Professional Documents
Culture Documents
Why is it important?
What is an incident?
Fundamentals
The Six Step process
Legal issues
Incident Handling is an action plan for
dealing with intrusions, cyber-theft, denial of
service, malicious code, fire, floods, and
other security-related events.
◦ Policy ◦ Transportation
◦ People ◦ Space
◦ Data ◦ Power and
Environment control
◦ Software/Hardware
◦ Documentation
◦ Communication
◦ Supplies
Be Calm
Take Notes,Logs,etc..
◦ Hand Written Notes are a great Help
◦ Use Time Stamps in the Notes.
Management Support
◦ Regular Reports (Preferred Monthly)
◦ Graphically illustrated Reports
Build An Incident Handling Team
◦ Identify qualified People
◦ Multi- disciplinary Team is the best
Network
Security
Operations
Systems
HR
Prepare System Built Checklist
◦ Procedures of Backing Up and Rebuilding systems
Getting Access to systems and Data
◦ Incident Handling Team Need to have access the
System(Even without notifying system admins)
◦ Strike a Bargain with the Operation Team
Establish a War Room
Train The Team
◦ Conduct training scenarios
◦ Deploy an internal Honey Pot
Conduct War Games
◦ Pen Tests
◦ Do This with more experienced teams
Cultivate Good Relationships
◦ Helpdesk
◦ Sys admins , network admins
Get a bag and load it with items that you
might use in an incident.
Host Detection
System detection
IDS tool has an alert
Unexplained entries in a log file
Failed events, such as logon
Unexplained events (new accounts)
System reboots
Poor performance
SANS -Windows cheat sheet