As a Senior Security Analyst with the most experience in incident response at Blue Moon Financial (BMF), it is my duty to handle this network intrusion attack. When the technician contacted me over the phone about this incident, I have asked and gathered the following information from the technician:
- The technician’s full name and employee ID number.
- Date and time he/she discovered the incident
- Has he/she seen this incident occurred before?
- How did the technician discover the incident?
- What does he/she know about the incident?
Since I have confirmed that the BMF is under an active attack, the first I need to do is to protect my people, and after that proceed onward to things like securing BMF sensitive financial data and assets. Stopping …show more content…
I then contact BMF Incident Response Coordinator who can contact the Computer Incident Response Team (CIRT) so that they can conduct the initial investigation. The CIRT is a team comprising of BMF employees with experience and knowledgeable from different departments within the BMF. IT staffs are not only personnel that are needed to handle the incidents, but from other technical experts. Each departments should have a representative to be a CIRT member in the team. The following are the main department representatives (Bryce, …show more content…
This incorporates detailing incidents to organizations such as Federal Computer Incident Response Center (FedCIRC) and the CERT Coordination Center (CERT/CC), and law enforcement.
- Human Resource (HR): The HR should define employee policies to oversee proper use of BMF system and network assets. An employee may face counseling and discipline when violate the policies.
- Management: It is crucial to communicate with senior management all through every incident when the severity level is as “high” or “medium”. Management can engage the CIRT by establishing an incident spending plan, the CIRT staffing, delivering incident’s status to Board of Directors, and making critical incident response decisions. It is the duty of the CIRT to respond to the issue rapidly and proficiently. The CIRT needs to stop the attack to prevent further damage. The team can utilize various procedures to fulfill their tasks. Generally, the CIRT will disable the network connections, isolate affected systems, make changes to access control lists on routers and firewalls, as well as patching all systems. The CIRT can perform the following tasks (Suhy,
- The technician’s full name and employee ID number.
- Date and time he/she discovered the incident
- Has he/she seen this incident occurred before?
- How did the technician discover the incident?
- What does he/she know about the incident?
Since I have confirmed that the BMF is under an active attack, the first I need to do is to protect my people, and after that proceed onward to things like securing BMF sensitive financial data and assets. Stopping …show more content…
I then contact BMF Incident Response Coordinator who can contact the Computer Incident Response Team (CIRT) so that they can conduct the initial investigation. The CIRT is a team comprising of BMF employees with experience and knowledgeable from different departments within the BMF. IT staffs are not only personnel that are needed to handle the incidents, but from other technical experts. Each departments should have a representative to be a CIRT member in the team. The following are the main department representatives (Bryce, …show more content…
This incorporates detailing incidents to organizations such as Federal Computer Incident Response Center (FedCIRC) and the CERT Coordination Center (CERT/CC), and law enforcement.
- Human Resource (HR): The HR should define employee policies to oversee proper use of BMF system and network assets. An employee may face counseling and discipline when violate the policies.
- Management: It is crucial to communicate with senior management all through every incident when the severity level is as “high” or “medium”. Management can engage the CIRT by establishing an incident spending plan, the CIRT staffing, delivering incident’s status to Board of Directors, and making critical incident response decisions. It is the duty of the CIRT to respond to the issue rapidly and proficiently. The CIRT needs to stop the attack to prevent further damage. The team can utilize various procedures to fulfill their tasks. Generally, the CIRT will disable the network connections, isolate affected systems, make changes to access control lists on routers and firewalls, as well as patching all systems. The CIRT can perform the following tasks (Suhy,