SlideShare a Scribd company logo

The Incident Response Decision Tree

Marc St-Pierre
Marc St-Pierre

With the possibility of a security incident or breach, immediate decision making is required. It's imperative that organizations kick off immediately their IR Plan and bring all functions together. The Incident Response Decision Tree can help you build your IR Plan or ensure that you have all decision makers ready. Time is of the essence in an incident or breach. OpenText Risk & Compliance Advisory and DFIR Teams are available to help organization in their response. For more information on OpenText Security Consulting, visit: https://www.opentext.com/services/security

Technology
1 of 1
Download to read offline
THE INCIDENT RESPONSE DECISION TREE INCIDENT OCCURS can be any type Users IT Legal HR Any one of a number of departments can notice the incident and request an investigation. INVESTIGATION REQUEST Policies must encourage people to come forth when they suspect something inappropriate is occuring. INVESTIGATION TYPE ASSESSMENT Assessing the nature of the incident is critical to determining how to proceed. • Intellectual property theft • Employee misconduct • Data spillage • Sensitive information stolen/accessed • Etc ... VOLATILE DATA? Does the incident pertain to a volatile data issue, such as hacking, malcode, or ongoing activity? Automated bot or interactive session by unauthorized entity? (user) BOT USER Legal In some situations hacking must be disclosed. Is the bot/user enumerating your network activity or targeting a single system? ENUMERATING Containment All of the following must be considered: information dissemination, configuration change/patch updates and powering down affected computers. TARGETING Preservation Any initial evidence may need to be forensically acquired and preserved. Fingerprint Identify characteristics of the malware/hack: hashes, ports, behavior. Is the activity related to theft of sensitive data or exposing your network to potential malware? THEFT Escalate appropriately. EXPOSURE Secure perimeter devices. Legal Notify legal. GO TO BROAD AUDIT Use forensic technologies to conduct a broad audit of potentially affected networks to identify all compromised machines. TARGETED FORENSICS? Is this a targeted investigation of an individulal or group? Policy violation or employee misconduct? VIOLATION Human Resources HR should be informed of investigations of individuals. MISCONDUCT Legal & HR Both HR and Legal must approve of the investigation. Using computer forensics, triage drive to quickly assess validity of claims. VALID Criminal or policy violation? INVALID WRITE REPORT OF FINDINGS No Supporting evidence was found. POLICY Legal & HR Legal and HR must be informed to direct further action. Acquire and preserve Date must be acquired, preserved and processed for attorney review. Based on the evidence, where there additional individuals or machines involved? YES NO REPORT Write report of findings. CRIMINAL Which laws have been broken? STATE/LOCAL Legal, HR & regional law en- forcement All appropriate authorities INTERSTATE/INTERNATIONAL must be contacted immediately to direct further action. INTERSTATE/ INTERNATIONAL Legal, HR & USSS/FBI All appropriate authorities must be contacted immediately to direct further action. Evidence preservation is now critical to prosecute. Seek profession assistance immediately to image digital data. BROAD AUDIT? Is a broad audit of many machines required? SENSITIVE DATA SPILLAGE Legal The potential leakage of sensitive data may require legal to be aware of additional audit procedures being performed. Security assessment Who can be involved and in what capacity to roll out procedures and ensure sensitive data is protected. Scope assessment Determine search scope network, files, keywords, data range, and users. Test & refine Test search criteria on sample computers to ensure accuracy. Execute search Report Report of all compromised computers and degree of compromise. Remediate Kill processes, wipe files or seize computers. Report This ensures accuracy of remediation. STOP GO TO TARGETED FORENSICS A targeted forensic investigation should be conducted on each violator to determine intent and acquire evidence. HACKING/ MALCODE AUDIT EDISCOVERY Legally generated audit. Scope assessment Determine search scope network, files, keywords, data range, and users. Legal E-discovery is a component of the pre-trial phase of litigation. Test & refine Test search criteria on sample computers to ensure accuracy. Execute search Acquire files and metadata in evidence containers and preserve. Process Index. de-duplicate, and build load file, or restore to native files. PRESENT FOR LEGAL REVIEW PROACTIVE AUDITS for policy violations. PII Establish proactive audit objective, identifying the specific types of PII that may be exposed or searched Legal If PII is exposed, Legal must be involved, especially if the investigation involves computers in the EU. Scope assessment Determine search scope network, files, keywords, data range, and users. Test & refine Test search criteria on sample computers to ensure accuracy. Execute search QA - Does the culled data match search criteria? YES NO Does the policy appear to have been violated in a meaningful manner? Disciplinary Non-disciplinary YES Legal & HR NO Depending on the policy Legal or HR must be informed. IT Report network status to IT. REACTIVE AUDITS for policy violations. PII Personal information is subject to audit. Scope assessment Determine search scope network, files, keywords, data range, and users. Test & refine Test search criteria on sample computers to ensure accuracy. Execute search QA - Does the culled data match search criteria? NO YES Does PII exist in and unauthorized location? YES WRITE REPORT OF FINDINGS NO Legal & HR Legal and HR must be informed to direct further action. Remediate Kill processes, wipe files or seize computers. Report This ensures accuracy of remediation. STOP SecurityServices@opentext.com Copyright © 2022 Open Text. All Rights Reserved. Trademarks owned by Open Text. For more information, visit: https://www.opentext.com/about/copyright-information

