This document summarizes key aspects of cybersecurity incident response based on a chapter from the textbook "Protecting National Infrastructure". It discusses the importance of both front-loaded prevention and back-loaded recovery in incident response processes. It also covers the roles of incident response teams, forensic analysis, disaster recovery planning, and national response program coordination. Maintaining situational awareness is highlighted as important for understanding an organization's security posture and risk levels over time.
Interactive Powerpoint_How to Master effective communication
Running Head Personal Reflection1Personal Reflection1.docx
1. Running Head: Personal Reflection 1
Personal Reflection 1
Personal Reflection
By
Anil Kumar Bandi
Professor Dr. Giovanni Silvestri
University of Cumberlands
Emerging Threats & Countermeas (ITS-834-07)
Abstract
This practical connect assignment is based on my learnings and
take-aways from this course. This paper addresses the various
aspects of my learnings and how I can apply the learnings in my
workplace. Further, major learnings and some important
concepts that I have learnt have been discussed. Importance of
security issues of IT systems have been discussed as well.
2. Information Technology has started to affect all aspects of
human life in various manners. The impact of this is that IT has
become an integral part of the lives of everyone in their
professional as well as personal space. As a professional
working with the development of IT, my job as a software
engineer requires me to have a detailed knowledge of all the
changes that are being introduced in the area of information
technology and the new tools that have been developed for
assisting the professionals in the technical area.
I took up this course for the sake of increasing and expanding
my knowledge in the different areas of implementing IT
services at a workplace. Through the course, I learned about the
different types of security measures that are important for a
company. I learned about some of the basic types of attacks that
can happen on the companies like the one I work for. I also
understood about the ways in which the hackers and cyber
attackers have changed their ways of stealing data and
information and the measures that an IT professional can take in
order to protect the information of their company from such
attacks (Stallings, 2016).
One of the most important concepts that I leaned from this
course is about the details of developing a security unit IT
system. As the nature of the cyber-attacks has become much
diverse than it was a few years back, installing firewalls on the
IT unit cannot guarantee a complete protection from these kinds
of attacks. Apart from this, there are many new kinds of attacks
that have started to be practiced because it is difficult to detect
them for a system administrator like the DDoS attacks. Through
this course, I learned about some of these types of attacks and
3. the ways in which the effect of such attacks can be mitigated
while ensuring that the threats are reduced for the future as well
(Graham et al., 2016).
Another important aspect of IT that I learned about in the
course that I found very interesting was that of the protection of
National Infrastructure. through the course, I learned that there
are much complicated and sophisticated systems that the various
national departments of the country are using. Considering that
these systems affect the life of the common people due to the
abundance of information stored in them, the security of these
systems be a major challenge. However, in order to overcome
these challenges, experts are continuously working on
techniques like separation, correlation, diversity, commonality
and depth (Bullock et al., 2017).
By learning all these concepts, I believe that I have become a
better informed professional and I can use the information that I
have gained from this course into my personal work space.
Through these methods, I am already contribution to a much
safer security system that s being developed by the IT unit of
my company. I have also learned about the importance of
information and staying updated during the course which I will
continue to do on my own level after it is over (Mingst et al.,
2018).
References
Bullock, J. A., Haddow, G. D., & Coppola, D. P.
(2017). Homeland security: the essentials. Butterworth-
Heinemann.
Graham, J., Olson, R., & Howard, R. (2016). Cyber security
essentials. Auerbach Publications.
Mingst, K. A., McKibben, H. E., & Arreguin-Toft, I. M.
(2018). Essentials of international relations. WW Norton &
Company.
Stallings, W. (2016). Network security essentials: applications
and standards. Pearson.
