timeshare, service bureaus, and mutual agreements where a company basically signs a contract with another business, and in different manners, they offer portions or full facility space to take in a company that has suffered from a disaster (Whitman & Mattord, 2007). Subject area experts are just that, experts in their particular fields that can decide what is best for their field and what all they will need to make it possible to continue work in their field (Whitman & Mattord, 2007). Summary: Some of the most important findings covered in these case studies relate directly to the overall objective of this class: risk management, business impact analysis, incident response plan, disaster recovery plan, business continuity plan, and the threats that make these very important pieces of any business (Whitman & Mattord, 2007).
Incident Response and Contingency Planning Journal 16 The main goal of all of this is to protect the confidentiality, integrity, and availability of information in an organization (Whitman & Mattord, 2007). There are twelve threat categories (previously listed in a journal entry) that threaten the CIA of information, and this is the most important asset in the company (Whitman & Mattord, 2007). Risk management protects the CIA of information by finding the vulnerabilities threatening information systems, and a thorough plan to follow for mitigating these risks (Whitman & Mattord, 2007). Risk management uses risk identification, risk control, and risk assessment in handling risks threatening the information systems (Whitman & Mattord, 2007). A business impact analysis is beneficial to help assess what different risks can pose to the company’s day to day business, whether one threat doesn’t do anything to disrupt business, but another one could threaten the livelihood of the business (Whitman & Mattord, 2007). This prioritization of threats help to identify what is the worst risk to the company that should be taken care of before something that is not as risky (Whitman & Mattord, 2007). The incident response plan is the next step taken when a threat actually attacks an organization; this plan helps to identify what it is, and what should be done to manage the threat at the time it is attacking (Whitman & Mattord, 2007). The incident response plan “focuses on intelligence gathering, information analysis, coordinated decision making, and urgent actions” (Whitman & Mattord, 2007). The disaster recovery plan helps with recovering the business from any disaster that strikes, and this can be beneficial in lowering the chances of loss (Whitman & Mattord, 2007). The disaster recovery plan “focuses on preparations completed before and actions taken after the incident” (Whitman & Mattord, 2007). Lastly, the business continuity plan helps
Incident Response and Contingency Planning Journal 17 identify ways to continue business at alternates for long periods of time until business can run at the primary site (Whitman & Mattord, 2007). In conclusion, these are all very important pieces in taking care of the business to protect it from threats, and to plan for actions to take if there is a disaster that threatens the livelihood of a company (Whitman & Mattord, 2007).
Incident Response and Contingency Planning Journal 18 Reference OpenLogic, Inc. (2011). Openlogic: Helping enterprises use open source software. Retrieved from http://www.openlogic.com/index.php. Richardson, Robert. (2011). 2010/2011 computer crime and security survey. New York, NY: Computer Security Institute. Retrieved from http://gocsi.com/survey. Whitman, M. E., & Mattord, H. J. (2007). Principles of incident response and disaster recovery. Boston, MA: Course Technology, Cengage Learning.

Recommended

Ijnsa050201
Ijnsa050201Ijnsa050201
Ijnsa050201IJNSA Journal
 
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING ijmvsc
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALIJNSA Journal
 
Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10Deepa Devadas
 
I’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take nextI’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take nextBrian Pichman
 
Cyber crime
Cyber crimeCyber crime
Cyber crime24sneha
 
306 310
306 310306 310
306 310Editor IJARCET
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
 

Recommended

Ijnsa050201
Ijnsa050201Ijnsa050201
Ijnsa050201IJNSA Journal
 
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING
USER AWARENESS MEASUREMENT THROUGH SOCIAL ENGINEERING ijmvsc
 
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALINCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITAL
INCIDENT RESPONSE PLAN FOR A SMALL TO MEDIUM SIZED HOSPITALIJNSA Journal
 
Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10Gp2 Public Policy Assign8 644 Sp10
Gp2 Public Policy Assign8 644 Sp10Deepa Devadas
 
I’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take nextI’ve been hacked  the essential steps to take next
I’ve been hacked  the essential steps to take nextBrian Pichman
 
Cyber crime
Cyber crimeCyber crime
Cyber crime24sneha
 
306 310
306 310306 310
306 310Editor IJARCET
 
Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Event: George Washington University -- National Security Threat Convergence: ...
Event: George Washington University -- National Security Threat Convergence: ...Chuck Brooks
 
The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...Vincent O'Neil
 
Information security
Information securityInformation security
Information securityAppin Faridabad
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technohoney690131
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
FTC- Internet of Things (January, 2015)
FTC- Internet of Things (January, 2015)FTC- Internet of Things (January, 2015)
FTC- Internet of Things (January, 2015)Dr Dev Kambhampati
 
cyber security notes
cyber security notescyber security notes
cyber security notesSHIKHAJAIN163
 
Its report 050516
Its report 050516Its report 050516
Its report 050516subramanian K
 
Ccs16
Ccs16Ccs16
Ccs16Andrey Apuhtin
 
Toward Automated Reduction of Human Errors based on Cognitive Analysis
Toward Automated Reduction of Human Errors based on Cognitive AnalysisToward Automated Reduction of Human Errors based on Cognitive Analysis
Toward Automated Reduction of Human Errors based on Cognitive AnalysisSherif Zahran
 
Know Your Enemy: Verizon Data Breach Report
Know Your Enemy: Verizon Data Breach ReportKnow Your Enemy: Verizon Data Breach Report
Know Your Enemy: Verizon Data Breach Reportbmonday
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?CBIZ, Inc.
 
