SlideShare a Scribd company logo

Cyber Security: Cyber Incident Response Methodology

Signals Defense, LLC
Signals Defense, LLC

Incident Response (IR) and cleanup methodology to identify the scope of compromises, identify malicious scripts and programs to eradicate network systems.

Technology
1 of 2
Download to read offline
SD Cyber Security Incident Response Methodology __________________________________________________________________________________________ 1 Easter Court, Suite E, Owings Mills, MD 21117 PHONE 410·902·0356 · FAX 410·902·9609 www.signalsdefense.com ©2014. ASTIC Signals Defenses, LLC. All rights reserved. Signals Defense has a robust Incident Response (IR) and cleanup methodology that has been utilized to help multiple Federal and Civilian agencies to identify the scope of compromises, identify malicious scripts and programs, and eradicate those systems. The Signals Defense IR staff is all fully certified, and cleared personnel dealing with both classified incidents as well as unclassified but highly confidential issues. Signals Defense begins this process by working with your network and security staffs to get a complete understanding of what is known about the compromise. At this time we will review any system and security logs as well as any packet captures that have been taken of the malicious activity. We have had great success identifying the initial point of entry of the attacker during this phase if it has not already been identified. Signals Defense works with your network and security staff to determine what level of network access should be provided to identify any currently compromised systems on the network while still maintaining the appropriate level of business confidentiality for your organization. Once this has been determined we develop custom scripts and programs to identify compromised systems and anomalous behavior. All data captured and reviewed in this phase will be stored on a removable encrypted drive. All data investigations will follow industry best practices for chain of custody. This will assure that all data and findings admissible in court if the case gets to that level. During this phase we are constantly working with your internal teams to ensure that any capabilities currently in place are maximized. Signals Defense uses the information gathered during this phase to establish the scope of the compromise and determine what steps should be taken next. After the compromised systems have been identified and the scope of the compromise has been determined, we will provide a comprehensive plan to return the compromised systems to an acceptable state. This plan includes multiple options, some of which can be used to successfully eliminate the attacker from the network; others can be used to mitigate the effectiveness of the attack while systems are returned to production state in stages. Our experience resides in the following environments and industries: • Department of Defense • International Law Firms • Financial Firms • Civilian and Government Health Care • High net worth individual clients • The US Republican Party • Drug Development and Research Facilities • US Critical Infrastructure • US Federal Agencies • Casino and Gaming industry partners
__________________________________________________________________________________________ 1 Easter Court, Suite E, Owings Mills, MD 21117 PHONE 410·902·0356 · FAX 410·902·9609 www.signalsdefense.com ©2014. ASTIC Signals Defenses, LLC. All rights reserved. Rick Mellendick holds Top Secret (TS) clearance and is the Chief Security Officer for Signals Defense in Owings Mills, MD with 18 years of information technology security experience. Mr. Mellendick performs the duties of technical director and chief strategist to multiple DoD, federal, intelligence, and private organizations. He provides direct support to the U.S. Critical Infrastructure. His background is in designing secure networks in multi-platform/multi-classification environments. His knowledge was gained from researching the advanced threats to critical infrastructure, as well as civilian, and federal agencies which is the basis for the Signals Defense Computer Network Defense Team and Red Teams tactics to protect our clients’ systems. Rick has extensive experience in computer network operations including developing proof of concept attacks and performing demonstrations for many federal and corporate clients. The teams that Mr. Mellendick leads regularly perform Red Team analysis specializing in wireless and RF attack and defense as well as technical surveillance counter-measure (TSCM) sweeps. He is a subject matter expert for computer network operations, wireless offensive tactics, and designing information systems to comply with federal and local regulations. Mr. Mellendick has personally completed over 200 wireless and wired penetration tests. Rick was the chief security architect for a congressionally recognized center of excellence for a multi-billion dollar hosted service data center built using non-traditional defense in depth strategies. His teams utilize offensive network techniques to better defend the network and critical infrastructures. Mr. Mellendick specializes in designing and testing wireless networks with non-traditional strategies using offensive techniques. He is a builder and breaker of RF signals, inventor of the Wireless Capture the Flag (http://wctf.us), and breaking and entering through RF is his specialty. His certifications include CISSP, ISSEP, OPSA, CEH, IEM, IAM, MCP, Certified DoD System Administrator, and Linux Security certifications. About Us Signals Defense, LLC headquartered in Owings Mills, Maryland, specializes in providing Full Spectrum Security Solutions for Commercial and Governmental organizations. Signals Defense’s approach includes the belief that full spectrum security is derived from addressing all three disciplines of security: IT/Cyber, Technical/EMSEC, and Physical/OPSEC. Our organization has significant experience in providing products and services across all three disciplines and can develop custom security mitigation solutions based on our unique SDTVA™ (Signals Defense Threat and Vulnerability Assessment.) SD Technology is deployed in over 1000 locations including Government Intelligence agencies, DoD and Fortune 100 companies. Our technology has become the de facto standard for the US Government and anyone desiring to properly secure locations handling sensitive and/or classified information.

