SlideShare a Scribd company logo

Cyber Security: Cyber Incident Response Methodology

Signals Defense, LLC
Signals Defense, LLC

Incident Response (IR) and cleanup methodology to identify the scope of compromises, identify malicious scripts and programs to eradicate network systems.

Technology
1 of 2
Download to read offline
SD Cyber Security Incident Response Methodology __________________________________________________________________________________________ 1 Easter Court, Suite E, Owings Mills, MD 21117 PHONE 410·902·0356 · FAX 410·902·9609 www.signalsdefense.com ©2014. ASTIC Signals Defenses, LLC. All rights reserved. Signals Defense has a robust Incident Response (IR) and cleanup methodology that has been utilized to help multiple Federal and Civilian agencies to identify the scope of compromises, identify malicious scripts and programs, and eradicate those systems. The Signals Defense IR staff is all fully certified, and cleared personnel dealing with both classified incidents as well as unclassified but highly confidential issues. Signals Defense begins this process by working with your network and security staffs to get a complete understanding of what is known about the compromise. At this time we will review any system and security logs as well as any packet captures that have been taken of the malicious activity. We have had great success identifying the initial point of entry of the attacker during this phase if it has not already been identified. Signals Defense works with your network and security staff to determine what level of network access should be provided to identify any currently compromised systems on the network while still maintaining the appropriate level of business confidentiality for your organization. Once this has been determined we develop custom scripts and programs to identify compromised systems and anomalous behavior. All data captured and reviewed in this phase will be stored on a removable encrypted drive. All data investigations will follow industry best practices for chain of custody. This will assure that all data and findings admissible in court if the case gets to that level. During this phase we are constantly working with your internal teams to ensure that any capabilities currently in place are maximized. Signals Defense uses the information gathered during this phase to establish the scope of the compromise and determine what steps should be taken next. After the compromised systems have been identified and the scope of the compromise has been determined, we will provide a comprehensive plan to return the compromised systems to an acceptable state. This plan includes multiple options, some of which can be used to successfully eliminate the attacker from the network; others can be used to mitigate the effectiveness of the attack while systems are returned to production state in stages. Our experience resides in the following environments and industries: • Department of Defense • International Law Firms • Financial Firms • Civilian and Government Health Care • High net worth individual clients • The US Republican Party • Drug Development and Research Facilities • US Critical Infrastructure • US Federal Agencies • Casino and Gaming industry partners
__________________________________________________________________________________________ 1 Easter Court, Suite E, Owings Mills, MD 21117 PHONE 410·902·0356 · FAX 410·902·9609 www.signalsdefense.com ©2014. ASTIC Signals Defenses, LLC. All rights reserved. Rick Mellendick holds Top Secret (TS) clearance and is the Chief Security Officer for Signals Defense in Owings Mills, MD with 18 years of information technology security experience. Mr. Mellendick performs the duties of technical director and chief strategist to multiple DoD, federal, intelligence, and private organizations. He provides direct support to the U.S. Critical Infrastructure. His background is in designing secure networks in multi-platform/multi-classification environments. His knowledge was gained from researching the advanced threats to critical infrastructure, as well as civilian, and federal agencies which is the basis for the Signals Defense Computer Network Defense Team and Red Teams tactics to protect our clients’ systems. Rick has extensive experience in computer network operations including developing proof of concept attacks and performing demonstrations for many federal and corporate clients. The teams that Mr. Mellendick leads regularly perform Red Team analysis specializing in wireless and RF attack and defense as well as technical surveillance counter-measure (TSCM) sweeps. He is a subject matter expert for computer network operations, wireless offensive tactics, and designing information systems to comply with federal and local regulations. Mr. Mellendick has personally completed over 200 wireless and wired penetration tests. Rick was the chief security architect for a congressionally recognized center of excellence for a multi-billion dollar hosted service data center built using non-traditional defense in depth strategies. His teams utilize offensive network techniques to better defend the network and critical infrastructures. Mr. Mellendick specializes in designing and testing wireless networks with non-traditional strategies using offensive techniques. He is a builder and breaker of RF signals, inventor of the Wireless Capture the Flag (http://wctf.us), and breaking and entering through RF is his specialty. His certifications include CISSP, ISSEP, OPSA, CEH, IEM, IAM, MCP, Certified DoD System Administrator, and Linux Security certifications. About Us Signals Defense, LLC headquartered in Owings Mills, Maryland, specializes in providing Full Spectrum Security Solutions for Commercial and Governmental organizations. Signals Defense’s approach includes the belief that full spectrum security is derived from addressing all three disciplines of security: IT/Cyber, Technical/EMSEC, and Physical/OPSEC. Our organization has significant experience in providing products and services across all three disciplines and can develop custom security mitigation solutions based on our unique SDTVA™ (Signals Defense Threat and Vulnerability Assessment.) SD Technology is deployed in over 1000 locations including Government Intelligence agencies, DoD and Fortune 100 companies. Our technology has become the de facto standard for the US Government and anyone desiring to properly secure locations handling sensitive and/or classified information.

