SlideShare a Scribd company logo

SEC440: Incident Response Plan

Download as DOCX, PDF
Thomas Christopher Ty
Thomas Christopher Ty

This is a text submitted in fulfillment for the coursework SEC440 at DeVry University.

Technology
1 of 10
DeVry University College of Engineering and Information Sciences Alhambra, California Proposal: Standard Operating Procedures for Security Breach By Thomas Christopher Go Ty Submitted in Partial Fulfillment of the Course Requirements for Information Systems Security Planning and Audit SEC440 Professor John Freund August 10, 2014
Standard Operating Procedure for Security Breach Experienced attackers will exploit even the simplest and neglected practice to get its hands on the target. Due to the potential risk of exploitation and prevent spamming that may lead to the possibility of Denial of Service (DoS) or Distributed Denial of Service (DDos) attacks on the email server. It is encouraged to part ways from the previous practice of having a company’s general email address in the organization’s official Web site for inbound communications. The general email address may be in the Contact Us or About Us Web pages. Email Proper Usage The practice of having the email address laid out on the Web page can be risky to spider harvesting or email address harvesting. An alternative of using a “Contact Us” button that will open a window with a list of email clients and providers can reduce email spams received by the email server. Not all threats can be detected even with an email filtering program implemented and a real-time email scanning to detect threats. The danger of setting the email filtering program to high can result in missing valid emails messages from being received by the recipient. Setting the security low can result in receiving high quantities of spam emails. It is recommended to set any security settings to its optimum level. Implementing optimum level security may have some exceptions especially when it comes on physical locations.
Physical Security Some locations within the company’s premises stores confidential data and information that may include storage rooms for anything related to money and other financial information of the clients, employees, shareholders, other stakeholders, and the organization itself. Theft can lead to fraudulent activities that may cause the company to suffer from legal consequences like law suites, fines from the United States government, and the most serious is the company closing its doors. Not well-known to the general public is the method of gathering information called social engineering. Social engineering is mostly done using observation of physical factors such as employees who wears their I.D. cards while out of the company and leaving documents in plain sight on public places and in vehicles. While many will argue worrying leaving things and documents in plain sight inside a vehicle is unjustified; the law enforcement of the State of Colorado in the City of Boulder strongly advises everyone to “Never leave valuables in plain view, even if your car is locked. Put them in the trunk or otherwise out of sight.” (Colorado Police Department) It is estimated the value of stolen vehicles exceeds $8,000,000,000.00. Sample Policy Document The following is a prototype of security policies concerning proper email usage and physical security. ---------------------------------- Sample Policy Document (beginning) -------------------------------- Securing communications and physical security Objective
This text will give a set the policies on acceptable email, secure physical locations, and respond to incidents of security breach. Purpose The policies mentioned in this text shall provide guidance to avoid and reduce security breaches perpetrated by attackers that takes advantage on lax email use and employees’ situational awareness. In addition, to protect the Organization’s assets and reduce liabilities, an incident response policy is also in this text. Audience The policies outlined here in the document are for all entities working for the Organization. Policy 1. Communications Use of E-Mail a. Client or End-Users The use of the organization’s email will only be for business related communications.  Chain emails and other similar forms of spamming are prohibited.  The email address field ‘BCC’ or blind carbon copy will only be used as needed or necessary.
 Properly logout of the Organization’s Web mail when using a public computer; delete cookies and close the Web browser as a precaution.  Always use a proper email signature for responses and forwarding of emails.  Avoid a “rainbow” email where there are excessive multiple font color are in the contents of the email itself. b. Server End  Non-active, dummy, and default email accounts will be disabled  Email filtering and real-time email scanning will be implemented  Software updates will be initiated to the Web and email servers as soon as the updates become available from the software vendor. c. Public Communications Public communications include receiving emails from external entities inquiring regarding any service, products, and concerns regarding the Organization. 2. Physical Security Physical security policies are to be followed by all employees including mobile workers.  For all employees: Do not leave any documents laid around in plain sight at public places such as restaurants, airports, cafes, and hotels and even in vehicles.