Branney-Gant Research Paper
Branney-Gant Research PaperBranney-Gant Research Paper
Branney-Gant Research PaperElizabeth Branney-Gant, CFE
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
C3
C3C3
C3Praveen Malisetty
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
Sensitive Data Exposure Incident Checklist
Sensitive Data Exposure Incident ChecklistSensitive Data Exposure Incident Checklist
Sensitive Data Exposure Incident Checklist- Mark - Fullbright
 
PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)Pace IT at Edmonds Community College
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Cyber Security and Terrorism Research Article2Cybe.docx
Cyber Security and Terrorism Research Article2Cybe.docxCyber Security and Terrorism Research Article2Cybe.docx
Cyber Security and Terrorism Research Article2Cybe.docxrandyburney60861
 
System Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats ModelingSystem Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats ModelingIJNSA Journal
 

More Related Content

What's hot

The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...Vincent O'Neil
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technohoney690131
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
FTC- Internet of Things (January, 2015)
FTC- Internet of Things (January, 2015)FTC- Internet of Things (January, 2015)
FTC- Internet of Things (January, 2015)Dr Dev Kambhampati
 
cyber security notes
cyber security notescyber security notes
cyber security notesSHIKHAJAIN163
 
Toward Automated Reduction of Human Errors based on Cognitive Analysis
Toward Automated Reduction of Human Errors based on Cognitive AnalysisToward Automated Reduction of Human Errors based on Cognitive Analysis
Toward Automated Reduction of Human Errors based on Cognitive AnalysisSherif Zahran
 
Know Your Enemy: Verizon Data Breach Report
Know Your Enemy: Verizon Data Breach ReportKnow Your Enemy: Verizon Data Breach Report
Know Your Enemy: Verizon Data Breach Reportbmonday
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?CBIZ, Inc.
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterPatricia M Watson
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSHB Litigation Conferences
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
Sensitive Data Exposure Incident Checklist
Sensitive Data Exposure Incident ChecklistSensitive Data Exposure Incident Checklist
Sensitive Data Exposure Incident Checklist- Mark - Fullbright
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 

What's hot (20)

The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...The Information Disruption Industry and the Operational Environment of the Fu...
The Information Disruption Industry and the Operational Environment of the Fu...
 
Information security
Information securityInformation security
Information security
 
Article 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking technoArticle 1 currently, smartphone, web, and social networking techno
Article 1 currently, smartphone, web, and social networking techno
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
 
FTC- Internet of Things (January, 2015)
FTC- Internet of Things (January, 2015)FTC- Internet of Things (January, 2015)
FTC- Internet of Things (January, 2015)
 
cyber security notes
cyber security notescyber security notes
cyber security notes
 
Its report 050516
Its report 050516Its report 050516
Its report 050516
 
Ccs16
Ccs16Ccs16
Ccs16
 
Toward Automated Reduction of Human Errors based on Cognitive Analysis
Toward Automated Reduction of Human Errors based on Cognitive AnalysisToward Automated Reduction of Human Errors based on Cognitive Analysis
Toward Automated Reduction of Human Errors based on Cognitive Analysis
 
Know Your Enemy: Verizon Data Breach Report
Know Your Enemy: Verizon Data Breach ReportKnow Your Enemy: Verizon Data Breach Report
Know Your Enemy: Verizon Data Breach Report
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
 
Branney-Gant Research Paper
Branney-Gant Research PaperBranney-Gant Research Paper
Branney-Gant Research Paper
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise Chapter
 
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMSSOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
SOCIAL MEDIA RISKS | HB EMERGING COMPLEX CLAIMS
 
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMSCYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
CYBER LIABILITY COVEREAGE | HB EMERGING COMPLEX CLAIMS
 
C3
C3C3
C3
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
 
Sensitive Data Exposure Incident Checklist
Sensitive Data Exposure Incident ChecklistSensitive Data Exposure Incident Checklist
Sensitive Data Exposure Incident Checklist
 
PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)PACE-IT: Common Threats (part 2)
PACE-IT: Common Threats (part 2)
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
 

Similar to Incident Response & Contingency PlanningCase Journal

Cyber Security and Terrorism Research Article2Cybe.docx
Cyber Security and Terrorism Research Article2Cybe.docxCyber Security and Terrorism Research Article2Cybe.docx
Cyber Security and Terrorism Research Article2Cybe.docxrandyburney60861
 
System Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats ModelingSystem Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats ModelingIJNSA Journal
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateKashif Ali
 
ARTICLE IN PRESSContents lists available at ScienceDirect.docx
ARTICLE IN PRESSContents lists available at ScienceDirect.docxARTICLE IN PRESSContents lists available at ScienceDirect.docx
ARTICLE IN PRESSContents lists available at ScienceDirect.docxfestockton
 
