What Risk Resilience Measures Can I Use?

2021 ◽  
pp. 132-159
Author(s):  
Gregory Falco ◽  
Eric Rosenbach
Keyword(s):  
Computer Security ◽  
Event Analysis ◽  
White House ◽  
Security Incident ◽  
Communication Plan ◽  
Detection Analysis ◽  
Response Team ◽  
Response Plan ◽  
The Impact

The question “What resilience measures can I use?” addresses how to reduce the impact and consequences of successful cyberattacks. The chapter begins with a case study analyzing how Capital One recovered after being hacked and highlighting how your organization can use planning to facilitate cyber resilience. It illuminates the technical means for enabling resilience from an attack, including virtualization and maintaining backups. It defines a ten-step process for responding to cyberattacks: prevention, planning, preparation, detection, analysis, containment, communication, eradication, recovery, and post-event analysis. The chapter explains how an organization can build a computer security incident response team (CSIRT) to facilitate this process, and what role a cyber crisis communication plan should play. The chapter concludes with Rosenbach’s Embedded Endurance strategy experience supporting the White House in crafting a national cyberattack resilience and response plan.

scholarly journals Aplicación de Inteligencia de Negocios para el análisis de vulnerabilidades en pro de incrementar el nivel de seguridad en un CSIRT académico

2018 ◽  
Vol 27 (47) ◽  
Author(s):  
Francisco Xavier Reyes-Mena ◽  
Walter Marcelo Fuertes-Díaz ◽  
Carlos Enrique Guzmán-Jaramillo ◽  
Ernesto Pérez-Estévez ◽  
Paúl Fernando Bernal-Barzallo ◽  
...  
Keyword(s):  
Computer Security ◽  
Business Intelligence ◽  
Security Level ◽  
Incident Response ◽  
Security Incident ◽  
Software Application ◽  
Strategic Factor ◽  
Detection Analysis ◽  
Response Team ◽  
Exclusive Or

This study aimed at designing a potential solution through Business Intelligence for acquiring data and information from a wide variety of sources and utilizing them in the decision-making of the vulnerability analysis of an Academic CSIRT (Computer Security Incident Response Team). This study was developed in a CSIRT that gathers a variety of Ecuadorian universities. We applied the Action-Research methodology with a qualitative approach, divided into three phases: First, we qualitatively evaluated two intrusion detection analysis tools (Passive Scanner and Snort) to verify their advantages and their ability to be exclusive or complementary; simultaneously, these tools recorded the real-time logs of the incidents in a MySQL related database. Second, we applied the Ralph Kimball's methodology to develop several routines that allowed applying the "Extract, Transform, and Load" process of the non-normalized logs that were subsequently processed by a graphical user interface. Third, we built a software application using Scrum to connect the obtained logs to the Pentaho BI tool, and thus, generate early alerts as a strategic factor. The results demonstrate the functionality of the designed solution, which generates early alerts, and consequently, increases the security level of the CSIRT members.

scholarly journals Methodology for ensuring computer security for vulnerable systems

2020 ◽  
Vol XXIII (2) ◽  
pp. 185-190
Author(s):  
Opris Violeta Nicoleta
Keyword(s):  
Risk Assessment ◽  
Computer Security ◽  
Security Incident ◽  
Unauthorized Access ◽  
The Impact ◽  
Cloud Users

Risk assessment is a process that provides cloud users with useful data for understanding the impact. We define a security incident as an event that attempts unauthorized access to databases. It is similar to an attack on the integrity and confidentiality of information.

THE CASE STUDY OF EMERGENCY RESPONSE PLAN (ERP) IMPLEMENTATION DURING THE MALAYSIA AIRLINES FLIGHT MH370 DISAPPEARANCE

2019 ◽  
Vol 4 (2) ◽  
pp. 270 ◽  
Author(s):  
Ahmad Nabil Saroni ◽  
Muhammad Asraf Abd Samat ◽  
Jamaludin Ibrahim
Keyword(s):  
Emergency Response ◽  
Qualitative Case Study ◽  
Kuala Lumpur ◽  
Erp Implementation ◽  
Case Study Methodology ◽  
Emergency Response Plan ◽  
Response Team ◽  
Study Methodology ◽  
Response Plan

The unsolved mystery on the disappearance of Malaysia Airlines (MAS) Flight MH370 has been one of the most highly discussed air crashed incidents in recent times. The doomed flight was en route from Kuala Lumpur to Beijing with a total of 239 people on board. Even after years of investigation and searching efforts that ended recently, investigators have not been able to identify the reason that led to the deviation from its original route shortly after taking off. Accordingly, this case study evaluates the implementation of Malaysia Airlines’ Emergency Response Plan (ERP) in handling the incident, particularly in the early crucial weeks. The data were collected from the ERP practices retrieved from several articles, reports, and journals; and they were analyzed by using a qualitative case study methodology. This study hypothesizes that there were a number of loopholes that led to an ineffective implementation of Malaysia Airlines (MAS)’ ERP steered by the Emergency Response Team (ERT) and Malaysian authorities; that was further worsened by both internal and external crisis elements ranging from unverified information to the shortcomings in the Search and Rescue (SAR) operation conducted.

