Northwestern Polytechnic Operation Security Discussion
Below are the guidelines that needs to be taken into consideration to build action plan and attached word document is the Project that needs to be completed!
On a Tuesday morning, a new worm is released; it spreads itself through removable media, and it can copy itself to open Windows shares. When the worm infects a host, it installs a DDoS agent. The COMPUTER SECURITY INCIDENT HANDLING GUIDE 54 organization has already incurred widespread infections before antivirus signatures become available several hours after the worm started to spread. The following are additional questions for this scenario:
1. How would the incident response team identify all infected hosts?
2. How would the organization attempt to prevent the worm from entering the organization before antivirus signatures were released?
3. How would the organization attempt to prevent the worm from being spread by infected hosts before antivirus signatures were released?
4. Would the organization attempt to patch all vulnerable machines? If so, how would this be done?
5. How would the handling of this incident change if infected hosts that had received the DDoS agent had been configured to attack another organization’s website the next morning?
6. How would the handling of this incident change if one or more of the infected hosts contained sensitive personally identifiable information regarding the organization’s employees?
7. How would the incident response team keep the organization’s users informed about the status of the incident?
8. What additional measures would the team perform for hosts that are not currently connected to the network (e.g., staff members on vacation, offsite employees who connect occasionally)?