Preparing for future attacks. Solution Brief: Implementing the right securit...Symantec
Recent malware incidents have shown how costly and damaging cyber attacks can be.
The Stuxnet worm is believed to have significantly affected Iranian nuclear processing, and was widely considered to be the first operational cyber weapon1. Shamoon was able to compromise and incapacitate 30,000 work stations within an oil producing organisation2. Another targeted malware attack against a public corporation resulted in the company declaring a $66 million loss relating to the attack3. Such attacks may not necessarily be successful, but when attackers do find their way inside an organisation’s systems, a swift, well-prepared response
can quickly minimise damage and restore systems before significant harm
can be caused.
In order to prepare such a response, organisations must understand how attacks can progress, develop a counteractive strategy, decide who will carry out which actions and then practise and refine the plan.
Incident Response Whitepaper from AlienVault, one of the multiple SIEM solutions that Panda Adaptive Defense (360) works with, in addition to native Advanced Reporting/LogTrust.
Unified, Coordinated Security Monitoring
Simple Security Event Management & Reporting
Log Management
User Monitoring & File Integrity Monitoring
Threat Intelligence
Fast Deployment
One Easy-to-Use Console
10 Steps to Building an Effective Vulnerability Management ProgramBeyondTrust
You can tune in for the full webinar recording here: https://www.beyondtrust.com/resources/webinar/10-steps-to-building-an-effective-vulnerability-management-program/
In this presentation from the webinar by cyber security expert Derek A, Smith, hear a step-by-step overview of how to build an effective vulnerability management program. Whether your network consists of just a few connected computers or thousands of servers distributed around the world, this presentation discusses ten actionable steps you can apply whether its to bolster your existing vulnerability management program--or building one from scratch.
10 Tips to Improve Your Security Incident Readiness and ReponseEMC
This white paper covers why incident readiness and response often falls short in ten areas that span people, processes and technology. By tackling these shortcomings, organizations can reduce risk by with early warnings of potential problems.
Preparing for future attacks. Solution Brief: Implementing the right securit...Symantec
Recent malware incidents have shown how costly and damaging cyber attacks can be.
The Stuxnet worm is believed to have significantly affected Iranian nuclear processing, and was widely considered to be the first operational cyber weapon1. Shamoon was able to compromise and incapacitate 30,000 work stations within an oil producing organisation2. Another targeted malware attack against a public corporation resulted in the company declaring a $66 million loss relating to the attack3. Such attacks may not necessarily be successful, but when attackers do find their way inside an organisation’s systems, a swift, well-prepared response
can quickly minimise damage and restore systems before significant harm
can be caused.
In order to prepare such a response, organisations must understand how attacks can progress, develop a counteractive strategy, decide who will carry out which actions and then practise and refine the plan.
Incident Response Whitepaper from AlienVault, one of the multiple SIEM solutions that Panda Adaptive Defense (360) works with, in addition to native Advanced Reporting/LogTrust.
Unified, Coordinated Security Monitoring
Simple Security Event Management & Reporting
Log Management
User Monitoring & File Integrity Monitoring
Threat Intelligence
Fast Deployment
One Easy-to-Use Console
10 Steps to Building an Effective Vulnerability Management ProgramBeyondTrust
You can tune in for the full webinar recording here: https://www.beyondtrust.com/resources/webinar/10-steps-to-building-an-effective-vulnerability-management-program/
In this presentation from the webinar by cyber security expert Derek A, Smith, hear a step-by-step overview of how to build an effective vulnerability management program. Whether your network consists of just a few connected computers or thousands of servers distributed around the world, this presentation discusses ten actionable steps you can apply whether its to bolster your existing vulnerability management program--or building one from scratch.
10 Tips to Improve Your Security Incident Readiness and ReponseEMC
This white paper covers why incident readiness and response often falls short in ten areas that span people, processes and technology. By tackling these shortcomings, organizations can reduce risk by with early warnings of potential problems.
As the cybersecurity landscape continues to evolve and threat actor sophistication increases, it is ever more important that you not only have incident response processes in place but that you ensure they work consistently. And, of course, you should continuously iterate and improve over time.
Visit - https://www.siemplify.co/blog/testing-incident-response-processes/
This white paper endeavors to compare the traditional Threat identification techniques and the challenges they pose as they are applied into current product designs. It also proposes the key elements to consider while designing new threat identification solutions.