Recommended

Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Fidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
Eidws 107 information assurance
Eidws 107 information assuranceEidws 107 information assurance
Eidws 107 information assuranceIT2Alcorn
 
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Puneet Kukreja
 

Recommended

Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Fidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
Eidws 107 information assurance
Eidws 107 information assuranceEidws 107 information assurance
Eidws 107 information assuranceIT2Alcorn
 
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Puneet Kukreja
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains Aparajita Banerjee
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningDell EMC World
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthPECB
 
White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2Prof John Walker FRSA Purveyor Dark Intelligence
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...patmisasi
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and ChallengesHappiest Minds Technologies
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...Dell EMC World
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
CERT Certification
CERT CertificationCERT Certification
CERT CertificationConferencias FIST
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterMDS CS
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCFidelis Cybersecurity
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Jim Kaplan CIA CFE
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Darryl T. Smith Resume (1)
Darryl T. Smith Resume (1)Darryl T. Smith Resume (1)
Darryl T. Smith Resume (1)Darryl Smith, CISSP
 
OPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTOPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTIntan Noona
 
Memory forensics cheat sheet
Memory forensics cheat sheetMemory forensics cheat sheet
Memory forensics cheat sheetMartin Cabrera
 

More Related Content

What's hot

Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningDell EMC World
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthPECB
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...patmisasi
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...Dell EMC World
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterMDS CS
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCFidelis Cybersecurity
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Jim Kaplan CIA CFE
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 

What's hot (20)

Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response Planning
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in Depth
 
White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacks
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryption
 
MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for Investors
 
CERT Certification
CERT CertificationCERT Certification
CERT Certification
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations Center
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOC
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
Darryl T. Smith Resume (1)
Darryl T. Smith Resume (1)Darryl T. Smith Resume (1)
Darryl T. Smith Resume (1)
 

Viewers also liked

OPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTOPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTIntan Noona
 
Memory forensics cheat sheet
Memory forensics cheat sheetMemory forensics cheat sheet
Memory forensics cheat sheetMartin Cabrera
 
Network DDoS Incident Response Cheat Sheet (by SANS)
Network DDoS Incident Response Cheat Sheet (by SANS)Network DDoS Incident Response Cheat Sheet (by SANS)
Network DDoS Incident Response Cheat Sheet (by SANS)Martin Cabrera
 
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserSecurity Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserAnton Chuvakin
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012Rian Yulian
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureOllie Whitehouse
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response TriageAlbert Hui
 

Viewers also liked (7)

OPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTOPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENT
 
Memory forensics cheat sheet
Memory forensics cheat sheetMemory forensics cheat sheet
Memory forensics cheat sheet
 
Network DDoS Incident Response Cheat Sheet (by SANS)
Network DDoS Incident Response Cheat Sheet (by SANS)Network DDoS Incident Response Cheat Sheet (by SANS)
Network DDoS Incident Response Cheat Sheet (by SANS)
 
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserSecurity Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics Lecture
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response Triage
 

Similar to Cyber Security: Cyber Incident Response Methodology

AGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperAGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperMestizo Enterprises
 
OpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakOpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakMarc St-Pierre
 
RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2Ron Miller
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
Cyber security cdg.io
Cyber security cdg.ioCyber security cdg.io
Cyber security cdg.ioCyberGroup
 
Tecomex Forensics Brochure 2014
Tecomex Forensics Brochure 2014Tecomex Forensics Brochure 2014
Tecomex Forensics Brochure 2014Dr. Idris Ahmed
 
Security Audits & Cyber
Security Audits & CyberSecurity Audits & Cyber
Security Audits & CyberPaul Andrews
 
NXLEVL Capabilities Brief-2017
NXLEVL Capabilities Brief-2017NXLEVL Capabilities Brief-2017
NXLEVL Capabilities Brief-2017Bobby L. Sheppard
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Ioannis Aligizakis, M.Sc.
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptxrabeetkashif
 

Similar to Cyber Security: Cyber Incident Response Methodology (20)

