Professional Documents
Culture Documents
Incident Management
Learning Objectives
It is an adverse event that can cause damage to an organization’s assets, reputation, or personnel.
Incident Management
Incident
ITIL 2011
Incident Management
It is a set of instructions to help IT staff detect, respond to, and recover from network
security incidents.
300 billion passwords
exist worldwide in 2020
Prevent occurrence
Who, How, When, Occurs at various
of similar incidents
Why levels
Incident Response Metrics
Mentoring teams
Formal training
Gap Analysis
Current state
Desired state
Digital forensics is the process of revealing and interpreting electronic data, which recovers and
investigates the information found in digital devices.
Goal of Digital Forensics
Goal: Preserve any evidence in its most original form while performing a structured investigation.
Forensic Process Best Practices
Network analysis
Media analysis
Hardware/Embedded device
review
Forensics Investigative Assessment Types
Network analysis
Software analysis
Hardware/Embedded device
review
Registry Volume shadow
analysis analysis
Forensics Investigative Assessment Types
Network analysis
Media analysis
Hardware/Embedded device
review
Forensics Investigative Assessment Types
Network analysis
Media analysis
Dedicated Dedicated
Software analysis appliance Firmware memory
attack points inspections
Hardware/Embedded device
review
Digital Evidence
Relevant Complete
The evidence
should be:
Sufficient Reliable
Evidence Life Cycle
7 Phases
Seven Phases of a Business Continuity Plan
Train personnel
Acceptable
risk
Business
impact
analysis
Structure and Critical IT and
culture physical resources
Disaster Recovery Sites
It is the maximum desired length of time allowed between an unexpected failure and the
resumption of normal operations.
Recovery Point Objective
Hot site
Disaster Recovery Testing
Flexibility
Performance
Cost
Reliability
Scalability
Virtualization
It adds a software layer between an operating system and underlying computer hardware.
Virtualization
Pros Cons
It uses host machines to help maximize the effective use of computing resources.
It is an instance of a desktop operating system that It refers to a virtual machine that is installed,
runs on a centralized server. executed, and hosted on the local physical machine.
Case Study: Hypervisor Attack
This is the software code which can be installed as a thin hypervisor to control the machine
under it and intercept the communication between the guest machine and the host machine.
Blue Pill
Cloud Computing
It is the use of remote servers on the internet to store, manage, and process data.
Cloud Computing Characteristics
Broad network
access
Measured services
Rapid elasticity
On-demand
Resource access
pooling
Infrastructure
as a Service or
IaaS
Cloud computing
can be broken
down into three
main services:
Software as Platform as
a Service or a service or
SaaS PaaS
Categorization of Cloud: Deployment Categories
Public cloud
Private cloud
Hybrid cloud
Community cloud
Categorization of Cloud: Deployment Categories
Public cloud
Private cloud
Hybrid cloud
Community cloud
Categorization of Cloud: Deployment Categories
Public cloud
Private cloud
Hybrid cloud
Community cloud
Categorization of Cloud: Deployment Categories
Public cloud
Government Country
Private cloud
Community cloud
Cloud Security Challenges
Multitenancy Privacy
Multiple Virtualization
jurisdiction complexity
Bring Your Own Device
BYOT BYOPC
Bring your own Bring your own
technology personal computer
BYOP
Bring your own
phone
Bring Your Own Device: Security
Internet of Things (IoT) is the network of devices that connect, interact, and
exchange data.
IoT Security Challenges