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
Practice makes perfect. And unfortunately for security professionals, attackers have realized that persistence is a powerful approach to breaching an organization's defenses.
Focusing on prevention alone is no longer a sufficient strategy for securing your organization against the business risks of a breach. Our current security environment demands an approach less centered on ideal prevention and more focused on reality. During this webcast, we discussed key strategies that limit your risk and exposure to unrelenting threats.
Some highlighted topics include:
- How the shift in attacker motivations has impacted today's threat landscape
- Why preventative techniques alone can no longer ensure a secure environment
- Which strategies need to be considered for a holistic approach to security
- What next steps you can take towards identifying your best strategy against attacks
Можно ли научить людей тому, чему они не желают учиться? Можно ли превратить слабое звено в союзника службы ИБ и какими инструментами для этого пользоваться? Опыт «Лаборатории Касперского».
Thermo Group CA patrocina Maratón Guarenas segunda ediciónDaneil Micca
La segunda edición de Guarenas Maratón está organizado el 28 de febrero y se espera ver una mayor participación de los atletas venezolanos que fue visto en la edición de 2015. Menahem Michel Edery llevó Thermo Group CA Venezuela es un importante patrocinador del maratón.
As the cybersecurity landscape continues to evolve and threat actor sophistication increases, it is ever more important that you not only have incident response processes in place but that you ensure they work consistently. And, of course, you should continuously iterate and improve over time.
Visit - https://www.siemplify.co/blog/testing-incident-response-processes/
This white paper endeavors to compare the traditional Threat identification techniques and the challenges they pose as they are applied into current product designs. It also proposes the key elements to consider while designing new threat identification solutions.
Rethinking Cyber-Security: 7 Key Strategies for the Challenges that Lie AheadOpenDNS
Practice makes perfect. And unfortunately for security professionals, attackers have realized that persistence is a powerful approach to breaching an organization's defenses.
Focusing on prevention alone is no longer a sufficient strategy for securing your organization against the business risks of a breach. Our current security environment demands an approach less centered on ideal prevention and more focused on reality. During this webcast, we discussed key strategies that limit your risk and exposure to unrelenting threats.
Some highlighted topics include:
- How the shift in attacker motivations has impacted today's threat landscape
- Why preventative techniques alone can no longer ensure a secure environment
- Which strategies need to be considered for a holistic approach to security
- What next steps you can take towards identifying your best strategy against attacks
Можно ли научить людей тому, чему они не желают учиться? Можно ли превратить слабое звено в союзника службы ИБ и какими инструментами для этого пользоваться? Опыт «Лаборатории Касперского».
Thermo Group CA patrocina Maratón Guarenas segunda ediciónDaneil Micca
La segunda edición de Guarenas Maratón está organizado el 28 de febrero y se espera ver una mayor participación de los atletas venezolanos que fue visto en la edición de 2015. Menahem Michel Edery llevó Thermo Group CA Venezuela es un importante patrocinador del maratón.
March is Developments Disabilities Month- The right match brought more to both Employer and new Employee than either expected. Please champion diversity hiring within your organization
Second try - March is Developmental Disabilities Month - and UDS and a success story is the best way to show how businesses can advance their bottom line- and employee moral by hiring diversity.
Changing Hair Style Trends By Thermo Group CADaneil Micca
If anything characterizes the women, it is their taste for a change of hairstyle. We know that hair is an important part of style and personality . Women often take inspiration from public figures to be in the forefront.
An incident response plan (IRP) is a set of written instructions for.pdfaradhana9856
An incident response plan (IRP) is a set of written instructions for detecting, responding to and
limiting the effects of an information security event.Incident response plans provide instructions
for responding to a number of potential scenarios, including data breaches, denial of
service/distributed denial of service attacks, firewall breaches, virus or malware outbreaks or
insider threats. Without an incident response plan in place, organizations may either not detect
the attack in the first place, or not follow proper protocol to contain the threat and recover from it
when a breach is detected.
According to the SANS Institute, there are six key phases of an incident response plan:
1. Preparation: Preparing users and IT staff to handle potential incidents should they should arise
2. Identification: Determining whether an event is indeed a security incident
3. Containment: Limiting the damage of the incident and isolating affected systems to prevent
further damage
4. Eradication: Finding the root cause of the incident, removing affected systems from the
production environment
5. Recovery: Permitting affected systems back into the production environment, ensuring no
threat remains
6. Lessons learned: Completing incident documentation, performing analysis to ultimately learn
from incident and potentially improve future response efforts
It is important that an incident response plan is formulated, supported throughout the
organization, and is regularly tested. A good incident response plan can minimize not only the
affects of the actual security breach, but it may also reduce the negative publicity.