CSCSS / DEFENCE INTELLIGENCE GROUP
CSCSS / DEFENCE INTELLIGENCE GROUPCSCSS / DEFENCE INTELLIGENCE GROUP
CSCSS / DEFENCE INTELLIGENCE GROUP
 
AGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperAGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White Paper
 
OpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakOpenText Cyber Resilience Fastrak
OpenText Cyber Resilience Fastrak
 
Tesseract Service Portfolio
Tesseract Service PortfolioTesseract Service Portfolio
Tesseract Service Portfolio
 
RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
Cyber security cdg.io
Cyber security cdg.ioCyber security cdg.io
Cyber security cdg.io
 
Tecomex Forensics Brochure 2014
Tecomex Forensics Brochure 2014Tecomex Forensics Brochure 2014
Tecomex Forensics Brochure 2014
 
Security Audits & Cyber
Security Audits & CyberSecurity Audits & Cyber
Security Audits & Cyber
 
Security Audits & Cyber
Security Audits & CyberSecurity Audits & Cyber
Security Audits & Cyber
 
Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber Security
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
NXLEVL Capabilities Brief-2017
NXLEVL Capabilities Brief-2017NXLEVL Capabilities Brief-2017
NXLEVL Capabilities Brief-2017
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Wannacry
WannacryWannacry
Wannacry
 
Simple Safe Steps to Cyber Security
Simple Safe Steps to Cyber SecuritySimple Safe Steps to Cyber Security
Simple Safe Steps to Cyber Security
 
Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy
 
CSCSS CYBER INTELLIGENCE SERVICES
CSCSS CYBER INTELLIGENCE SERVICESCSCSS CYBER INTELLIGENCE SERVICES
CSCSS CYBER INTELLIGENCE SERVICES
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptx
 

More from Signals Defense, LLC

Technology White Paper: Creating RF Predictable Environments for In-Buildin...
Technology White Paper: Creating RF Predictable Environments for In-Buildin...Technology White Paper: Creating RF Predictable Environments for In-Buildin...
Technology White Paper: Creating RF Predictable Environments for In-Buildin...Signals Defense, LLC
 
Signals Defense Capability Statement rev2016
Signals Defense Capability Statement rev2016Signals Defense Capability Statement rev2016
Signals Defense Capability Statement rev2016Signals Defense, LLC
 
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingCorporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingSignals Defense, LLC
 
Cyber Security: Stalking Prey: An RF Hackers Perspective
Cyber Security: Stalking Prey: An RF Hackers Perspective Cyber Security: Stalking Prey: An RF Hackers Perspective
Cyber Security: Stalking Prey: An RF Hackers Perspective Signals Defense, LLC
 
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...Signals Defense, LLC
 
Holistic approach to cybersecurity being engineered by maryland companies 8-13
Holistic approach to cybersecurity being engineered by maryland companies 8-13Holistic approach to cybersecurity being engineered by maryland companies 8-13
Holistic approach to cybersecurity being engineered by maryland companies 8-13Signals Defense, LLC
 
4.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.134.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.13Signals Defense, LLC
 

More from Signals Defense, LLC (7)

Technology White Paper: Creating RF Predictable Environments for In-Buildin...
Technology White Paper: Creating RF Predictable Environments for In-Buildin...Technology White Paper: Creating RF Predictable Environments for In-Buildin...
Technology White Paper: Creating RF Predictable Environments for In-Buildin...
 
Signals Defense Capability Statement rev2016
Signals Defense Capability Statement rev2016Signals Defense Capability Statement rev2016
Signals Defense Capability Statement rev2016
 
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingCorporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
 
Cyber Security: Stalking Prey: An RF Hackers Perspective
Cyber Security: Stalking Prey: An RF Hackers Perspective Cyber Security: Stalking Prey: An RF Hackers Perspective
Cyber Security: Stalking Prey: An RF Hackers Perspective
 
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
 
Holistic approach to cybersecurity being engineered by maryland companies 8-13
Holistic approach to cybersecurity being engineered by maryland companies 8-13Holistic approach to cybersecurity being engineered by maryland companies 8-13
Holistic approach to cybersecurity being engineered by maryland companies 8-13
 
4.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.134.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.13
 

Recently uploaded

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Cyber Security: Cyber Incident Response Methodology