Recommended

Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Fidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
Eidws 107 information assurance
Eidws 107 information assuranceEidws 107 information assurance
Eidws 107 information assuranceIT2Alcorn
 
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Puneet Kukreja
 

Recommended

Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Part 1: Identifying Insider Threats with Fidelis EDR Technology
Part 1: Identifying Insider Threats with Fidelis EDR Technology Fidelis Cybersecurity
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
The State of Threat Detection 2019
The State of Threat Detection 2019The State of Threat Detection 2019
The State of Threat Detection 2019Fidelis Cybersecurity
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
You can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainYou can't detect what you can't see illuminating the entire kill chain
You can't detect what you can't see illuminating the entire kill chainFidelis Cybersecurity
 
Eidws 107 information assurance
Eidws 107 information assuranceEidws 107 information assurance
Eidws 107 information assuranceIT2Alcorn
 
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Puneet Kukreja
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains Aparajita Banerjee
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningDell EMC World
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthPECB
 
White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2Prof John Walker FRSA Purveyor Dark Intelligence
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...patmisasi
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and ChallengesHappiest Minds Technologies
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...Dell EMC World
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
CERT Certification
CERT CertificationCERT Certification
CERT CertificationConferencias FIST
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterMDS CS
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCFidelis Cybersecurity
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Jim Kaplan CIA CFE
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Darryl T. Smith Resume (1)
Darryl T. Smith Resume (1)Darryl T. Smith Resume (1)
Darryl T. Smith Resume (1)Darryl Smith, CISSP
 
OPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTOPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTIntan Noona
 
Memory forensics cheat sheet
Memory forensics cheat sheetMemory forensics cheat sheet
Memory forensics cheat sheetMartin Cabrera
 

More Related Content

What's hot

Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningDell EMC World
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthPECB
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...patmisasi
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksFidelis Cybersecurity
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionBen Rothke
 
MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...Dell EMC World
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsOurCrowd
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterMDS CS
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCFidelis Cybersecurity
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Jim Kaplan CIA CFE
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPFidelis Cybersecurity
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 

What's hot (20)

Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 
MT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response PlanningMT 70 The New Era of Incident Response Planning
MT 70 The New Era of Incident Response Planning
 
Protecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in DepthProtecting the Network From Yourself Using Defense in Depth
Protecting the Network From Yourself Using Defense in Depth
 
White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2White Hat 6 March 2015 v2.2
White Hat 6 March 2015 v2.2
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
 
Applying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacksApplying intelligent deception to detect sophisticated cyber attacks
Applying intelligent deception to detect sophisticated cyber attacks
 
Cyber Security Needs and Challenges
Cyber Security Needs and ChallengesCyber Security Needs and Challenges
Cyber Security Needs and Challenges
 
Rothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryptionRothke rsa 2013 - deployment strategies for effective encryption
Rothke rsa 2013 - deployment strategies for effective encryption
 
MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...MT88 - Assess your business risks by understanding your technology’s supply c...
MT88 - Assess your business risks by understanding your technology’s supply c...
 
The Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for InvestorsThe Cyber Security Landscape: An OurCrowd Briefing for Investors
The Cyber Security Landscape: An OurCrowd Briefing for Investors
 
CERT Certification
CERT CertificationCERT Certification
CERT Certification
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations Center
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
 
Cybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOCCybersecurity Operations: Examining the State of the SOC
Cybersecurity Operations: Examining the State of the SOC
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats
 
Secure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLPSecure Your Data with Fidelis Network® for DLP
Secure Your Data with Fidelis Network® for DLP
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
 
Darryl T. Smith Resume (1)
Darryl T. Smith Resume (1)Darryl T. Smith Resume (1)
Darryl T. Smith Resume (1)
 

Viewers also liked

OPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTOPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTIntan Noona
 
Memory forensics cheat sheet
Memory forensics cheat sheetMemory forensics cheat sheet
Memory forensics cheat sheetMartin Cabrera
 
Network DDoS Incident Response Cheat Sheet (by SANS)
Network DDoS Incident Response Cheat Sheet (by SANS)Network DDoS Incident Response Cheat Sheet (by SANS)
Network DDoS Incident Response Cheat Sheet (by SANS)Martin Cabrera
 
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserSecurity Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserAnton Chuvakin
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012Rian Yulian
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureOllie Whitehouse
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response TriageAlbert Hui
 

Viewers also liked (7)

OPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENTOPERATIONAL RISK MANAGEMENT
OPERATIONAL RISK MANAGEMENT
 
Memory forensics cheat sheet
Memory forensics cheat sheetMemory forensics cheat sheet
Memory forensics cheat sheet
 
Network DDoS Incident Response Cheat Sheet (by SANS)
Network DDoS Incident Response Cheat Sheet (by SANS)Network DDoS Incident Response Cheat Sheet (by SANS)
Network DDoS Incident Response Cheat Sheet (by SANS)
 
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny ZeltserSecurity Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
Security Incident Log Review Checklist by Dr Anton Chuvakin and Lenny Zeltser
 
SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012SANS Digital Forensics and Incident Response Poster 2012
SANS Digital Forensics and Incident Response Poster 2012
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics Lecture
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response Triage
 

Similar to Cyber Security: Cyber Incident Response Methodology

AGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperAGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperMestizo Enterprises
 
OpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakOpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakMarc St-Pierre
 
RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2Ron Miller
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionIvanti
 
Cyber security cdg.io
Cyber security cdg.ioCyber security cdg.io
Cyber security cdg.ioCyberGroup
 
Tecomex Forensics Brochure 2014
Tecomex Forensics Brochure 2014Tecomex Forensics Brochure 2014
Tecomex Forensics Brochure 2014Dr. Idris Ahmed
 
Security Audits & Cyber
Security Audits & CyberSecurity Audits & Cyber
Security Audits & CyberPaul Andrews
 
NXLEVL Capabilities Brief-2017
NXLEVL Capabilities Brief-2017NXLEVL Capabilities Brief-2017
NXLEVL Capabilities Brief-2017Bobby L. Sheppard
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Ioannis Aligizakis, M.Sc.
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptxrabeetkashif
 

Similar to Cyber Security: Cyber Incident Response Methodology (20)

CSCSS / DEFENCE INTELLIGENCE GROUP
CSCSS / DEFENCE INTELLIGENCE GROUPCSCSS / DEFENCE INTELLIGENCE GROUP
CSCSS / DEFENCE INTELLIGENCE GROUP
 
AGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White PaperAGEOS Infrastructure Cyber Security White Paper
AGEOS Infrastructure Cyber Security White Paper
 
OpenText Cyber Resilience Fastrak
OpenText Cyber Resilience FastrakOpenText Cyber Resilience Fastrak
OpenText Cyber Resilience Fastrak
 
Tesseract Service Portfolio
Tesseract Service PortfolioTesseract Service Portfolio
Tesseract Service Portfolio
 
RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2
 
OSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the UnionOSB50: Operational Security: State of the Union
OSB50: Operational Security: State of the Union
 
Cyber security cdg.io
Cyber security cdg.ioCyber security cdg.io
Cyber security cdg.io
 
Tecomex Forensics Brochure 2014
Tecomex Forensics Brochure 2014Tecomex Forensics Brochure 2014
Tecomex Forensics Brochure 2014
 
Security Audits & Cyber
Security Audits & CyberSecurity Audits & Cyber
Security Audits & Cyber
 
Security Audits & Cyber
Security Audits & CyberSecurity Audits & Cyber
Security Audits & Cyber
 