Recommended

Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics SlidesVarun Sehgal
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...emermell
 
f6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdff6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdfSurendhar57
 

Recommended

Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics SlidesVarun Sehgal
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
Information Security Assessment Offering
Information Security Assessment OfferingInformation Security Assessment Offering
Information Security Assessment Offeringeeaches
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...
Making ‘Big Data’ Your Ally – Using data analytics to improve compliance, due...emermell
 
f6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdff6_cyber_security_and_your_agency.pdf
f6_cyber_security_and_your_agency.pdfSurendhar57
 
Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public InvestigationsCTIN
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensicsJohnson Ubah
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better CybersecurityShawn Tuma
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyResilient Systems
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
Information Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based ApproachInformation Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based ApproachGlobal Business Events - the Heart of your Network.
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
3 Steps to Automate Compliance for Healthcare Organizations
3 Steps to Automate Compliance for Healthcare Organizations3 Steps to Automate Compliance for Healthcare Organizations
3 Steps to Automate Compliance for Healthcare OrganizationsAvePoint
 
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdfSecond Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdfELIJAH
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach CostResilient Systems
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5Patrick Florer
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...David Kearney
 
Computer forensic
Computer forensicComputer forensic
Computer forensicShashi Mishra
 
Conducting a self-audit of data protection compliance
Conducting a self-audit of data protection complianceConducting a self-audit of data protection compliance
Conducting a self-audit of data protection complianceFintan Swanton
 
SNW Fall 2009
SNW Fall 2009SNW Fall 2009
SNW Fall 2009Jeff Kubacki
 
Opentext Managed XDR paves the way for CyberResilience
Opentext Managed XDR paves the way for CyberResilienceOpentext Managed XDR paves the way for CyberResilience
Opentext Managed XDR paves the way for CyberResilienceMarc St-Pierre
 
OpenText Security Health Check Service
OpenText Security Health Check ServiceOpenText Security Health Check Service
OpenText Security Health Check ServiceMarc St-Pierre
 

More Related Content

Similar to The Incident Response Decision Tree

Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public InvestigationsCTIN
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicDhiren Gala
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensicsJohnson Ubah
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityErnest Staats
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better CybersecurityShawn Tuma
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyResilient Systems
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDATAVERSITY
 
3 Steps to Automate Compliance for Healthcare Organizations
3 Steps to Automate Compliance for Healthcare Organizations3 Steps to Automate Compliance for Healthcare Organizations
3 Steps to Automate Compliance for Healthcare OrganizationsAvePoint
 
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdfSecond Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdfELIJAH
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach CostResilient Systems
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...David Kearney
 
Conducting a self-audit of data protection compliance
Conducting a self-audit of data protection complianceConducting a self-audit of data protection compliance
Conducting a self-audit of data protection complianceFintan Swanton
 

Similar to The Incident Response Decision Tree (20)

Corporate Public Investigations
Corporate Public InvestigationsCorporate Public Investigations
Corporate Public Investigations
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
Business Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer ForensicBusiness Intelligence (BI) Tools For Computer Forensic
Business Intelligence (BI) Tools For Computer Forensic
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensics
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better Cybersecurity
 
Anatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The UglyAnatomy Of A Breach: The Good, The Bad & The Ugly
Anatomy Of A Breach: The Good, The Bad & The Ugly
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 
Information Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based ApproachInformation Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based Approach
 
DAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) DataDAMA Webinar: The Data Governance of Personal (PII) Data
DAMA Webinar: The Data Governance of Personal (PII) Data
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
3 Steps to Automate Compliance for Healthcare Organizations
3 Steps to Automate Compliance for Healthcare Organizations3 Steps to Automate Compliance for Healthcare Organizations
3 Steps to Automate Compliance for Healthcare Organizations
 
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdfSecond Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
Second Step to Forensic Readiness_ Types and Sources of Digital Evidence.pdf
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
 
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Conducting a self-audit of data protection compliance
Conducting a self-audit of data protection complianceConducting a self-audit of data protection compliance
Conducting a self-audit of data protection compliance
 
SNW Fall 2009
SNW Fall 2009SNW Fall 2009
SNW Fall 2009
 

More from Marc St-Pierre

Opentext Managed XDR paves the way for CyberResilience
Opentext Managed XDR paves the way for CyberResilienceOpentext Managed XDR paves the way for CyberResilience
Opentext Managed XDR paves the way for CyberResilienceMarc St-Pierre
 
OpenText Security Health Check Service
OpenText Security Health Check ServiceOpenText Security Health Check Service
OpenText Security Health Check ServiceMarc St-Pierre
 
OpenText Cybersecurity Tabletop Exercise
OpenText Cybersecurity Tabletop ExerciseOpenText Cybersecurity Tabletop Exercise
OpenText Cybersecurity Tabletop ExerciseMarc St-Pierre
 
OpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakOpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakMarc St-Pierre
 
OpenText Cyber Resilience Program
OpenText Cyber Resilience ProgramOpenText Cyber Resilience Program
OpenText Cyber Resilience ProgramMarc St-Pierre
 
MITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position PaperMITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position PaperMarc St-Pierre
 
OpenText AI & Analytics Services and Solutions Catalog
OpenText AI & Analytics Services and Solutions CatalogOpenText AI & Analytics Services and Solutions Catalog
OpenText AI & Analytics Services and Solutions CatalogMarc St-Pierre
 
OpenText Threat Hunting Service
OpenText Threat Hunting ServiceOpenText Threat Hunting Service
OpenText Threat Hunting ServiceMarc St-Pierre
 
US Medical University trust OpenText to guard against cyber threats-en.pdf
US Medical University trust OpenText to guard against cyber threats-en.pdfUS Medical University trust OpenText to guard against cyber threats-en.pdf
US Medical University trust OpenText to guard against cyber threats-en.pdfMarc St-Pierre
 
OpenText Managed Extended Detection and Response (MxDR)
OpenText Managed Extended Detection and Response (MxDR)OpenText Managed Extended Detection and Response (MxDR)
OpenText Managed Extended Detection and Response (MxDR)Marc St-Pierre
 
Managed Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) WhitepaperManaged Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) WhitepaperMarc St-Pierre
 
Opentext Translation and Localization Services
Opentext Translation and Localization ServicesOpentext Translation and Localization Services
Opentext Translation and Localization ServicesMarc St-Pierre
 
Digital Ethical Risk Assessment
Digital Ethical Risk AssessmentDigital Ethical Risk Assessment
Digital Ethical Risk AssessmentMarc St-Pierre
 
OpenText Translation & Localization Services
OpenText Translation & Localization ServicesOpenText Translation & Localization Services
OpenText Translation & Localization ServicesMarc St-Pierre
 
OpenText Taxonomy Catalog & Services
OpenText Taxonomy Catalog & ServicesOpenText Taxonomy Catalog & Services
OpenText Taxonomy Catalog & ServicesMarc St-Pierre
 
Open text security services catalog
Open text security services catalogOpen text security services catalog
Open text security services catalogMarc St-Pierre
 
OpenText Legal Technology Solutions
OpenText Legal Technology SolutionsOpenText Legal Technology Solutions
OpenText Legal Technology SolutionsMarc St-Pierre
 