Developing Cybersecurity Resilience in the Provincial Government

2019 ◽  
pp. 870-897
Author(s):  
Harold Patrick ◽  
Brett van Niekerk ◽  
Ziska Fields
Keyword(s):  
Computer Security ◽  
Industrial Revolution ◽  
Good Governance ◽  
Provincial Government ◽  
Security Strategy ◽  
Security Incident ◽  
Response Team ◽  
The Right ◽  
And Control ◽  
Cyber Risk

The approach that the organization uses to manage its cyber-risk to its workforce, information, systems, and networks is paramount to ensure sustainability and continuity in the Fourth Industrial Revolution. Improving cyber-resiliency in the organization reduces the chance of future threats and attacks and builds better capability. Cyber resilience involves continuous operations, good governance, and diligence supported by the right security strategy of a computer security incident response team (CSIRT) that can protect government operations and control cyber-risks. CSIRT can build better resiliency at the decentralized provincial government level, and contribute to cyber awareness amongst the workforce, public, and other government departments. A CSIRT can further contribute to resilience to the organization by analyzing the threats and attacks, developing countermeasures for the future in protecting its systems and networks from threat actors.

Computer Security Incident Response Team Development and Evolution

2014 ◽  
Vol 12 (5) ◽  
pp. 16-26 ◽  
Author(s):  
Robin Ruefle ◽  
Audrey Dorofee ◽  
David Mundie ◽  
Allen D. Householder ◽  
Michael Murray ◽  
...  
Keyword(s):  
Computer Security ◽  
Team Development ◽  
Incident Response ◽  
Security Incident ◽  
Response Team ◽  
Development And Evolution

scholarly journals Proposal for an Implementation Guide for a Computer Security Incident Response Team on a University Campus

Computers ◽  
2021 ◽  
Vol 10 (8) ◽  
pp. 102
Author(s):  
William Villegas-Ch. ◽  
Ivan Ortiz-Garces ◽  
Santiago Sánchez-Viteri
Keyword(s):  
Computer Security ◽  
Information Technologies ◽  
New Technologies ◽  
National Level ◽  
Incident Response ◽  
University Campus ◽  
Test Bed ◽  
Security Incident ◽  
Response Team ◽  
New Treatments

Currently, society is going through a health event with devastating results. In their desire to control the 2019 coronavirus disease, large organizations have turned over the execution of their activities to the use of information technology. These tools, adapted to the use of the Internet, have been presented as an effective solution to the measures implemented by the majority of nations where quarantines are generalized. However, the solution given by information technologies has several disadvantages that must be solved. The most important in this regard is with the serious security incidents that exist, where many organizations have been compromised and their data has been exposed. As a solution, this work proposes the design of a guide that allows for the implementation of a computer incident response team on a university campus. Universities are optimal environments for the generation of new technologies; they also serve as the ideal test bed for the generation of security policies and new treatments for incidents in an organization. In addition, with the implementation of the computer incident response team in a university, it is proposed to be part of a response group to any security incident at the national level.

Developing Cybersecurity Resilience in the Provincial Government

2018 ◽  
pp. 336-363
Author(s):  
Harold Patrick ◽  
Brett van Niekerk ◽  
Ziska Fields
Keyword(s):  
Computer Security ◽  
Industrial Revolution ◽  
Good Governance ◽  
Provincial Government ◽  
Security Strategy ◽  
Security Incident ◽  
Response Team ◽  
The Right ◽  
And Control ◽  
Cyber Risk

The approach that the organization uses to manage its cyber-risk to its workforce, information, systems, and networks is paramount to ensure sustainability and continuity in the Fourth Industrial Revolution. Improving cyber-resiliency in the organization reduces the chance of future threats and attacks and builds better capability. Cyber resilience involves continuous operations, good governance, and diligence supported by the right security strategy of a computer security incident response team (CSIRT) that can protect government operations and control cyber-risks. CSIRT can build better resiliency at the decentralized provincial government level, and contribute to cyber awareness amongst the workforce, public, and other government departments. A CSIRT can further contribute to resilience to the organization by analyzing the threats and attacks, developing countermeasures for the future in protecting its systems and networks from threat actors.

Stepping out of the Shadow

2021 ◽  
pp. 296-313
Author(s):  
Nicole van der Meulen
Keyword(s):  
Computer Security ◽  
Emergency Response ◽  
Cyber Security ◽  
Historical Background ◽  
Incident Response ◽  
Security Incident ◽  
Different Types ◽  
Response Team ◽  
Insight Into ◽  
Different Parts

After the discovery of the Morris Worm in November 1988, the first Computer Emergency Response Team (CERT) was established. During the following years, other CERTs or Computer Security Incident Response Teams (CSIRTs) were established in different parts of the globe. Now, three decades later, CSIRTs have become an integral part of the cyber security ecosystem. This chapter aims to provide an insight into the evolution of CSIRTs by describing their historical background, their different types and services, as well as the challenges they are encountering as the topic of cyber security becomes more pertinent and political.

Sign in / Sign up

Export Citation Format

Share Document