  • 1. SD Cyber Security Incident Response Methodology __________________________________________________________________________________________ 1 Easter Court, Suite E, Owings Mills, MD 21117 PHONE 410·902·0356 · FAX 410·902·9609 www.signalsdefense.com ©2014. ASTIC Signals Defenses, LLC. All rights reserved. Signals Defense has a robust Incident Response (IR) and cleanup methodology that has been utilized to help multiple Federal and Civilian agencies to identify the scope of compromises, identify malicious scripts and programs, and eradicate those systems. The Signals Defense IR staff is all fully certified, and cleared personnel dealing with both classified incidents as well as unclassified but highly confidential issues. Signals Defense begins this process by working with your network and security staffs to get a complete understanding of what is known about the compromise. At this time we will review any system and security logs as well as any packet captures that have been taken of the malicious activity. We have had great success identifying the initial point of entry of the attacker during this phase if it has not already been identified. Signals Defense works with your network and security staff to determine what level of network access should be provided to identify any currently compromised systems on the network while still maintaining the appropriate level of business confidentiality for your organization. Once this has been determined we develop custom scripts and programs to identify compromised systems and anomalous behavior. All data captured and reviewed in this phase will be stored on a removable encrypted drive. All data investigations will follow industry best practices for chain of custody. This will assure that all data and findings admissible in court if the case gets to that level. During this phase we are constantly working with your internal teams to ensure that any capabilities currently in place are maximized. Signals Defense uses the information gathered during this phase to establish the scope of the compromise and determine what steps should be taken next. After the compromised systems have been identified and the scope of the compromise has been determined, we will provide a comprehensive plan to return the compromised systems to an acceptable state. This plan includes multiple options, some of which can be used to successfully eliminate the attacker from the network; others can be used to mitigate the effectiveness of the attack while systems are returned to production state in stages. Our experience resides in the following environments and industries: • Department of Defense • International Law Firms • Financial Firms • Civilian and Government Health Care • High net worth individual clients • The US Republican Party • Drug Development and Research Facilities • US Critical Infrastructure • US Federal Agencies • Casino and Gaming industry partners
  • 2. __________________________________________________________________________________________ 1 Easter Court, Suite E, Owings Mills, MD 21117 PHONE 410·902·0356 · FAX 410·902·9609 www.signalsdefense.com ©2014. ASTIC Signals Defenses, LLC. All rights reserved. Rick Mellendick holds Top Secret (TS) clearance and is the Chief Security Officer for Signals Defense in Owings Mills, MD with 18 years of information technology security experience. Mr. Mellendick performs the duties of technical director and chief strategist to multiple DoD, federal, intelligence, and private organizations. He provides direct support to the U.S. Critical Infrastructure. His background is in designing secure networks in multi-platform/multi-classification environments. His knowledge was gained from researching the advanced threats to critical infrastructure, as well as civilian, and federal agencies which is the basis for the Signals Defense Computer Network Defense Team and Red Teams tactics to protect our clients’ systems. Rick has extensive experience in computer network operations including developing proof of concept attacks and performing demonstrations for many federal and corporate clients. The teams that Mr. Mellendick leads regularly perform Red Team analysis specializing in wireless and RF attack and defense as well as technical surveillance counter-measure (TSCM) sweeps. He is a subject matter expert for computer network operations, wireless offensive tactics, and designing information systems to comply with federal and local regulations. Mr. Mellendick has personally completed over 200 wireless and wired penetration tests. Rick was the chief security architect for a congressionally recognized center of excellence for a multi-billion dollar hosted service data center built using non-traditional defense in depth strategies. His teams utilize offensive network techniques to better defend the network and critical infrastructures. Mr. Mellendick specializes in designing and testing wireless networks with non-traditional strategies using offensive techniques. He is a builder and breaker of RF signals, inventor of the Wireless Capture the Flag (http://wctf.us), and breaking and entering through RF is his specialty. His certifications include CISSP, ISSEP, OPSA, CEH, IEM, IAM, MCP, Certified DoD System Administrator, and Linux Security certifications. About Us Signals Defense, LLC headquartered in Owings Mills, Maryland, specializes in providing Full Spectrum Security Solutions for Commercial and Governmental organizations. Signals Defense’s approach includes the belief that full spectrum security is derived from addressing all three disciplines of security: IT/Cyber, Technical/EMSEC, and Physical/OPSEC. Our organization has significant experience in providing products and services across all three disciplines and can develop custom security mitigation solutions based on our unique SDTVA™ (Signals Defense Threat and Vulnerability Assessment.) SD Technology is deployed in over 1000 locations including Government Intelligence agencies, DoD and Fortune 100 companies. Our technology has become the de facto standard for the US Government and anyone desiring to properly secure locations handling sensitive and/or classified information.