 The use of notebook privacy screens or privacy filter is a must if need to open any electronic documents while in public places.  Do not leave unattended under any circumstances any bags (backpacks, suitcases, messenger bags, etc.) containing documents relating to the Organization and or notebooks containing the Organization’s data.  Do not post the Organization’s building layout on public forums.  Employees must wear their identification cards (I.D. cards) issued by the Organization while at work.  Employees are prohibited from wearing I.D. cards issued by the Organization outside of the workplace.  All rooms that stores sensitive and confidential information will be locked.  Only authorized personnel are allowed to enter the server room and other locations within the Organization’s geographic location.  All guests and visitors are required to be escorted by authorized personnel and have a guest/visitor I.D. card visibly worn while in the premises. Exception No one is exempted from the policies outlined herein. Enforcement The mentioned policies in this text shall be strictly enforced. Failure to follow the policies outlined in the text will be subject to disciplinary actions that may not be limited to the following.  Employment suspension without pay
 Employment termination or separation  Legal actions and suits Definition of Terms Organization – a business entity where the employee works and is different from business owners and shareholders End-user – referring to the stakeholders of the Organization External entities – individuals or groups not directly related to the company Public forums – any place or location, physically or on the Web, that the public can freely access Business owners, shareholders, stakeholders, employees – referring all entities working for the Organization Revision History References Frei, Stephan, Silvestri, Ivo, Ollman, Gunter. Mail Non-Delivery Notice Attacks. Retrieved from http://www.techzoom.net/publications/mail-non-delivery- attack/index.en National Institute of Standards and Technology (September 2012). Guide for Conducting Risk Assessments. Retrieved from http://csrc.nist.gov/publications/ nistpubs/800-30-rev1/sp800_30_r1.pdf ---------------------------------- Sample Policy Document (end) --------------------------------
Incident Response When a disaster or an incident strikes, having an incident response plan reduces downtime in operations compared to having none at all. Can you imagine what the world will be if there are no firefighters to combat fire and emergency medical technicians (EMTs) for ambulatory services? While each field has its own set of policies and response guidelines, the same goal can be reflected. That is, to respond to each succeeding incidents better than the last one. In the field of information security, it is the same goal but the specifics are different. The general idea is to have initial assessment, isolate, communicate, recover, re-assessment, and review. Initial assessment will show the initial damage and overview of the incident. This will help in executing an appropriate response instead of second guessing avoiding loss of precious time and decreasing costs for the organization. The longer the downtime the higher the cost it can create for the company. That is especially true for an environment like call centers that contracts service providers for its business. Long downtimes will create a friction between the two businesses and possibly a breach of contract and a lawsuit by service provider to the call center management for not delivering as stated in the contract. Isolating the problem can prevent further damage in addition to the damage already done in the company. The incident response team can then focus on the problem and not “run around”. In addition to isolation, it is important to communicate with each member of the team and with other stakeholders within the company avoiding
miscommunication and unnecessary actions. The recovery phase reinstates the information systems to its working and stable operating conditions. The system can be restored from a backup (tape backups) or redirect the operations to an existing system that is on standby. The latter is more costly to implement than tape backups. After the operation is back to stable condition, a reassessment of the damage and a review of the existing security policies and documents are done. That is, to revise the pre-existing policies and documents as needed. Conclusion Although there is no one-hundred percent secure systems in existent. The risk and damage from security breaches can be reduced or avoided if proper actions are taken. Even the simplest and neglected practices by the general public can be used by an experienced attacker against any company, group, or individual to obtain the attacker’s goal. Proper behavior and use of company resources are the beginning to a more secure information system.
Works Cited Safety for your Vehicle. Retrieved from https://bouldercolorado.gov/police/ safety-for-your-vehicle Frei, Stephan, Silvestri, Ivo, Ollman, Gunter. Mail Non-Delivery Notice Attacks. Retrieved from http://www.techzoom.net/publications/mail-non-delivery- attack/index.en National Institute of Standards and Technology (September 2012). Guide for Conducting Risk Assessments. Retrieved from http://csrc.nist.gov/publications/ nistpubs/800-30-rev1/sp800_30_r1.pdf TechNet. Responding to IT Security Incidents. Retrieved from http://technet. microsoft.com/en-us/library/cc700825.aspx#XSLTsection125121120120