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemIT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemLillian Ekwosi-Egbulem
 
Healthcares Vulnerability to Ransomware AttacksResearch questio
Healthcares Vulnerability to Ransomware AttacksResearch questioHealthcares Vulnerability to Ransomware AttacksResearch questio
Healthcares Vulnerability to Ransomware AttacksResearch questioSusanaFurman449
 
NACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansNACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansMaurice Dawson
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationIJERA Editor
 
Database Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationDatabase Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationApril Dillard
 
Classmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docxClassmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docxbartholomeocoombs
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challengemsdee3362
 
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...Fas (Feisal) Mosleh
 
Gebm os presentation final
Gebm os presentation finalGebm os presentation final
Gebm os presentation finalsunnyjoshi88
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the newsunnyjoshi88
 
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docxRunning Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docxcharisellington63520
 
DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?
DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?
DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?IJCNCJournal
 
Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Monica Rivera
 
Running Head CURRENT CHALLENGES FACING CYBER SECURITY .docx
Running Head CURRENT CHALLENGES FACING CYBER SECURITY .docxRunning Head CURRENT CHALLENGES FACING CYBER SECURITY .docx
Running Head CURRENT CHALLENGES FACING CYBER SECURITY .docxhealdkathaleen
 

Similar to Incident Response & Contingency PlanningCase Journal (20)

Cyber Security and Terrorism Research Article2Cybe.docx
Cyber Security and Terrorism Research Article2Cybe.docxCyber Security and Terrorism Research Article2Cybe.docx
Cyber Security and Terrorism Research Article2Cybe.docx
 
System Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats ModelingSystem Dynamics Based Insider Threats Modeling
System Dynamics Based Insider Threats Modeling
 
OverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrateOverseeCyberSecurityAsHackersSeekToInfiltrate
OverseeCyberSecurityAsHackersSeekToInfiltrate
 
ARTICLE IN PRESSContents lists available at ScienceDirect.docx
ARTICLE IN PRESSContents lists available at ScienceDirect.docxARTICLE IN PRESSContents lists available at ScienceDirect.docx
ARTICLE IN PRESSContents lists available at ScienceDirect.docx
 
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-EgbulemIT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
IT Vulnerabilities - Basic Cyberspace Attacks- by Lillian Ekwosi-Egbulem
 
Healthcares Vulnerability to Ransomware AttacksResearch questio
Healthcares Vulnerability to Ransomware AttacksResearch questioHealthcares Vulnerability to Ransomware AttacksResearch questio
Healthcares Vulnerability to Ransomware AttacksResearch questio
 
NACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New OrleansNACCTFO Cyber Security Presentation 2014 New Orleans
NACCTFO Cyber Security Presentation 2014 New Orleans
 
An Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an OrganizationAn Improved Method for Preventing Data Leakage in an Organization
An Improved Method for Preventing Data Leakage in an Organization
 
Database Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every OrganizationDatabase Security Is Vital For Any And Every Organization
Database Security Is Vital For Any And Every Organization
 
E04 05 2841
E04 05 2841E04 05 2841
E04 05 2841
 
Classmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docxClassmate 1Cybersecurity risk can be characterized as the ris.docx
Classmate 1Cybersecurity risk can be characterized as the ris.docx
 
DBryant-Cybersecurity Challenge
DBryant-Cybersecurity ChallengeDBryant-Cybersecurity Challenge
DBryant-Cybersecurity Challenge
 
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
The Biggest Cyber and Physical Security Threats to Critical Infrastructure FM...
 
Gebm os presentation final
Gebm os presentation finalGebm os presentation final
Gebm os presentation final
 
Online security – an assessment of the new
Online security – an assessment of the newOnline security – an assessment of the new
Online security – an assessment of the new
 
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docxRunning Head INFORMATION SECURITY VULNERABILITY 2.docx
Running Head INFORMATION SECURITY VULNERABILITY 2.docx
 
DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?
DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?
DOES DIGITAL NATIVE STATUS IMPACT END-USER ANTIVIRUS USAGE?
 
Senior Seminar Paper
Senior Seminar PaperSenior Seminar Paper
Senior Seminar Paper
 
Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )Vulnerability Assessment ( Va )
Vulnerability Assessment ( Va )
 
Running Head CURRENT CHALLENGES FACING CYBER SECURITY .docx
Running Head CURRENT CHALLENGES FACING CYBER SECURITY .docxRunning Head CURRENT CHALLENGES FACING CYBER SECURITY .docx
Running Head CURRENT CHALLENGES FACING CYBER SECURITY .docx
 

More from brittanyjespersen

Input, Output, and Procedures
Input, Output, and ProceduresInput, Output, and Procedures
Input, Output, and Proceduresbrittanyjespersen
 
Final Report Summary Group Effort
Final Report Summary Group EffortFinal Report Summary Group Effort
Final Report Summary Group Effortbrittanyjespersen
 

More from brittanyjespersen (6)

Ubuntu VOIP & IM
Ubuntu VOIP & IMUbuntu VOIP & IM
Ubuntu VOIP & IM
 
Input, Output, and Procedures
Input, Output, and ProceduresInput, Output, and Procedures
Input, Output, and Procedures
 
