SANS 应急响应处理手册 incident-handlers-handbook 英文版SANS Institute Information Security Reading Room m o Incident Handler's Handbook ______________________________ Patrick Kral c . 5 h t i g b u Copyright SANS Institute 2020. Author Retains Full Rights. This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. © 20 12 SA NS I ns t i t ut e, Au t ho rr et ai ns f ul lr i gh t s. The  Incident  Handlers  Handbook   The Incident Handlers Handbook GIAC (GCIH) Gold Certification c . 5 Author: Patrick Kral, patrick.kral@gmail.com Advisor: Dr. Craig Wright m o b u Accepted: December 5th, 2011 h t i g Abstract     One  of  the  greatest  challenges  facing  today’s  IT  professionals  is  planning  and  preparing   for  the  unexpected,  especially  in  response  to  a  security  incident.  An  incident  is   described  as  any  violation  of  policy,  law,  or  unacceptable  act  that  involves  information   assets,  such  as  computers,  networks,  smartphones,  etc  (Bejtlich,  2005).  The  scope  of   this  document  is  limited  to  the  six  phases  of  the  incident  handling  process  ("Incident   handling  step-­‐by-­‐step,"  2011)  and  providing  the  basic  information  necessary  as  to  what   each  step  entails.  Its  overall  purpose  is  to  provide  the  basic  foundation  for  IT   professionals  and  managers  to  be  able  to  create  their  own  incident  response  policies,   standards,  and  teams  within  their  organizations.  This  document  will  also  include  an   incident  handler’s  checklist  (template)  that  one  can  use  to  ensure  that  each  of  the   incident  response  steps  is  being  followed  during  an  incident.   Patrick  Kral       1   ©2012TheSANSI nst i t ut e Keyf horr et ai nsf ul l r i ght s. i nger pr i nt=AF19FA272F94998DFDB5DE3DF8B506E4A1694E46 Aut The  Incident  Handlers  Handbook   1. Introduction © 20 12 SA NS I ns t i t ut e, Au t ho rr et ai ns f ul lr i gh t s. An incident is a matter of when, not if, a compromise or violation of an organization’s security will happen. The preparation of the Computer Incident Response Team (CIRT) through planning, communication, and practice of the incident response process will provide the necessary experience needed should an incident occur within your organization. Each phase from preparation to lessons learned is extremely beneficial to follow in sequence, as each one builds upon the other. The following phases will provide a basic foundation to be able to perform incident response and allow one to create their own incident response plan. m o 2. Preparation c . 5 This phase as its name implies deals with the preparing a team to be ready to handle an incident at a moment’s notice. An incident can range from anything such as a power outage or b u hardware failure to the most extreme incidents such as a violation of organizational policy by disgruntled employees or being hacked by state sponsored hackers (Bejtlich, 2005). Regardless h t i g of the cause of the incident preparation is the most crucial phase compared to all of the others, as it will determine how well your team will be able to respond in the event of a crises. There are several key elements to have implemented in this phase in order to help mitigate any potential problems that may hinder one’s ability to handle an incident. For the sake of brevity, the following should be performed: a. Policy – a policy provides a written set of principles, rules, or practices within an organization; it is one of the keystone elements that provide guidance as to whether an incident has occurred in an organization. A login banner can be one way to ensure that individuals attempting to log into an organization’s network will be aware of what is expected when utilizing an organization’s information assets; for example the login banner (dependent upon the local jurisdiction on privacy) can state that all activities will be monitored and any unauthorized users may civil or criminal penalties, etc. Without clear policies, one could leave their organization legally vulnerable to law suits, such as an employee being fired for look

pdf文档 SANS 应急响应处理手册 incident-handlers-handbook 英文版

安全文档 > 安全培训 > > 文档预览
20 页 2 下载 43 浏览 0 评论 0 收藏 3.0分
温馨提示:当前文档最多只能预览 7 页,若文档总页数超出了 7 页,请下载原文档以浏览全部内容。
本文档由 路人甲2022-07-02 11:15:00上传分享
给文档打分
您好可以输入 255 个字符
github5文库的中文名是什么?( 答案:github5 )
评论列表
  • 暂时还没有评论,期待您的金玉良言