Recommended

Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016Ashley Deuble
 
Incident response process
Incident response processIncident response process
Incident response processBhupeshkumar Nanhe
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider ThreatMurray Security Services
 
Incident response
Incident responseIncident response
Incident responseAnshul Gupta
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 

Recommended

Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Craft Your Cyber Incident Response Plan (Before It's Too Late)
Craft Your Cyber Incident Response Plan (Before It's Too Late)Resilient Systems
 
Incident Response
Incident Response Incident Response
Incident Response InnoTech
 
The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016The Six Stages of Incident Response - Auscert 2016
The Six Stages of Incident Response - Auscert 2016Ashley Deuble
 
Incident response process
Incident response processIncident response process
Incident response processBhupeshkumar Nanhe
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider ThreatMurray Security Services
 
Incident response
Incident responseIncident response
Incident responseAnshul Gupta
 
Proactive incident response
Proactive incident responseProactive incident response
Proactive incident responseBrian Honan
 
Setting up CSIRT
Setting up CSIRTSetting up CSIRT
Setting up CSIRTAPNIC
 
It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2Marneil Sanchez
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.finalahmad abdelhafeez
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramResilient Systems
 
The red book
The red book The red book
The red book habiba Elmasry
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chainTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And SecurityConstantine Karbaliotis
 
Ht t17
Ht t17Ht t17
Ht t17SelectedPresentations
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatAndrew Case
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasuresKAMRAN KHALID
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatResilient Systems
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical SecurityJorge Sebastiao
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 
Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To PrepareResilient Systems
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response Darren Pauli
 

More Related Content

What's hot

Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramResilient Systems
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider ThreatsLancope, Inc.
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatAndrew Case
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasuresKAMRAN KHALID
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatResilient Systems
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical SecurityJorge Sebastiao
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes ObserveIT
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider ThreatPECB
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security ManagementJonathan Coleman
 

What's hot (20)

It and-cyber-module-2
It and-cyber-module-2It and-cyber-module-2
It and-cyber-module-2
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.final
 
Tripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale PetersonTripwire Energy Working Group Session w/Dale Peterson
Tripwire Energy Working Group Session w/Dale Peterson
 
How to Build a Successful Incident Response Program
How to Build a Successful Incident Response ProgramHow to Build a Successful Incident Response Program
How to Build a Successful Incident Response Program
 
The red book
The red book The red book
The red book
 
Identify and Stop Insider Threats
Identify and Stop Insider ThreatsIdentify and Stop Insider Threats
Identify and Stop Insider Threats
 
Insider threat kill chain
Insider threat kill chainInsider threat kill chain
Insider threat kill chain
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
Ht t17
Ht t17Ht t17
Ht t17
 
Proactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider ThreatProactive Measures to Defeat Insider Threat
Proactive Measures to Defeat Insider Threat
 
Insider threats and countermeasures
Insider threats and countermeasuresInsider threats and countermeasures
Insider threats and countermeasures
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot SeatData Breach Crisis Control – How to Communicate When You’re in the Hot Seat
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical Security
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
 
How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes How to Build an Insider Threat Program in 30 Minutes
How to Build an Insider Threat Program in 30 Minutes
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutions
 
12 security policies
12 security policies12 security policies
12 security policies
 
MIS: Information Security Management
MIS: Information Security ManagementMIS: Information Security Management
MIS: Information Security Management
 

Viewers also liked

Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To PrepareResilient Systems
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response Darren Pauli
 
Sec440: Server Malware Protection Policy
Sec440: Server Malware Protection PolicySec440: Server Malware Protection Policy
Sec440: Server Malware Protection PolicyThomas Christopher Ty
 
Incident Response and SAP Systems
Incident Response and SAP SystemsIncident Response and SAP Systems
Incident Response and SAP SystemsOnapsis Inc.
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...AlienVault
 
Incident Response Swimlanes
Incident Response SwimlanesIncident Response Swimlanes
Incident Response SwimlanesDaniel P Wallace
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response TriageAlbert Hui
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureOllie Whitehouse
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016IBM Security
 

Viewers also liked (10)

Incident Response: How To Prepare
Incident Response: How To PrepareIncident Response: How To Prepare
Incident Response: How To Prepare
 
The Six Stages of Incident Response
The Six Stages of Incident Response The Six Stages of Incident Response
The Six Stages of Incident Response
 
Sec440: Server Malware Protection Policy
Sec440: Server Malware Protection PolicySec440: Server Malware Protection Policy
Sec440: Server Malware Protection Policy
 