Final Report Summary Group Effort
Final Report Summary Group EffortFinal Report Summary Group Effort
Final Report Summary Group Effort
 
Project Scope Statement
Project Scope StatementProject Scope Statement
Project Scope Statement
 
Methods Hackers Use
Methods Hackers UseMethods Hackers Use
Methods Hackers Use
 
File Encryption
File EncryptionFile Encryption
File Encryption
 

Incident Response & Contingency PlanningCase Journal

  • 1. Incident Response and Contingency Planning Journal Incident Response and Contingency Planning Journal By Brittany M Gilstrap ITEC 4341-01 Fall 2011 Macon State College
  • 2. Incident Response and Contingency Planning Journal 1 Journal Entries for Week One 08/22/11 to 08/28/11 Journal Entry One: There is an incident in which someone on the inside of HAL is trying to get inside e-mail server by using several different accounts, but is failing to do so (Whitman & Mattord, 2007). There are multiple attacks, and even though they are using a proxy, and recently moved their servers into the DMZ, the question is who is creating such a disturbance, why are they trying to get into the e-mail server, and how are the attempting this incident (Whitman & Mattord, 2007). This would qualify as a deliberate act of trespass because it is an attempt by an unauthorized employee for informational access in the e-mail server (Whitman & Mattord, 2007). Risk identification would be to plan out this process, the system components being threatened is the e- mail server which could contain confidential information, depending on how critical this information is, it is an important asset to the company, and should be protected (Whitman & Mattord, 2007). Identifying the treat is in internal personnel trying to break into the e-mail server using other people’s log in information, but failing to get through (Whitman & Mattord, 2007). Lastly, in risk identification, the vulnerable assets are the e-mails on this server that could potentially be read by prying eyes that are not allowed to see, and possibly threatening critical information about business operations (Whitman & Mattord, 2007). Next is to do a risk assessment, and to determine how to value the assets on this e-mail server, it would depend on how highly critical the information is that is being stored there (Whitman & Mattord, 2007). There is a high likelihood of attack on the vulnerabilities because it is already in place that someone is trying to get into this e-mail server, and apparently is using others e-mail accounts to try to hack in, but is unable to (Whitman & Mattord, 2007). In the end, there will need to be a
  • 3. Incident Response and Contingency Planning Journal 2 decision on risk control to decide what the best route is to protect the server, and to protect these accounts (Whitman & Mattord, 2007). Journal Entry Two: The first question asks who Paul should invite to this meeting to discuss this incident (Whitman & Mattord, 2007). Obviously Paul will be bringing himself, Amanda whose account was being used to try to access the e-mail server, and because she is Paul’s boss (Whitman & Mattord, 2007). Jonathon is the senior systems administrator who recognized these many failed attempts at being able to get through the proxy, and Paul also asked him to grab Tina who is the senior network administrator (Whitman & Mattord, 2007). I believe that Richard Xavier, chief operations officer, William Freund, manager of systems, and Roberta Briscoe, manager of corporation security, should be present because it did ask for senior personnel to be at this meeting, and their fields each give them some insight on what to do, and how to approach this incident (Whitman & Mattord, 2007). Richard would be able to provide potential directions to follow in this incident, and help to plan for a recovery afterwards to better train employs, and put policies in place to protect against this kind of incident. William would be able to provide information on the systems within the organization, and how such an attempt could have manifested. Roberta would be able to provide information on security needs within the organization, and would be able to point them in the right direction for protecting the e-mail server from this attack. Journal Entry Three: The second question asks what other information Paul and his team can use to track down this incident (Whitman & Mattord, 2007). For Paul and his team to track down this incident, it
  • 4. Incident Response and Contingency Planning Journal 3 would be most beneficial to see all the accounts in which the personnel was using to hack into the e-mail server, also it would help to get all the IP addresses of the computers being used in this attack, so that they can identify possibly which personnel is making this attack. Also, they could install software on any IP addresses that show up, so that the computer can track all user activity, and they would be able to review the personnel in the process of attacking. They could also possibly find potential giveaways from what the personnel uses the computer for, such as: social networking, personal interests, etc. They may be able to find out who is causing the incident. Journal Entries for Week Two 08/29/11 to 09/04/11 Journal Entry One: There are twelve categories of threats facing information security, and the most recent top threats listed in the Computer Security Institute’s Computer Crime and Security Survey fall into the most of the twelve categories, but not all (Richardson, 2011). First, act of human error or failure is an accident of the user by deleting files on the desktop, deleting files on the server, releasing important information, modification of files, and unauthorized software installations, but there were no threats found in the survey for this category (Whitman & Mattord, 2007). Second, compromise of intellectual property consists of piracy, information leaks outside of policy, and violation of copyright material (Whitman & Mattord, 2007), from the survey “insider abuse of internet access or email (pornography, pirated software, etc.) falls within this category (Richardson, 2011). Third, deliberate acts of trespass consists of unauthorized access of logical and physical counterparts of an organization (Whitman & Mattord, 2007), from the survey “theft or unauthorized to intellectual property/PII/PHI due to mobile device theft/loss and all other