From a security team perspective, it does not matter whether a breach occurs (as such
occurrences are an eventual part of doing business using an untrusted carrier network, such as the
Internet), but rather, when a breach occurs. Do not think of a system as weak and vulnerable; it is
important to realize that given enough time and resources, someone can break into even the most
security-hardened system or network. You do not need to look any further than the Security
Focus website at http://www.securityfocus.com/ for updated and detailed information concerning
recent security breaches and vulnerabilities, from the frequent defacement of corporate
webpages, to the 2002 attacks on the root DNS nameservers[1].
The positive aspect of realizing the inevitability of a system breach is that it allows the security
team to develop a course of action that minimizes any potential damage. Combining a course of
action with expertise allows the team to respond to adverse conditions in a formal and responsive
manner.
The incident response plan itself can be separated into four phases:
Immediate action to stop or minimize the incident
Investigation of the incident
Restoration of affected resources
Reporting the incident to the proper channels
Solution
An incident response plan (IRP) is a set of written instructions for detecting, responding to and
limiting the eff.
In this blog, we’ll delve into the importance of cybersecurity incident response planning and provide a guide for building a resilient response strategy.
Practical Guide to Managing Incidents Using LLM's and NLP.pdfChris Galvan
This is a project that was created to enable Cybersecurity Defenders in positions such as Forensics, Incident Response, SOC, and Threat Hunting to have a starting place to investigate logs across AWS, GCP, and and Windows Systems.
The last section includes 3 case studies and research done by Christian Galvan and Lawren Epstein on real world attacks to large companies.
Security operations center 5 security controlsAlienVault
An effective Security Operation Center provides the information necessary for organizations to efficiently detect threats and subsequently contain them. While eliminating the threats we face is an impossible goal, reducing the time it takes to respond and contain them is certainly achievable. Learn 5 security controls for an effective security operations center.
Internet, Cyber-attacks and threats are becoming more prevalent. This Infographic explains the current state, and things to consider for yourself and your business.
Best Open Threat Management Platform in USACompanySeceon
Threat management is a process that is used by cybersecurity analysts, incident responders and threat hunters to prevent cyberattacks, detect cyberthreats and respond to security incidents. Call us: +1 (978)-923-0040
Proactive Security - Principled Aspiration or Marketing Buzzword?nathan816428
Whenever a new cybersecurity acronym or term starts gaining momentum, it is usually met with two distinct and opposite reactions: vendors jump on the bandwagon and claim it while security professionals try to decipher whether there’s substance and value or just a new buzzword. In this presentation, we will attempt to take an objective and critical look at a term that is quickly becoming today’s “zero trust”.
The cost of a security breach can be devastating for businesses. PetaBytz's cybersecurity strategy offers comprehensive protection to minimize the risk of data loss and financial damage.
Cyber security lecture for University students, following and expanding on previously delivered presentation on Enterprise Security Incident Management. More in-depth, with the Security Incident lifecycle focus
Chapter 1Managing RiskTHE FOLLOWING COMPTIA SECURITY+ EXAM OBJ.docxwalterl4
Chapter 1
Managing Risk
THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:
· 3.8 Explain how resiliency and automation strategies reduce risk.
· Automation/Scripting: Automated courses of action; Continuous monitoring; Configuration validation
· Templates
· Master image
· Non-persistence: Snapshots; Revert to known state; Rollback to known configuration; Live boot media
· Elasticity
· Scalability
· Distributive allocation
· Redundancy
· Fault tolerance
· High availability
· RAID
· 5.1 Explain the importance of policies, plans, and procedures related to organizational security.
· Standard operating procedure
· Agreement types: BPA; SLA; ISA; MOU/MOA
· Personnel management: Mandatory vacations; Job rotation; Separation of duties; Clean desk; Background checks; Exit interviews; Role-based awareness training (Data owner; System administrator; System owner; User; Privileged user; Executive user); NDA, Onboarding; Continuing education; Acceptable use policy/rules of behavior; Adverse actions
· General security policies: Social media networks/applications; Personal email
· 5.2 Summarize business impact analysis concepts.