Incident Response and SAP Systems
Incident Response and SAP SystemsIncident Response and SAP Systems
Incident Response and SAP Systems
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera... SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
 
Incident Response Swimlanes
Incident Response SwimlanesIncident Response Swimlanes
Incident Response Swimlanes
 
Incident Response Triage
Incident Response TriageIncident Response Triage
Incident Response Triage
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics Lecture
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 20165 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
 

Similar to SEC440: Incident Response Plan

Liberteks | Prevent rogue access on your SMB IT network
Liberteks | Prevent rogue access on your SMB IT networkLiberteks | Prevent rogue access on your SMB IT network
Liberteks | Prevent rogue access on your SMB IT networkLiberteks
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guideMark Bennett
 
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou MilradLou Milrad
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141sraina2
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Xevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information SecurityXevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information SecurityMichael Xevgenis
 
1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docx1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docxoswald1horne84988
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
Chapter 3 Evaluating RiskTermsRiskHow l.docx
Chapter 3 Evaluating RiskTermsRiskHow l.docxChapter 3 Evaluating RiskTermsRiskHow l.docx
Chapter 3 Evaluating RiskTermsRiskHow l.docxketurahhazelhurst
 
Chapter 3 Evaluating RiskTermsRiskHow l.docx
Chapter 3 Evaluating RiskTermsRiskHow l.docxChapter 3 Evaluating RiskTermsRiskHow l.docx
Chapter 3 Evaluating RiskTermsRiskHow l.docxwalterl4
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 
REVIEW OF GOOGLE’S CYBER SECURITY POLICYNAMEINSTRUCTOR’S N.docx
REVIEW OF GOOGLE’S CYBER SECURITY POLICYNAMEINSTRUCTOR’S N.docxREVIEW OF GOOGLE’S CYBER SECURITY POLICYNAMEINSTRUCTOR’S N.docx
REVIEW OF GOOGLE’S CYBER SECURITY POLICYNAMEINSTRUCTOR’S N.docxjoellemurphey
 
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEIJNSA Journal
 
Company code of conduct (IT related)
Company code of conduct (IT related)Company code of conduct (IT related)
Company code of conduct (IT related)Wissam Abdel Baki
 

Similar to SEC440: Incident Response Plan (20)

Liberteks | Prevent rogue access on your SMB IT network
Liberteks | Prevent rogue access on your SMB IT networkLiberteks | Prevent rogue access on your SMB IT network
Liberteks | Prevent rogue access on your SMB IT network
 
08 pdf show-239
08 pdf show-23908 pdf show-239
08 pdf show-239
 
Cyber security guide
Cyber security guideCyber security guide
Cyber security guide
 
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
10 Legal Challenges in Creating a BYOD Policy - Lou Milrad
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
Corporate ethics
Corporate ethicsCorporate ethics
Corporate ethics
 
Rules of Behavior
Rules of BehaviorRules of Behavior
Rules of Behavior
 
PACE-IT: Security Policies and Other Documents
PACE-IT: Security Policies and Other DocumentsPACE-IT: Security Policies and Other Documents
PACE-IT: Security Policies and Other Documents
 
InformationSecurity_11141
InformationSecurity_11141InformationSecurity_11141
InformationSecurity_11141
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
 
Xevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information SecurityXevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information Security
 
1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docx1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docx
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
 
Chapter 3 Evaluating RiskTermsRiskHow l.docx
Chapter 3 Evaluating RiskTermsRiskHow l.docxChapter 3 Evaluating RiskTermsRiskHow l.docx
Chapter 3 Evaluating RiskTermsRiskHow l.docx
 
Chapter 3 Evaluating RiskTermsRiskHow l.docx
Chapter 3 Evaluating RiskTermsRiskHow l.docxChapter 3 Evaluating RiskTermsRiskHow l.docx
Chapter 3 Evaluating RiskTermsRiskHow l.docx
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 
REVIEW OF GOOGLE’S CYBER SECURITY POLICYNAMEINSTRUCTOR’S N.docx
REVIEW OF GOOGLE’S CYBER SECURITY POLICYNAMEINSTRUCTOR’S N.docxREVIEW OF GOOGLE’S CYBER SECURITY POLICYNAMEINSTRUCTOR’S N.docx
REVIEW OF GOOGLE’S CYBER SECURITY POLICYNAMEINSTRUCTOR’S N.docx
 