Maritime Cyber Security
Maritime Cyber SecurityMaritime Cyber Security
Maritime Cyber Security
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
NXLEVL Capabilities Brief-2017
NXLEVL Capabilities Brief-2017NXLEVL Capabilities Brief-2017
NXLEVL Capabilities Brief-2017
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Wannacry
WannacryWannacry
Wannacry
 
Simple Safe Steps to Cyber Security
Simple Safe Steps to Cyber SecuritySimple Safe Steps to Cyber Security
Simple Safe Steps to Cyber Security
 
Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy Microsoft Cyber Defense Operation Center Strategy
Microsoft Cyber Defense Operation Center Strategy
 
CSCSS CYBER INTELLIGENCE SERVICES
CSCSS CYBER INTELLIGENCE SERVICESCSCSS CYBER INTELLIGENCE SERVICES
CSCSS CYBER INTELLIGENCE SERVICES
 
Presentation 1.pptx
Presentation 1.pptxPresentation 1.pptx
Presentation 1.pptx
 

More from Signals Defense, LLC

Technology White Paper: Creating RF Predictable Environments for In-Buildin...
Technology White Paper: Creating RF Predictable Environments for In-Buildin...Technology White Paper: Creating RF Predictable Environments for In-Buildin...
Technology White Paper: Creating RF Predictable Environments for In-Buildin...Signals Defense, LLC
 
Signals Defense Capability Statement rev2016
Signals Defense Capability Statement rev2016Signals Defense Capability Statement rev2016
Signals Defense Capability Statement rev2016Signals Defense, LLC
 
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingCorporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingSignals Defense, LLC
 
Cyber Security: Stalking Prey: An RF Hackers Perspective
Cyber Security: Stalking Prey: An RF Hackers Perspective Cyber Security: Stalking Prey: An RF Hackers Perspective
Cyber Security: Stalking Prey: An RF Hackers Perspective Signals Defense, LLC
 
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...Signals Defense, LLC
 
Holistic approach to cybersecurity being engineered by maryland companies 8-13
Holistic approach to cybersecurity being engineered by maryland companies 8-13Holistic approach to cybersecurity being engineered by maryland companies 8-13
Holistic approach to cybersecurity being engineered by maryland companies 8-13Signals Defense, LLC
 
4.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.134.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.13Signals Defense, LLC
 

More from Signals Defense, LLC (7)

Technology White Paper: Creating RF Predictable Environments for In-Buildin...
Technology White Paper: Creating RF Predictable Environments for In-Buildin...Technology White Paper: Creating RF Predictable Environments for In-Buildin...
Technology White Paper: Creating RF Predictable Environments for In-Buildin...
 
Signals Defense Capability Statement rev2016
Signals Defense Capability Statement rev2016Signals Defense Capability Statement rev2016
Signals Defense Capability Statement rev2016
 
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be SurprisingCorporate America is Being ATTACKED and the Entry Vector May be Surprising
Corporate America is Being ATTACKED and the Entry Vector May be Surprising
 
Cyber Security: Stalking Prey: An RF Hackers Perspective
Cyber Security: Stalking Prey: An RF Hackers Perspective Cyber Security: Stalking Prey: An RF Hackers Perspective
Cyber Security: Stalking Prey: An RF Hackers Perspective
 
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
Wireless Security: Not just 802.11 Anymore by Rick Mellendick, Signals Defens...
 
Holistic approach to cybersecurity being engineered by maryland companies 8-13
Holistic approach to cybersecurity being engineered by maryland companies 8-13Holistic approach to cybersecurity being engineered by maryland companies 8-13
Holistic approach to cybersecurity being engineered by maryland companies 8-13
 
4.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.134.01 Cyber Conference_ press release5.13
4.01 Cyber Conference_ press release5.13
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 