  • 5. Incident Response and Contingency Planning Journal 4 causes, password sniffing, system penetration by an outsider, unauthorized access or privilege escalation by insider, exploit of wireless network/DNS server/user’s social network profile/client web browser/public facing website”, fall within this category (Richardson, 2011). Fourth, deliberate acts of information extortion consist of blackmailing for assets (Whitman & Mattord, 2007), from the survey “extortion or blackmail associated with threat of attack or release of stolen data”, falls within this category (Richardson, 2011). Fifth, deliberate acts of sabotage or vandalism consist of modification or destruction of information or physical assets (Whitman & Mattord, 2007), from the survey “website defacement and instant messenger abuse”, fall within this category (Richardson, 2011). Sixth, deliberate acts of theft consist of stealing assets from an organization (Whitman & Mattord, 2007), from the survey “financial fraud and laptop or mobile device theft or loss”, fall within this category (Richardson, 2011). Seventh, deliberate software attacks consist of phishing, email viruses, viruses, worms, malicious coding, DoS, and DDoS, from the survey “malware infection, bots/zombies within the organization, DoS, and fraudulently represented as sender of phishing messages”, fall within this category (Richardson, 2011). Eighth, forces of nature consists of threats from hurricanes, tornadoes, fire, floods, ESD, humidity, dust, mudslide, solar flare, and earthquake, there were no threats from the survey that would have been listed in this category (Whitman & Mattord, 2007). Ninth, quality of service deviations from service providers consist of power blackouts, surges, spikes, sags, and network outages, there were no threats from the survey that would have been listed in this category (Whitman & Mattord, 2007). Tenth, technical hardware failures or errors consist of device failures or defects; there were no threats from the survey that would have been listed in this category (Whitman & Mattord, 2007). Eleventh, technical software failures or errors consist of bugs or coding problems and trapdoors, there were no threats from the survey that would have
  • 6. Incident Response and Contingency Planning Journal 5 been listed in this category (Whitman & Mattord, 2007). Twelfth, technological obsolescence consist of outdated technology, there were no threats from the survey that would have been listed in this category (Whitman & Mattord, 2007). Journal Entry Two: Reviewing the 2010-2011 Computer Crime and Security Survey, there is a lot of great information that supports the importance of security against these threats. After the previous threats were established, there are ways that were implemented to prevent or fix these threats, which is the most important thing to do, fix any security problems. The top most implemented action taken after a threat was to patch any software vulnerabilities, this is very important because security flaws in software can cause major problems, and can potentially leave a backdoor open for anyone to get into your system (Richardson, 2011). Next few actions that are taken after threats: patched hardware, additional security installed, forensics investigation, awareness training, and policy changes (Richardson, 2011). Two reasons why people did not report these incidents to enforcement is because they did not believe that enforcement could help or that the incident was not major enough to need to report (Richardson, 2011). The top eleven security technologies used for protection that is over a 50% rating, starting from the highest percentage is: anti-virus, firewall, anti-spyware, VPN, patch management, encryption of data being transferred, IDS, encryption of data being stored, URL filtering, application firewall, and intrusion prevent system (Richardson, 2011). The top five ways to evaluate security include from most to least: internal audits, automated tools, web monitoring, external audits, and internal penetration testing (Richardson, 2011). These are all important statistics that could help an organization see what areas they may need to focus in to fix their security problems or how they can measure the protection they’re really getting out of their security tools.
  • 7. Incident Response and Contingency Planning Journal 6 Journal Entry Three: An important matter that organizations should use to better protect themselves from the potential threat of an attack is to do a business impact analysis which would determine how bad of an impact an attack would be for an organization (Whitman & Mattord, 2007). This helps with planning for threats allowing you to prioritize what would be most important to deal with first over others that may just be an annoyance than a real threat (Whitman & Mattord, 2007). The first step is to identify threats to the organization and prioritize them, and then a business unit analysis determines how different parts of the organization would be affected by treats (Whitman & Mattord, 2007). Next, scenarios should be developed to establish how a threat would be handled in a real situation listing information such as: possible vulnerabilities, threat agent, activities related to the attack, assets in trouble, and follow ups (Whitman & Mattord, 2007). Next, a potential damage assessment should be done, and this helps identify a worse, best, and most likely scenario for an attack including what would happen, the risk with it, the cost to the organization, and probability of it spreading (Whitman & Mattord, 2007). Lastly, a subordinate plan classification will use the different plans drawn together to establish the aftermath of a scenario (Whitman & Mattord, 2007). Journal Entries for Week Three 09/05/11 to 09/11/11 Journal Entry One: Scripted attacks are not as bad as live attacks because they are set up to do whatever the script says, so it will continuously be doing the same thing over and over. This would be more of an annoyance than anything, but it makes it a lot worse when a live person is doing the attacks because it would be for a more rewarding gain like stealing information than just being