Smart migration Solution overview
Smart migration Solution overviewSmart migration Solution overview
Smart migration Solution overviewMarc St-Pierre
 

More from Marc St-Pierre (20)

Opentext Managed XDR paves the way for CyberResilience
Opentext Managed XDR paves the way for CyberResilienceOpentext Managed XDR paves the way for CyberResilience
Opentext Managed XDR paves the way for CyberResilience
 
OpenText Security Health Check Service
OpenText Security Health Check ServiceOpenText Security Health Check Service
OpenText Security Health Check Service
 
OpenText Cybersecurity Tabletop Exercise
OpenText Cybersecurity Tabletop ExerciseOpenText Cybersecurity Tabletop Exercise
OpenText Cybersecurity Tabletop Exercise
 
OpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakOpenText Cyber Resilience Fastrak
OpenText Cyber Resilience Fastrak
 
OpenText Cyber Resilience Program
OpenText Cyber Resilience ProgramOpenText Cyber Resilience Program
OpenText Cyber Resilience Program
 
MITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position PaperMITRE ATT&CK framework and Managed XDR Position Paper
MITRE ATT&CK framework and Managed XDR Position Paper
 
OpenText AI & Analytics Services and Solutions Catalog
OpenText AI & Analytics Services and Solutions CatalogOpenText AI & Analytics Services and Solutions Catalog
OpenText AI & Analytics Services and Solutions Catalog
 
OpenText Threat Hunting Service
OpenText Threat Hunting ServiceOpenText Threat Hunting Service
OpenText Threat Hunting Service
 
US Medical University trust OpenText to guard against cyber threats-en.pdf
US Medical University trust OpenText to guard against cyber threats-en.pdfUS Medical University trust OpenText to guard against cyber threats-en.pdf
US Medical University trust OpenText to guard against cyber threats-en.pdf
 
OpenText Managed Extended Detection and Response (MxDR)
OpenText Managed Extended Detection and Response (MxDR)OpenText Managed Extended Detection and Response (MxDR)
OpenText Managed Extended Detection and Response (MxDR)
 
Managed Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) WhitepaperManaged Detection and Response (MDR) Whitepaper
Managed Detection and Response (MDR) Whitepaper
 
Opentext Translation and Localization Services
Opentext Translation and Localization ServicesOpentext Translation and Localization Services
Opentext Translation and Localization Services
 
Digital Ethical Risk Assessment
Digital Ethical Risk AssessmentDigital Ethical Risk Assessment
Digital Ethical Risk Assessment
 
OpenText Translation & Localization Services
OpenText Translation & Localization ServicesOpenText Translation & Localization Services
OpenText Translation & Localization Services
 
Opentext Decisiv
Opentext DecisivOpentext Decisiv
Opentext Decisiv
 
OpenText Taxonomy Catalog & Services
OpenText Taxonomy Catalog & ServicesOpenText Taxonomy Catalog & Services
OpenText Taxonomy Catalog & Services
 
Open text security services catalog
Open text security services catalogOpen text security services catalog
Open text security services catalog
 
OpenText Legal Technology Solutions
OpenText Legal Technology SolutionsOpenText Legal Technology Solutions
OpenText Legal Technology Solutions
 
Smart migration Solution overview
Smart migration Solution overviewSmart migration Solution overview
Smart migration Solution overview
 
Idea to Insight
Idea to InsightIdea to Insight
Idea to Insight
 

Recently uploaded

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Recently uploaded (20)

Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

The Incident Response Decision Tree

  • 1. THE INCIDENT RESPONSE DECISION TREE INCIDENT OCCURS can be any type Users IT Legal HR Any one of a number of departments can notice the incident and request an investigation. INVESTIGATION REQUEST Policies must encourage people to come forth when they suspect something inappropriate is occuring. INVESTIGATION TYPE ASSESSMENT Assessing the nature of the incident is critical to determining how to proceed. • Intellectual property theft • Employee misconduct • Data spillage • Sensitive information stolen/accessed • Etc ... VOLATILE DATA? Does the incident pertain to a volatile data issue, such as hacking, malcode, or ongoing activity? Automated bot or interactive session by unauthorized entity? (user) BOT USER Legal In some situations hacking must be disclosed. Is the bot/user enumerating your network activity or targeting a single system? ENUMERATING Containment All of the following must be considered: information dissemination, configuration change/patch updates and powering down affected computers. TARGETING Preservation Any initial evidence may need to be forensically acquired and preserved. Fingerprint Identify characteristics of the malware/hack: hashes, ports, behavior. Is the activity related to theft of sensitive data or exposing your network to potential malware? THEFT Escalate appropriately. EXPOSURE Secure perimeter devices. Legal Notify legal. GO TO BROAD AUDIT Use forensic technologies to conduct a broad audit of potentially affected networks to identify all compromised machines. TARGETED FORENSICS? Is this a targeted investigation of an individulal or group? Policy violation or employee misconduct? VIOLATION Human Resources HR should be informed of investigations of individuals. MISCONDUCT Legal & HR Both HR and Legal must approve of the investigation. Using computer forensics, triage drive to quickly assess validity of claims. VALID Criminal or policy violation? INVALID WRITE REPORT OF FINDINGS No Supporting evidence was found. POLICY Legal & HR Legal and HR must be informed to direct further action. Acquire and preserve Date must be acquired, preserved and processed for attorney review. Based on the evidence, where there additional individuals or machines involved? YES NO REPORT Write report of findings. CRIMINAL Which laws have been broken? STATE/LOCAL Legal, HR & regional law en- forcement All appropriate authorities INTERSTATE/INTERNATIONAL must be contacted immediately to direct further action. INTERSTATE/ INTERNATIONAL Legal, HR & USSS/FBI All appropriate authorities must be contacted immediately to direct further action. Evidence preservation is now critical to prosecute. Seek profession assistance immediately to image digital data. BROAD AUDIT? Is a broad audit of many machines required? SENSITIVE DATA SPILLAGE Legal The potential leakage of sensitive data may require legal to be aware of additional audit procedures being performed. Security assessment Who can be involved and in what capacity to roll out procedures and ensure sensitive data is protected. Scope assessment Determine search scope network, files, keywords, data range, and users. Test & refine Test search criteria on sample computers to ensure accuracy. Execute search Report Report of all compromised computers and degree of compromise. Remediate Kill processes, wipe files or seize computers. Report This ensures accuracy of remediation. STOP GO TO TARGETED FORENSICS A targeted forensic investigation should be conducted on each violator to determine intent and acquire evidence. HACKING/ MALCODE AUDIT EDISCOVERY Legally generated audit. Scope assessment Determine search scope network, files, keywords, data range, and users. Legal E-discovery is a component of the pre-trial phase of litigation. Test & refine Test search criteria on sample computers to ensure accuracy. Execute search Acquire files and metadata in evidence containers and preserve. Process Index. de-duplicate, and build load file, or restore to native files. PRESENT FOR LEGAL REVIEW PROACTIVE AUDITS for policy violations. PII Establish proactive audit objective, identifying the specific types of PII that may be exposed or searched Legal If PII is exposed, Legal must be involved, especially if the investigation involves computers in the EU. Scope assessment Determine search scope network, files, keywords, data range, and users. Test & refine Test search criteria on sample computers to ensure accuracy. Execute search QA - Does the culled data match search criteria? YES NO Does the policy appear to have been violated in a meaningful manner? Disciplinary Non-disciplinary YES Legal & HR NO Depending on the policy Legal or HR must be informed. IT Report network status to IT. REACTIVE AUDITS for policy violations. PII Personal information is subject to audit. Scope assessment Determine search scope network, files, keywords, data range, and users. Test & refine Test search criteria on sample computers to ensure accuracy. Execute search QA - Does the culled data match search criteria? NO YES Does PII exist in and unauthorized location? YES WRITE REPORT OF FINDINGS NO Legal & HR Legal and HR must be informed to direct further action. Remediate Kill processes, wipe files or seize computers. Report This ensures accuracy of remediation. STOP SecurityServices@opentext.com Copyright © 2022 Open Text. All Rights Reserved. Trademarks owned by Open Text. For more information, visit: https://www.opentext.com/about/copyright-information