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATEENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
ENHANCING INFRASTRUCTURE SECURITY IN REAL ESTATE
 
Company code of conduct (IT related)
Company code of conduct (IT related)Company code of conduct (IT related)
Company code of conduct (IT related)
 

Recently uploaded

Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 

Recently uploaded (20)

Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 

SEC440: Incident Response Plan

  • 1. DeVry University College of Engineering and Information Sciences Alhambra, California Proposal: Standard Operating Procedures for Security Breach By Thomas Christopher Go Ty Submitted in Partial Fulfillment of the Course Requirements for Information Systems Security Planning and Audit SEC440 Professor John Freund August 10, 2014
  • 2. Standard Operating Procedure for Security Breach Experienced attackers will exploit even the simplest and neglected practice to get its hands on the target. Due to the potential risk of exploitation and prevent spamming that may lead to the possibility of Denial of Service (DoS) or Distributed Denial of Service (DDos) attacks on the email server. It is encouraged to part ways from the previous practice of having a company’s general email address in the organization’s official Web site for inbound communications. The general email address may be in the Contact Us or About Us Web pages. Email Proper Usage The practice of having the email address laid out on the Web page can be risky to spider harvesting or email address harvesting. An alternative of using a “Contact Us” button that will open a window with a list of email clients and providers can reduce email spams received by the email server. Not all threats can be detected even with an email filtering program implemented and a real-time email scanning to detect threats. The danger of setting the email filtering program to high can result in missing valid emails messages from being received by the recipient. Setting the security low can result in receiving high quantities of spam emails. It is recommended to set any security settings to its optimum level. Implementing optimum level security may have some exceptions especially when it comes on physical locations.
  • 3. Physical Security Some locations within the company’s premises stores confidential data and information that may include storage rooms for anything related to money and other financial information of the clients, employees, shareholders, other stakeholders, and the organization itself. Theft can lead to fraudulent activities that may cause the company to suffer from legal consequences like law suites, fines from the United States government, and the most serious is the company closing its doors. Not well-known to the general public is the method of gathering information called social engineering. Social engineering is mostly done using observation of physical factors such as employees who wears their I.D. cards while out of the company and leaving documents in plain sight on public places and in vehicles. While many will argue worrying leaving things and documents in plain sight inside a vehicle is unjustified; the law enforcement of the State of Colorado in the City of Boulder strongly advises everyone to “Never leave valuables in plain view, even if your car is locked. Put them in the trunk or otherwise out of sight.” (Colorado Police Department) It is estimated the value of stolen vehicles exceeds $8,000,000,000.00. Sample Policy Document The following is a prototype of security policies concerning proper email usage and physical security. ---------------------------------- Sample Policy Document (beginning) -------------------------------- Securing communications and physical security Objective
  • 4. This text will give a set the policies on acceptable email, secure physical locations, and respond to incidents of security breach. Purpose The policies mentioned in this text shall provide guidance to avoid and reduce security breaches perpetrated by attackers that takes advantage on lax email use and employees’ situational awareness. In addition, to protect the Organization’s assets and reduce liabilities, an incident response policy is also in this text. Audience The policies outlined here in the document are for all entities working for the Organization. Policy 1. Communications Use of E-Mail a. Client or End-Users The use of the organization’s email will only be for business related communications.  Chain emails and other similar forms of spamming are prohibited.  The email address field ‘BCC’ or blind carbon copy will only be used as needed or necessary.
  • 5.  Properly logout of the Organization’s Web mail when using a public computer; delete cookies and close the Web browser as a precaution.  Always use a proper email signature for responses and forwarding of emails.  Avoid a “rainbow” email where there are excessive multiple font color are in the contents of the email itself. b. Server End  Non-active, dummy, and default email accounts will be disabled  Email filtering and real-time email scanning will be implemented  Software updates will be initiated to the Web and email servers as soon as the updates become available from the software vendor. c. Public Communications Public communications include receiving emails from external entities inquiring regarding any service, products, and concerns regarding the Organization. 2. Physical Security Physical security policies are to be followed by all employees including mobile workers.  For all employees: Do not leave any documents laid around in plain sight at public places such as restaurants, airports, cafes, and hotels and even in vehicles.
