Essay Certified Ethical Hacking
Investigating and Responding to Security Incidents
Course Name and Number: CSS280-1501A-01 Ethical Hacking
Student Name: ***** ******
Instructor Name: ***** ******
Lab Due Date: 2/9/2015
In this lab, you acted as a member of the incident response team who had been assigned an incident response in the form of a help desk trouble ticket. You followed the phases of a security incident response to investigate the event, contain the malware, eradicate the suspicious files, re-test the system in readiness for returning it to service, and complete a detailed security incident response report in the provided template. You used AVG …show more content…
You will need to have your entire help desk staff trained to recognize and quickly escalate issues to an incident team member so that a severity level can be determined. That will determine the resources necessary to respond to the incident. A simple spyware incident may only require one person to clean up and document while at the other end of the spectrum another incident may require every resource available to prevent the company from going out of business. 5. Why is it a good idea to have a security policy that defines the incident response process in your organization?
Organizations should have a policy that defines in specific terms what constitutes an information security incident, and provides a step-by-step process for all employees to follow when an incident occurs. The goal is to completely eradicate the threat from the environment. 6. The post-mortem, lessons learned step is the last in the incident response process. Why is this the most important step in the process?
The lessons learned during the debriefing can then be used to determine the changes that should be made to improve the incident response process for the next it’s put into effect.
Lab #10 - Assessment Worksheet
Securing the Network with an Intrusion Detection System (IDS)