· RTO/RPO
· MTBF
· MTTR
· Mission-essential functions
· Identification of critical systems
· Single point of failure
· Impact: Life; Property; Safety; Finance; Reputation
· Privacy impact assessment
· Privacy threshold assessment
· 5.3 Explain risk management processes and concepts.
· Threat assessment: Environmental; Manmade; Internal vs. External
· Risk assessment: SLE; ALE; ARO; Asset value; Risk register; Likelihood of occurrence; Supply chain assessment; Impact; Quantitative; Qualitative; Testing (Penetration testing authorization; Vulnerability testing authorization); Risk response techniques (Accept, Transfer, Avoid, Mitigate)
· Change management
As an administrator, you are responsible. You are responsible for data that gets created, stored, transmitted, viewed, modified, deleted, and just about everything else that can be done with it. Because of this, not only must you enable it to exist, but you must protect it, authenticate it, secure it, and keep it in the form that complies with every applicable law, policy, and regulation. Counter to this are all of the dangers that can befall the data: it can be accidentally deleted, overwritten, stolen, and lost. These potential harms represent risks, and you must know the risks involved in working with data. You have to know and accept that data can be corrupted, it can be accessed by those who shouldn’t see it, values can be changed, and so on.
If you think that being armed with this knowledge is enough to drive you into taking the steps necessary to keep any harm from happening, however, you are sadly mistaken. One of the actions that administrators can be instructed to take by upper management regarding potential threats is to accept that they exist. If the cost of preventing a particular risk from becoming a reality exceeds the value of the harm t.
A data breach demands a comprehensive response. Knowing who will be part of your response team and assigning their primary tasks ahead of time will help you quickly take appropriate action. The team should be enterprise-wide and include key members of the executive team and board of directors, the head of IT, security experts, as well as representatives from your legal, communications and HR departments.
10 Ways For Mitigating Cybersecurity Risks In Project Management.docxyoroflowproduct
Each strategy discussed here will focus on a specific aspect of project management that can be vulnerable to cyber threats. From establishing strong access controls and user authentication mechanisms to ensuring regular data backups and robust incident response plans, these strategies will provide project managers with practical steps to enhance their project’s cybersecurity posture.
Take the first step today by requesting a demo of the Yoroproject, enabling you to proactively protect your business against cyber threats.
Similar to Preparing for future attacks - the right security strategy (20)
Ensure your organization data as secured through possible vulnerabilities. There are
ways to close the gaps in your
defenses and secure your organization
against dangerous advanced threats.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AI—a transformative subset of artificial intelligence technologies poised to revolutionize software testing.
Large Language Models and the End of ProgrammingMatt Welsh
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
Your Digital Assistant.
Making complex approach simple. Straightforward process saves time. No more waiting to connect with people that matter to you. Safety first is not a cliché - Securely protect information in cloud storage to prevent any third party from accessing data.
Would you rather make your visitors feel burdened by making them wait? Or choose VizMan for a stress-free experience? VizMan is an automated visitor management system that works for any industries not limited to factories, societies, government institutes, and warehouses. A new age contactless way of logging information of visitors, employees, packages, and vehicles. VizMan is a digital logbook so it deters unnecessary use of paper or space since there is no requirement of bundles of registers that is left to collect dust in a corner of a room. Visitor’s essential details, helps in scheduling meetings for visitors and employees, and assists in supervising the attendance of the employees. With VizMan, visitors don’t need to wait for hours in long queues. VizMan handles visitors with the value they deserve because we know time is important to you.
Feasible Features
One Subscription, Four Modules – Admin, Employee, Receptionist, and Gatekeeper ensures confidentiality and prevents data from being manipulated
User Friendly – can be easily used on Android, iOS, and Web Interface
Multiple Accessibility – Log in through any device from any place at any time
One app for all industries – a Visitor Management System that works for any organisation.
