Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
13Activity
0 of .
Results for:
No results containing your search query
P. 1
Malware Incident Response Plan

Malware Incident Response Plan

Ratings: (0)|Views: 918|Likes:
Published by dsimons1189
I did this Malware Response plan back in 2008. Very few organizations have any response planning in place. Probably (in part) why 50% of all Fortune 500 companies had computers in the huge botnet the fed recently discovered. Comments? Daniel
I did this Malware Response plan back in 2008. Very few organizations have any response planning in place. Probably (in part) why 50% of all Fortune 500 companies had computers in the huge botnet the fed recently discovered. Comments? Daniel

More info:

Published by: dsimons1189 on Mar 22, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

05/09/2013

pdf

text

original

 
Malware IncidentResponse Plan
For
Malicious Software IAE 677
 –
Fall 2008
By
Daniel SimonsNov. 18, 2008
 
1.
 
Preparation:
 A.
Develop an acceptable use policy
 
 –
An acceptable usage policy explains whatcompany computer assets should and should not be used for. This policy should bedistributed to all company employees. Identifying and discouraging activities that are notwork related will decrease the likelihood of malware infection. For instance, many of the web sites that host malicious scripts do not typically fall into the category of sitesidentified as being work related. Other activities which should be banned or closelymonitored include peer-to-peer file sharing and instant messaging. Both are breedinggrounds for malware and provide methods for users to circumvent security controls. Inaddition, the majority of files hosted on peer-to-peer file sharing networks are oftenprotected by copyright laws, and may involve legal liability. Using work email systemsfor personal purposes should also be kept to a minimum, reducing the possibility of usersopening unexpected email content, or forwarded messages from friends that maycontain harmful attachments. An acceptable usage policy should be drafted tocommunicate the proper use of business systems. The policy should be carefullyreviewed by management and legal counsel to determine the effectiveness and legalimplications of the document. The policy will be distributed to all corporate employees.B.
Educate end users
 
 –
It is equally important to provide adequate malware awarenesstraining to end users. Educating users about the dangers of opening unexpected orsuspicious email attachments, installing adware supported shareware software, runningmalicious scripts from insecure web sites, using p2p file sharing, etc., is an essential stepto prevent the likelihood of a malware incident from occurring. Computer security
 
personnel will provide training to end users through a series of group training sessions,through regular email bulletins reminding users about common security threats, andthrough an as needed basis via the helpdesk incident reporting system.C.
Outbreak procedures
 
 –
An appropriate type of response should be designed for thevarying degrees of infection frequency, the role of the infected host in relation tobusiness continuity, and the risk of replication. To meet these goals the detailed chartbelow will help computer personnel identify the correct response type.
Infection Frequency:
 
Critical Nature of Host: Risk of replication: Response Type:
<1-2% Low Low 1<1-2% Low High 2<1-2% High Low 2<1-2% High High
3
 2%+ Low Low 22%+ Low High 22%+ High Low
3
 2%+ High High
3
 The following classified response types provide procedural details to respond to malwareoutbreaks and will be used by the appropriate computer personnel to address infections:
Response Type 1
: Helpdesk personnel will contact a representative in the network teamto disable network access to the infected host to prevent the opportunity of the malware

Activity (13)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Yulian Sani liked this
Gaines Arnold liked this
Alan Teo liked this
Jim Burley liked this
pspn liked this
pspn liked this
mmartinovski liked this
Abhishek Tanwar liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->