  • 8. Incident Response and Contingency Planning Journal 7 annoying. A live person attempting these attacks would be able to adapt to whatever defenses the organization throws up in its path which is what was happening in the scenario. They were blocking out the ports it was using, which if this was a scripted attack then it would have stopped this incident, but it didn’t (Whitman & Mattord, 2007). Paul decided to view the logs of the network, and found out that it was using a certain range of addresses, so they blocked this range to prevent this attacker from getting into the system (Whitman & Mattord, 2007). It is very important to take incidents like this as serious even when it may not pose a serious threat in the end because you never know how dangerous it is until something catastrophic happens that could jeopardize important business assets, and possibly put the company in some trouble. Never underestimate an attack no matter how simple it may seem because it could cost you more than you reckon. Journal Entry Two: This live attack was more of an annoyance than it was a real incident because attacker was performing the same attack over and over which eventually led him to being found out, and blocked from getting through (Whitman & Mattord, 2007). It would have been more of an incident if he was hiding his ports so that they wouldn’t be found out, if he used more sophisticated strategies to get through, and if he used a different range of ports that were not so easily blocked out by the range Paul had used (Whitman & Mattord, 2007). Had he used a port scanner to find a weakness in the defenses, and used that to exploit the system, I think he would’ve had better chances of getting through (Whitman & Mattord, 2007). Regardless an annoyance or real incident, they should both be treated seriously because you never really know what could possibly happen, and it is better to be overprotective of your assets than risk them.
  • 9. Incident Response and Contingency Planning Journal 8 Journal Entry Three: The importance of the chapter that correlates to this case study is how to prepare, organize, and prevent incidents from occurring (Whitman & Mattord, 2007). This is typically done by the security incident response team (SIRT) which “is a set of policies, procedures, technologies, people, and data necessary to prevent, detect, react, and recover from an incident that could potentially damage the organization’s information” (Whitman & Mattord, 2007). There are three different ways of making up these SIRTs: centralized is one group maintaining the whole organization, distributed is several teams split up into different portions of the organization, and coordinating is a advice team that helps the others teams out without managing over them (Whitman & Mattord, 2007). The company should probably have a distributed SIRT set up to maintain the different portions of the organization, so that if problems arise in this large company, there are enough teams to handle it (Whitman & Mattord, 2007). These should be inside employees from the IT department doing these SIRTs, I don’t believe that outsourcing is necessary because it does not seem they are suffering too bad to maintain their own incidents (Whitman & Mattord, 2007). Services that are offered by SIRT include: reactive (alerts/warnings, incident/vulnerability/artifact handling), proactive (audits, announcements, maintenance, intrusion detection systems, and configuration), and security management (risk analysis, evaluation/certification, business continuity/disaster recovery planning, and training) (Whitman & Mattord, 2007). These are all very important services that will come in handy to better prepare the organization for incidents, and the SIRT will definitely be beneficial to the improvement of incident response and contingency planning (Whitman & Mattord, 2007).
  • 10. Incident Response and Contingency Planning Journal 9 Journal Entries for Week Four 09/12/11 to 09/18/11 Journal Entry One: This case study consists of a new way to protect the organization from security threats that firewalls, intrusion detection systems, and scanners are doing, but this can be a pretty costly expense for the company because of yearly subscription fees, and hardware costs (Whitman & Mattord, 2007). JJ had mentioned a better way to save money, and protect the company the same way that all these technologies had that he learned from a meeting at another company (Whitman & Mattord, 2007). His approach was to use open source software which would save a lot of money in the long run, but could prove costly up front because they would either have to hire someone who is trained for this software or send their own employees off for training (Whitman & Mattord, 2007). It is important for companies to try to save as much money as possible because they do have to cover very large costs, but they shouldn’t cut money in a very important part of the company because securing the systems from any attacks should be top priority (Whitman & Mattord, 2007). It could prove to be more costly if this newer approach doesn’t work as well as they think because an attack could cost the company its business if it were too catastrophic, and did more damage than repairable. Management would need to weigh the option of sticking with what they have because they know it works or trade it out for the new open source approach to see if it can cover what the other approach was doing, and save them the expected amount of money (Whitman & Mattord, 2007). Journal Entry Two: JJ suggested that the intrusion detection system should be dropped from being network- based to being host-based instead; Paul agrees that this will be a great idea, and asks for
  • 11. Incident Response and Contingency Planning Journal 10 technology to be found for this suggestion (Whitman & Mattord, 2007). Easily enough, a host- based intrusion detection system would be the solution because rather than it being placed on the network, and monitoring everything over the network (network-based IDS), it actually is placed on one host, and only monitors everything happening on that host (Whitman & Mattord, 2007). HIDS basically monitors any alterations, deletions, or creations in the system files and system configuration of the host computer (Whitman & Mattord, 2007). “The HIDS triggers an alert or alarm when one of the following changes occurs: file attributes change, new files are created, or existing files are deleted” (Whitman & Mattord, 2007). The HIDS can determine if an attack is going to happen, if it has happened, or is going on, and can tell if it was successful at its attempt, but fortunately keeps its own log file of everything that has happened to better identify what happened (Whitman & Mattord, 2007). The advantages to implementing HIDS is specific to the host computer that it is on, so it is capable of detecting things on that host that slipped by a NIDS, not affected by switched networks, and by comparing audit files to the current files, the HID can detect problems (Whitman & Mattord, 2007). The disadvantages of implementing HIDS is that it takes a lot more managing because it resides on each host rather than a whole network, unable to defend against direct attacks or operating system targeted attacks, only capable of monitoring that one sole device, vulnerable to DOS, requires large amounts of storage for audit logs, and reduction in performance of the host computer (Whitman & Mattord, 2007). I think host-based IDS would be beneficial to implement because it does solely target that host computer, and can protect it better than just a network wide IDS that could have things slip through if there is a lot of traffic over the network (Whitman & Mattord, 2007). The only reason I would not suggest doing a host-based IDS is that it does require a lot of additional attention to each host with this software because it isn’t watching over the whole network, just whichever
