What should be done to contain the incident

Assignment Help Management Information Sys

Reference no: EM133468401

Assignment:

The organization prohibits the use of peer-to-peer file sharing services. The organization's network intrusion detection sensors have signatures enabled that can detect the usage of several popular peer-to-peer file sharing services. On a Monday evening, an intrusion detection analyst notices that several file sharing alerts have occurred during the past three hours, all involving the same internal IP address.

Question 1 - Preparation: What measures should be in place to attempt to prevent this type of incident from occurring or to limit its impact?

Question 2 - Detection and Analysis: What does the incident response team look at during the initial analysis of a validated incident?

Question 3 - Containment, Eradication, and Recovery: What should be done to contain the incident? Why?

Question 4 - Post-Incident Activity: Who should be invited to attend the lessons learned meeting regarding this incident? And when should the lessons learned meeting be held?

Reference no: EM133468401

Questions Cloud

Explain the man-in-the-middle attack : These two types of attacks are known as Interception or Poisoning. Mention what it is and explain how the "Man-in-the-Middle" (MITM) attack.

Discuss the principle components of a security plan : Use your supplemental reading assignments (hint: see the "Network Security Plan" article above) and other credible sources as the basis for your work.

Why does software development makes so much money : Why does software development makes so much money?

What are the 3 key characteristics of a digital ecosystem : What are the 3 key characteristics of a digital ecosystem?

What should be done to contain the incident : Detection and Analysis: What does the incident response team look at during the initial analysis of a validated incident?

How do you know if technical communication is successful : That is, how can you tell that your message reached the intended audience in the ways that you wanted?

Which would be stored in tuesday incremental backup copy : If you performed incremental backups at the end of Monday and at the end of Tuesday, which files would be stored in Monday's incremental backup copy?

Discussing information security : Find an article discussing information security (INFOSEC) and write a one-page summary of the article.

Discuss the importance of building security into software : Discuss the importance of building security into software. how can you evade associate risk with releasing insure software?

User Account

All Pages