6. r 1
1
–
R
e
s
p
o
n
s
e
Fig. 11.1 – General incident response
process schema
4
• There are two fundamental types of triggers
– Tangible, visible effects of an attack
– Early warning and indications information
• Thus, two approaches to incident response processes
– Front-loaded prevention
– Back-loaded recovery
• The two approaches should be combined for
comprehensive response picture
• Protecting national assets is worth suffering a high
number of false positives
8. a
p
te
r 1
1
–
R
e
s
p
o
n
s
e
Fig. 11.2 – Comparison of front-loaded
and back-loaded response processes
6
• Front-loaded prevention critical to national
infrastructure protection
• Taxonomy of early warning process triggers
– Vulnerability information
– Changes in profiled behavioral metrics
– Match on attack metric pattern
– Component anomalies
10. All rights Reserved
C
h
a
p
te
r 1
1
–
R
e
s
p
o
n
s
e
Fig. 11.3 – Comparison of trigger
intensity threshold for response
8
• Optimal incident response team includes two
components
– A core set of individuals
– A set of subject matter experts
• In complex settings, with multiple incidents,
important for team to not work at cross-purposes
12. a
p
te
r 1
1
–
R
e
s
p
o
n
s
e
Fig. 11.4 – Management of
simultaneous response cases
10
• Response teams in a national setting must plan for
multiple concurrent attacks aimed at a company or
agency
• Considerations for proper planning include
– Avoidance of a single point of contact individual
– Case management automation
– Organizational support for expert involvement
– 24/7 operational support
36. r 1
0
–
A
w
a
re
n
e
s
s
15
Risk Management Process
• Security risks must be tracked and prioritized
• Generally agreed upon approach to measuring risk
associated with specific components begins with two
estimations
– Liklihood
– Consequences
• Actual numeric value of risk less important than
overall relative risk
• A useful construct compares security risk against cost
of recommended action
39. All rights Reserved
C
h
a
p
te
r 1
0
–
A
w
a
re
n
e
s
s
18
Security Operations Centers
• The security operations center (SOC) is the most
visible realization of real-time security situational
awareness
• Most SOC designs begin with centralized model – a
facility tied closely to operation
41. All rights Reserved
C
h
a
p
te
r 1
0
–
A
w
a
re
n
e
s
s
20
• A national-level view of security posture will require
consideration of the following
– Commercial versus government information
– Information classification
– Agency politics
43. Remember that your list of sources must be in APA format, and
you MUST cite your reference in the body of the paper using
APA in-text citation format. A source is any paper or article
that you will reference in your paper. If you need more
information on APA format (for references list AND in-text
citations), visit this reference:
https://owl.english.purdue.edu/owl/resource/560/01/
This assignment must be YOUR OWN WORK! This is an
individual assignment. Plagiarism detected in your work will
result in a grade of zero for the entire paper. (Originality report
should be at least 35% or less.)
Here are a few details about the overall research paper Please
look at the attached rubric for details on how the paper will be
graded.
You must reference two (2) peer-reviewed articles or papers
that support your thesis statement. One of these papers may be
from your annotated bibliography assignment. The final paper
must be at least 500 words in length. (DO NOT exceed 500
words by a material amount. Excessive words or too many
references will NOT impress me.)
So in summary, here are the research paper requirements:
· 2 peer reviewed resources (articles or papers) (1 may be from
your annotated bibliography assignment)
· Paper MUST address: How defense-in-depth (chapter 6) and
awareness (chapter 10) are complimentary techniques to detect
emerging threats and strengthen countermeasures
· Cited sources must directly support your paper (i.e. not
incidental references)
· At least 500 words in length (but NOT longer than 1000
words)
· Originality report should be at least 35% or less.
Admin Notes:
APA Paper Formatting guidelines
1.Title page
2.Abstract
3.Body
44. 4.Text citation and references
Additionally
-As usual, the text is typed on standard white paper that has
familiar parameters of 8.5" x 11".
-The APA style requires using an easy to read font and
recommends using a 12pt Times New Roman font.
-Double spacing is required on both the title page and
throughout the paper.
-Margins should be 1" concerning all sides of the page.
-Paragraph indentation should be set to one half inch from the
left side of the page.
-The unique aspect is in creating a special page header that
consists of the page number and the running head as typed on
the title page in all capitals.