  • 12. Incident Response and Contingency Planning Journal 11 devices you decide to install it on, so if problems arise, you may have to go to each computer to determine the problem (Whitman & Mattord, 2007). Journal Entry Three: JJ is looking for more information on open source software, and training for it, so I found a company that offers both OpenLogic.com. “OpenLogic provides enterprises with open source support, scanning, provisioning and governance solutions to safely and efficiently leverage open source software. OpenLogic gives enterprises the choice, confidence, and control necessary to mitigate open source risks while maximizing cost savings” (OpenLogic, Inc., 2011). OpenLogic provides open source software packages with support in developer or production options (OpenLogic, Inc., 2011). The developer support is offered with more than 500 Linux packages, but only supports during business hours (five days a week, twelve hours each) with a four hour response, and can work through phone, email, or online support (OpenLogic, Inc., 2011). The production support is offered with more than 500 Linux packages, and supports all day every day with a one hour response, and can work through phone, email, or online support (OpenLogic, Inc., 2011). For all packages, OpenLogic offers updates for all bugs or security vulnerabilities to keep software up to date, and keep your systems protected (OpenLogic, Inc., 2011). One of the great aspects of this open source option is that it does offer training depending on the package, for example: open source build and test tools range from two to ten days per each subtopic, and open source clustering lasts three days, but also offers package training for: apache HTTP server, application framework/servers, databases, Java, PHP, and web services (OpenLogic, Inc., 2011). I would recommend this HAL because it is open source as they wanted, it does focus packages around Linux, it offers training for particular packages, and I think this would be a beneficial in their search for open source software (OpenLogic, Inc., 2011).
  • 13. Incident Response and Contingency Planning Journal 12 Journal Entries for Week Five 09/19/11 to 09/25/11 Journal Entry One: The Fourth Amendment states “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by the Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized” (Whitman & Mattord, 2007). The Fourth Amendment is very important to a company because you never know when a disaster could happen that an employee caused, you have to wonder how the best way is to prove it, and that is through the legal use of search warrants (Whitman & Mattord, 2007). Journal Entry Two: The Fourth Amendment may protect against unlawful searches and seizures without a warrant, but there are ways to get around this, there are seven exceptions to the Fourth Amendment, they include: “consent, plain view, exigent circumstance, inventory search, border search, international issues, and search incident to a lawful arrest” (Whitman & Mattord, 2007). The two most prominent exceptions are consent and plain view; consent states that the person of interest allows for law enforcement to search their personal belongings without refusal, and plain view states that an item is observable without having to change anything in the environment to have access to it (Whitman & Mattord, 2007). Now two problems arise with consent, if consent is given how much consent is truly given to search the environment or just a small piece of it, and the other refers to who can actually give consent to search something (Whitman & Mattord, 2007). This relates to the class material because you may need to search an employee’s
  • 14. Incident Response and Contingency Planning Journal 13 computer, and you need to know the best way to do that, even if you have to follow one of these exceptions to do it. Journal Entry Three: It is rough determining what is pushing passed the limit, and what isn’t whether they require a warrant or just probable cause to search someone (Whitman & Mattord, 2007). The 1976 Copyright Act was created to help protect not only physical property, but intellectual property as well (Whitman & Mattord, 2007). Though it may be a person’s property, if they are at work, and they decide to store their personal information on a computer leased to them through the company, then they are set to stand by the polices of the company because it is the company’s property (Whitman & Mattord, 2007). The Electronic Communications Privacy Act of 1986 states the regulation of wire, electronic, and oral interceptions, this includes: disclosure, distribution, possession, confiscation, authorization, and reports of these interceptions (Whitman & Mattord, 2007). The Privacy Protection Act of 1980 states that journalists do not have to forfeit their work to law enforcement until it is published for the public to view (Whitman & Mattord, 2007). Journal Entries for Week Six 09/26/11 to 10/02/11 Journal Entry One: Due to the anthrax scare the mailroom had, there are other catastrophes that could take place in the mailroom that could cause problems for company (Whitman & Mattord, 2007). I think the next obvious scare in the mailroom that is related to the anthrax scare would be a package with a bomb inside, that could cost many lives, or even disrupt business for a very long time (Whitman & Mattord, 2007). Another catastrophe that could possibly happen is the mailing