Stress-free Sign-up
Visitor is registered and checked-in by the Receptionist
Host gets a notification, where they opt to Approve the meeting
Host notifies the Receptionist of the end of the meeting
Visitor is checked-out by the Receptionist
Host enters notes and remarks of the meeting
Customizable Components
Scheduling Meetings – Host can invite visitors for meetings and also approve, reject and reschedule meetings
Single/Bulk invites – Invitations can be sent individually to a visitor or collectively to many visitors
VIP Visitors – Additional security of data for VIP visitors to avoid misuse of information
Courier Management – Keeps a check on deliveries like commodities being delivered in and out of establishments
Alerts & Notifications – Get notified on SMS, email, and application
Parking Management – Manage availability of parking space
Individual log-in – Every user has their own log-in id
Visitor/Meeting Analytics – Evaluate notes and remarks of the meeting stored in the system
Visitor Management System is a secure and user friendly database manager that records, filters, tracks the visitors to your organization.
"Secure Your Premises with VizMan (VMS) – Get It Now"
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
2. Solution brief: implementing the right security strategy now
Introduction
Recent malware incidents have
shown how costly and damaging
cyber attacks can be.
The Stuxnet worm is believed to have significantly affected Iranian nuclear
processing, and was widely considered to be the first operational cyber
weapon.1
Shamoon was able to compromise and incapacitate 30,000 work
stations within an oil producing organization.2
Another targeted malware
attack against a public corporation resulted in the company declaring a $66
million loss relating to the attack.3
Such attacks may not necessarily be successful, but when attackers do find
their way inside an organization’s systems, a swift, well-prepared response
can quickly minimize damage and restore systems before significant harm
can be caused.
In order to prepare such a response, organizations must understand how
attacks can progress, develop a counteractive strategy, decide who will carry
out which actions and then practice and refine the plan.
http://go.symantec.com/cyber-resilience
3. Understanding attacks
An attack starts with a point of ingress to the organization. This may be an
unsecured system that hackers are able to access, a vulnerable machine on
which malware is executed, or a user who has been duped into installing
malware. This point of ingress may then be exploited to spread attacks through
the network, either by hacking other systems or by using malware to exploit
unpatched system vulnerabilities and install itself on other systems.
Once a system is compromised, attackers may install further malware, or
take control of the system and send commands for execution. Attackers may
seek to exfiltrate information such as confidential files or usernames and
passwords held on the system.
Protecting against attacks
Most attacks can be defended against with the implementation of basic
information security practices. The Australian Department of Defense found
that implementing four mitigation strategies was sufficient to prevent 85
percent of targeted attacks.4
The British Government has advised that
focusing on ten key areas is sufficient to counteract most cyber threats,5
while the US has put forth the National Institute of Standards and Technology
(NIST) framework.
At a minimum, an organization should ensure that network traffic and systems
are scanned for malware and that logs of system and network activity are kept
for forensic analysis if necessary. Additionally, regular backups are vital to ensure
that damaged systems can be restored to a normal working state.
Adequate information security defenses reduce the likelihood of attacks
succeeding. However, behind every cyber attack headline is an organization
that believed its defenses were sufficient. Major incidents do occur and need
to be planned for, in order to reduce disruption to the business, minimize
harm and reduce the time required for recovery.
Solution brief: implementing the right security strategy now
Ingress Expand attack Exfiltrate attack
Attacker
User
Attacker
Issue commands
http://go.symantec.com/cyber-resilience
4. These actions may impact users and services throughout the organization.
Notably, they may effect how users, and indeed the response team,
usually communicate. Therefore, consideration needs to be given to how
communication will be maintained and how users and executives will be
kept up-to-date with the progress of incident resolution.
Forensic analysis should be used, not only to help identify if data has been
compromised, but also to assess how attackers initially penetrated the
systems. The vulnerability that was exploited to gain access needs to be
addressed as a priority to prevent the attack from being repeated as soon as
it has been resolved. The collection and preservation of forensic information
may also help in identifying and prosecuting those responsible for the attack.
Solution brief: implementing the right security strategy now
Preparing for incidents
Organizations should expect sophisticated attacks to be launched against
their systems and prepare for this eventuality accordingly. In practice, such
attacks are rare. However, by keeping abreast of the latest attacks and
attacker techniques, organizations can verify that their systems are capable of
detecting and repelling such threats.
Attention to the preparation process ensures that when an attack occurs,
it is rapidly detected. Many identified incidents may be, on closer analysis,
false positives, and many will be minor and will not require a major response.
Nevertheless, organizations should be sure that they are capturing and recording
all incidents so that the attacks that do require attention are quickly identified
and escalated. To do this, it is important to determine the escalation criterion and
mechanism by which a detected incident will activate an incident plan.