Cyber Security: Cyber Incident Response Methodology

  • 1. SD Cyber Security Incident Response Methodology __________________________________________________________________________________________ 1 Easter Court, Suite E, Owings Mills, MD 21117 PHONE 410·902·0356 · FAX 410·902·9609 www.signalsdefense.com ©2014. ASTIC Signals Defenses, LLC. All rights reserved. Signals Defense has a robust Incident Response (IR) and cleanup methodology that has been utilized to help multiple Federal and Civilian agencies to identify the scope of compromises, identify malicious scripts and programs, and eradicate those systems. The Signals Defense IR staff is all fully certified, and cleared personnel dealing with both classified incidents as well as unclassified but highly confidential issues. Signals Defense begins this process by working with your network and security staffs to get a complete understanding of what is known about the compromise. At this time we will review any system and security logs as well as any packet captures that have been taken of the malicious activity. We have had great success identifying the initial point of entry of the attacker during this phase if it has not already been identified. Signals Defense works with your network and security staff to determine what level of network access should be provided to identify any currently compromised systems on the network while still maintaining the appropriate level of business confidentiality for your organization. Once this has been determined we develop custom scripts and programs to identify compromised systems and anomalous behavior. All data captured and reviewed in this phase will be stored on a removable encrypted drive. All data investigations will follow industry best practices for chain of custody. This will assure that all data and findings admissible in court if the case gets to that level. During this phase we are constantly working with your internal teams to ensure that any capabilities currently in place are maximized. Signals Defense uses the information gathered during this phase to establish the scope of the compromise and determine what steps should be taken next. After the compromised systems have been identified and the scope of the compromise has been determined, we will provide a comprehensive plan to return the compromised systems to an acceptable state. This plan includes multiple options, some of which can be used to successfully eliminate the attacker from the network; others can be used to mitigate the effectiveness of the attack while systems are returned to production state in stages. Our experience resides in the following environments and industries: • Department of Defense • International Law Firms • Financial Firms • Civilian and Government Health Care • High net worth individual clients • The US Republican Party • Drug Development and Research Facilities • US Critical Infrastructure • US Federal Agencies • Casino and Gaming industry partners
  • 2. __________________________________________________________________________________________ 1 Easter Court, Suite E, Owings Mills, MD 21117 PHONE 410·902·0356 · FAX 410·902·9609 www.signalsdefense.com ©2014. ASTIC Signals Defenses, LLC. All rights reserved. Rick Mellendick holds Top Secret (TS) clearance and is the Chief Security Officer for Signals Defense in Owings Mills, MD with 18 years of information technology security experience. Mr. Mellendick performs the duties of technical director and chief strategist to multiple DoD, federal, intelligence, and private organizations. He provides direct support to the U.S. Critical Infrastructure. His background is in designing secure networks in multi-platform/multi-classification environments. His knowledge was gained from researching the advanced threats to critical infrastructure, as well as civilian, and federal agencies which is the basis for the Signals Defense Computer Network Defense Team and Red Teams tactics to protect our clients’ systems. Rick has extensive experience in computer network operations including developing proof of concept attacks and performing demonstrations for many federal and corporate clients. The teams that Mr. Mellendick leads regularly perform Red Team analysis specializing in wireless and RF attack and defense as well as technical surveillance counter-measure (TSCM) sweeps. He is a subject matter expert for computer network operations, wireless offensive tactics, and designing information systems to comply with federal and local regulations. Mr. Mellendick has personally completed over 200 wireless and wired penetration tests. Rick was the chief security architect for a congressionally recognized center of excellence for a multi-billion dollar hosted service data center built using non-traditional defense in depth strategies. His teams utilize offensive network techniques to better defend the network and critical infrastructures. Mr. Mellendick specializes in designing and testing wireless networks with non-traditional strategies using offensive techniques. He is a builder and breaker of RF signals, inventor of the Wireless Capture the Flag (http://wctf.us), and breaking and entering through RF is his specialty. His certifications include CISSP, ISSEP, OPSA, CEH, IEM, IAM, MCP, Certified DoD System Administrator, and Linux Security certifications. About Us Signals Defense, LLC headquartered in Owings Mills, Maryland, specializes in providing Full Spectrum Security Solutions for Commercial and Governmental organizations. Signals Defense’s approach includes the belief that full spectrum security is derived from addressing all three disciplines of security: IT/Cyber, Technical/EMSEC, and Physical/OPSEC. Our organization has significant experience in providing products and services across all three disciplines and can develop custom security mitigation solutions based on our unique SDTVA™ (Signals Defense Threat and Vulnerability Assessment.) SD Technology is deployed in over 1000 locations including Government Intelligence agencies, DoD and Fortune 100 companies. Our technology has become the de facto standard for the US Government and anyone desiring to properly secure locations handling sensitive and/or classified information.