  • 15. Incident Response and Contingency Planning Journal 14 of an electronic device such as a jump drive that someone may put in their computer, and it starts infecting the system, then the network, putting everything at risk of being compromised (Whitman & Mattord, 2007). Business operations need to be careful in order to protect human lives, but also the company itself because a catastrophe could put the business out for weeks or months, maybe even forever depending on how drastic it is (Whitman & Mattord, 2007). Journal Entry Two: I believe the most important goal when planning for the resumption of critical business functions at an alternate site for four weeks would be to plan to be back at the primary site as soon as possible, and only take what is absolutely necessary for work with them to the alternate because it is not a long term standing (Whitman & Mattord, 2007). If instead it lasted for thirty weeks, I would suggest just focusing on maintaining business to the utmost, and taking everything that you can easily enough, so that it is readily available in case you need it (Whitman & Mattord, 2007). With it being such a long time, the business continuity plan would be used to help keep everything flowing smoothly because it helps with business functions for long periods of time, and would work concurrently with the disaster recovery plan (Whitman & Mattord, 2007). For devices you are unable to move off-site there is the option to do remote journaling where it would transfer data from the primary site to the off-site, so that it is still available (Whitman & Mattord, 2007). Journal Entry Three: The contingency planning management team (CPMT) is normally involved with setting up alternate sites in the case of a disaster, and they generally focus on the cost that is acceptable for what has happened (Whitman & Mattord, 2007). There are five sites that are capable of
  • 16. Incident Response and Contingency Planning Journal 15 supporting a company at an alternate, and there are three agreements that can also be considered (Whitman & Mattord, 2007). If cost is a big deal then the CPMT would go with a cold site which would have long term setup time, but does not have hardware or telecommunications (Whitman & Mattord, 2007). If cost isn’t too important then a warm or hot site would be used; a warm site would offer partial hardware and telecommunications for a medium setup of time, and a hot site would offer full hardware and telecommunications, and a short setup time (Whitman & Mattord, 2007). If cost just doesn’t matter at all then the CPMT could choose to go with mobile or mirrored sites which are costly; a mobile site is hardware, telecommunications, and setup time dependent, so it would need to be researched if they are capable of making this mobile, and a mirrored site would have full hardware and telecommunications, with no setup time because it is already setup (Whitman & Mattord, 2007). Three agreements that a company can decide on are timeshare, service bureaus, and mutual agreements where a company basically signs a contract with another business, and in different manners, they offer portions or full facility space to take in a company that has suffered from a disaster (Whitman & Mattord, 2007). Subject area experts are just that, experts in their particular fields that can decide what is best for their field and what all they will need to make it possible to continue work in their field (Whitman & Mattord, 2007). Summary: Some of the most important findings covered in these case studies relate directly to the overall objective of this class: risk management, business impact analysis, incident response plan, disaster recovery plan, business continuity plan, and the threats that make these very important pieces of any business (Whitman & Mattord, 2007).
  • 17. Incident Response and Contingency Planning Journal 16 The main goal of all of this is to protect the confidentiality, integrity, and availability of information in an organization (Whitman & Mattord, 2007). There are twelve threat categories (previously listed in a journal entry) that threaten the CIA of information, and this is the most important asset in the company (Whitman & Mattord, 2007). Risk management protects the CIA of information by finding the vulnerabilities threatening information systems, and a thorough plan to follow for mitigating these risks (Whitman & Mattord, 2007). Risk management uses risk identification, risk control, and risk assessment in handling risks threatening the information systems (Whitman & Mattord, 2007). A business impact analysis is beneficial to help assess what different risks can pose to the company’s day to day business, whether one threat doesn’t do anything to disrupt business, but another one could threaten the livelihood of the business (Whitman & Mattord, 2007). This prioritization of threats help to identify what is the worst risk to the company that should be taken care of before something that is not as risky (Whitman & Mattord, 2007). The incident response plan is the next step taken when a threat actually attacks an organization; this plan helps to identify what it is, and what should be done to manage the threat at the time it is attacking (Whitman & Mattord, 2007). The incident response plan “focuses on intelligence gathering, information analysis, coordinated decision making, and urgent actions” (Whitman & Mattord, 2007). The disaster recovery plan helps with recovering the business from any disaster that strikes, and this can be beneficial in lowering the chances of loss (Whitman & Mattord, 2007). The disaster recovery plan “focuses on preparations completed before and actions taken after the incident” (Whitman & Mattord, 2007). Lastly, the business continuity plan helps
  • 18. Incident Response and Contingency Planning Journal 17 identify ways to continue business at alternates for long periods of time until business can run at the primary site (Whitman & Mattord, 2007). In conclusion, these are all very important pieces in taking care of the business to protect it from threats, and to plan for actions to take if there is a disaster that threatens the livelihood of a company (Whitman & Mattord, 2007).
  • 19. Incident Response and Contingency Planning Journal 18 Reference OpenLogic, Inc. (2011). Openlogic: Helping enterprises use open source software. Retrieved from http://www.openlogic.com/index.php. Richardson, Robert. (2011). 2010/2011 computer crime and security survey. New York, NY: Computer Security Institute. Retrieved from http://gocsi.com/survey. Whitman, M. E., & Mattord, H. J. (2007). Principles of incident response and disaster recovery. Boston, MA: Course Technology, Cengage Learning.