  • 6.  The use of notebook privacy screens or privacy filter is a must if need to open any electronic documents while in public places.  Do not leave unattended under any circumstances any bags (backpacks, suitcases, messenger bags, etc.) containing documents relating to the Organization and or notebooks containing the Organization’s data.  Do not post the Organization’s building layout on public forums.  Employees must wear their identification cards (I.D. cards) issued by the Organization while at work.  Employees are prohibited from wearing I.D. cards issued by the Organization outside of the workplace.  All rooms that stores sensitive and confidential information will be locked.  Only authorized personnel are allowed to enter the server room and other locations within the Organization’s geographic location.  All guests and visitors are required to be escorted by authorized personnel and have a guest/visitor I.D. card visibly worn while in the premises. Exception No one is exempted from the policies outlined herein. Enforcement The mentioned policies in this text shall be strictly enforced. Failure to follow the policies outlined in the text will be subject to disciplinary actions that may not be limited to the following.  Employment suspension without pay
  • 7.  Employment termination or separation  Legal actions and suits Definition of Terms Organization – a business entity where the employee works and is different from business owners and shareholders End-user – referring to the stakeholders of the Organization External entities – individuals or groups not directly related to the company Public forums – any place or location, physically or on the Web, that the public can freely access Business owners, shareholders, stakeholders, employees – referring all entities working for the Organization Revision History References Frei, Stephan, Silvestri, Ivo, Ollman, Gunter. Mail Non-Delivery Notice Attacks. Retrieved from http://www.techzoom.net/publications/mail-non-delivery- attack/index.en National Institute of Standards and Technology (September 2012). Guide for Conducting Risk Assessments. Retrieved from http://csrc.nist.gov/publications/ nistpubs/800-30-rev1/sp800_30_r1.pdf ---------------------------------- Sample Policy Document (end) --------------------------------
  • 8. Incident Response When a disaster or an incident strikes, having an incident response plan reduces downtime in operations compared to having none at all. Can you imagine what the world will be if there are no firefighters to combat fire and emergency medical technicians (EMTs) for ambulatory services? While each field has its own set of policies and response guidelines, the same goal can be reflected. That is, to respond to each succeeding incidents better than the last one. In the field of information security, it is the same goal but the specifics are different. The general idea is to have initial assessment, isolate, communicate, recover, re-assessment, and review. Initial assessment will show the initial damage and overview of the incident. This will help in executing an appropriate response instead of second guessing avoiding loss of precious time and decreasing costs for the organization. The longer the downtime the higher the cost it can create for the company. That is especially true for an environment like call centers that contracts service providers for its business. Long downtimes will create a friction between the two businesses and possibly a breach of contract and a lawsuit by service provider to the call center management for not delivering as stated in the contract. Isolating the problem can prevent further damage in addition to the damage already done in the company. The incident response team can then focus on the problem and not “run around”. In addition to isolation, it is important to communicate with each member of the team and with other stakeholders within the company avoiding
  • 9. miscommunication and unnecessary actions. The recovery phase reinstates the information systems to its working and stable operating conditions. The system can be restored from a backup (tape backups) or redirect the operations to an existing system that is on standby. The latter is more costly to implement than tape backups. After the operation is back to stable condition, a reassessment of the damage and a review of the existing security policies and documents are done. That is, to revise the pre-existing policies and documents as needed. Conclusion Although there is no one-hundred percent secure systems in existent. The risk and damage from security breaches can be reduced or avoided if proper actions are taken. Even the simplest and neglected practices by the general public can be used by an experienced attacker against any company, group, or individual to obtain the attacker’s goal. Proper behavior and use of company resources are the beginning to a more secure information system.
  • 10. Works Cited Safety for your Vehicle. Retrieved from https://bouldercolorado.gov/police/ safety-for-your-vehicle Frei, Stephan, Silvestri, Ivo, Ollman, Gunter. Mail Non-Delivery Notice Attacks. Retrieved from http://www.techzoom.net/publications/mail-non-delivery- attack/index.en National Institute of Standards and Technology (September 2012). Guide for Conducting Risk Assessments. Retrieved from http://csrc.nist.gov/publications/ nistpubs/800-30-rev1/sp800_30_r1.pdf TechNet. Responding to IT Security Incidents. Retrieved from http://technet. microsoft.com/en-us/library/cc700825.aspx#XSLTsection125121120120