The first step of the incident plan should be an assessment of the situation. This
should be followed by actions to prevent the attack from spreading to affect more
systems and to prevent further harm from being incurred. Systems that have been
infected will need to be isolated to contain the attack. Systems as yet uninfected
may need to be temporarily disabled to prevent the attack from spreading
internally, and network access may need to be curtailed.
Prepare for attacks Implement response plan Refine response plan
Figure 2: Incidence response phases
Preparation Response RecoveryDetection Review
Time
Attacker
Ingress
Attacker
Detected
System
s
Secured
Norm
al
Operation
Resum
ed
http://go.symantec.com/cyber-resilience
5. The recovery phase involves restoring systems to their pre-infection state.
Access to recent backups of the affected systems can greatly facilitate
this process, providing they are free from malware. Care must be taken to
ensure that systems are restored to an infection-free state.
Each incident should be subsequently reviewed to identify which procedures
worked well, and where existing practices were lacking. The opportunity
should be taken to learn from the incident and improve procedures in order
to improve the security posture of the organization.
Creating a response team
Every organization needs not only a response plan, but also a team that
will implement it. So, a key factor for success will be the support of senior
management. Indeed, when an incident is evolving fast, the involvement
of a senior manager with the authority to approve whatever measures are
necessary to contain and resolve the incident may be vital for gaining a
speed advantage over the attackers.
Relevant stakeholders from departments that may be affected by an
incident will need to be included as part of the response team. However,
the greatest input to the team will be from the technical staff, who will
implement the plan and possess the skills to remediate damage.
Organizations shouldn’t feel that every position in the response team needs
to be filled by in-house staff. External expertise should be considered for the
specialist skills, and experience with similar incidents, that can be brought
to the team.
The composition of the team also needs to be regularly reviewed. Members
may be required to be on-call for extended periods of time and might
benefit from being rotated out of the incident team in order to rest. Equally,
exercises and testing could identify additional skills that need to be brought
into the team.
Solution brief: implementing the right security strategy now
http://go.symantec.com/cyber-resilience
6. Testing the plan
Major attacks are rare events. The ideal outcome is that the incident plan
and the skills of the response team will never need to be put into action.
However, relying on this possibility brings risks of its own. Regularly testing
the incident plan will reveal areas of weakness and prevent skills from being
forgotten through lack of use.
Testing exercises may be paper-based, where the response to an evolving
attack and resolution of the incident is played out on a theoretical basis.
Or, such testing may be scheduled as a live exercise involving a team of
penetration testers that simulate how attackers may compromise systems.
Regular exercises ensure that team members are comfortable with their roles
and responsibilities. Testing a variety of different attack scenarios ensures
that procedures are both comprehensive and flexible enough to respond to
future attacks. Teams should adopt the model of: plan, do, check and act.
Plan Establish objectives, policies and procedures to meet the
requirements of the business.
Do Implement these policies and procedures.
Check Verify if these are effective at meeting objectives in practice.
Act Take action to modify plans according to experience gained to
refine and improve.
Solution brief: implementing the right security strategy now
More focus, less risk.
P
lan
D
o
Ac
t
Che
ck
http://go.symantec.com/cyber-resilience
7. Conclusion
Understanding how attacks can occur,
implementing the right procedures
and developing a clear response
strategy can help organizations to
counteract future threats and recover
from incidents more quickly.
References
1 N. Falliere, L. O. Murchu, E. Chien, “W32. Stuxnet Dossier”, Symantec
Security Response Whitepaper, February 2007
S. Davies, “Out of Control”, Engineering & Technology v.6 (6) p.60-62,
July 2011
2 D. Walker “Saudi Oil Company Back Online After Cyber Sabotage
Attempt”, SC Magazine, 27 Aug 2012
3 H. Tsukayama, “Cyber Attack on RSA Cost EMC $66 Million”, The
Washington Post, 26 Jul 2011
4 “Top Four Mitigation Strategies to Protect Your ICT System”, Australian
Government Department of Defence Intelligence and Security, p. 1,
September 2011
5 “Executive Companion: 10 Steps to Cyber Security”, Dept. for Business
Innovation & Skills, Centre for the Protection of National Infrastructure,
Office of Cyber Security & Information Assurance, p. 1, September 2012
Solution brief: implementing the right security strategy now
http://go.symantec.com/cyber-resilience