Chapter 3 - 02 - Discuss Network Security Fundamentals - 06_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Incident Handling and Response (IH&R) Team &) A centralized IH&R team will perform vulnerability analysis, establish well-defined security policies, detect indicators of compromise, handle legal issues, manage public relations, and provide proper reports regarding the incident People Involvedin an IH&R Team Information Security Officer (1SO) Responsible for all IH&R activities in the context of overall organizational information security Incident Manager (IM) Analyze and review incident handling processes from managerial and technical perspectives Incident Coordinator Connect different 'stakeholders affected by incidents, such as the incident handling team, the legal team, the human resources team, clients, and vendors Forensic Investigator Responsible for maintaining forensics readiness across an organization and implementing effective IH&R Threat Researcher Supplement security analysts by researching threat intelligence data System Administrator Responsible for working and security of systems Network Administrator Analyze network logs, gather logs of suspicious activity, and help in the detection of incidents at a primary level Internal Auditor Ensure that an organization complies with the regulations, business standards, and laws of its regions of operation Financial Auditor Responsible for calculating the costs involved in an incident Human Resource Responsible for analyzing the human aspects of the disaster and conducting post-event counseling Public Relations Serves as a primary media contact Incident Handling and Response (IH&R) Team An IH&R team is a group of technically skilled people capable of carrying out various functions, such as threat intelligence, evidence analysis, and user investigations. Having a trained IH&R team in an organization reduces not only the losses caused by incidents, but also response time the probability of similar attacks occurring in the future. A centralized IH&R team managed by an incident handler will perform vulnerability analysis, establish well-defined security policies, detect indicators of compromise, handle legal issues, manage public relations, and provide proper reports regarding the incident. People involved in an IH&R team include: Information Security Officer (1SO) An 1SO governs the security posture of an organization and bears responsibility for all IH&R activities in the context of overall organizational information security. The officer is responsible for setting IH&R goals, approving the process, granting permissions, and contacting the stakeholders and other management authorities of the organization. The 1SO must and incident guidance and their actions head all the members of the IH&R team, including the incident manager handler. The officer is also responsible for providing incident handling training to security team members across the organization, evaluating and consequences, and suggesting corrective actions to perfect incident handling. Incident Manager (IM) The IM is responsible for managing all IH&R activities. The IM must be a technical expert with a clear understanding of and experience with handling security issues. The IM will Module 03 Page 441 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 focus on incidents as well as analyze and review incident handling processes from managerial and technical perspectives. He or she must drive the IR team to encourage focused incident containment and recovery. * |Incident Coordinator Incident coordinators connect different stakeholders affected by incidents, such as the incident handling team, the legal team, the human resources team, clients, and vendors. They play a vital role in coordinating between security teams and networking groups, facilitate communication, and keep everyone updated on the status of the incident. The incident coordinator should possess communication and technical skills and have a solid business sense of the organization’s operations. = Forensic Investigator Forensic investigators—experts organizations and law in enforcement the forensic agencies to investigation of investigate and incidents—help prosecute the perpetrators of cybercrimes. They are responsible for maintaining forensics readiness across an organization and implementing effective IH&R. They must also preserve and submit the evidence required to legally prosecute the attackers. = Threat Researcher Threat researchers supplement security analysts by researching threat intelligence data. They gather all details about prevalent incident and security issues and help spread its awareness among users. They also use this information to build or maintain a database of internal intelligence. = System Administrator System administrators look after the working and security of systems and can be very helpful in the IR process—they configure systems and provide and grant access. They can also help in gathering system information, separating the impacted systems from the network, and analyzing system data to detect and verify incidents. They can also facilitate containment and eradication by installing new patches and updates and by upgrading the systems across an organization. They system recovery, and analyzing system logs. = are also responsible for backup, Network Administrator Network administrators are responsible for examining a computer network’s traffic for signs of incidents or attacks, such as DoS, DDoS, firewall breaches, or other malicious forms of code. They install and use network sniffing and capturing tools as well as loggers to identify the network events involved in an attack. They must analyze network logs, gather logs of suspicious activity, and help in the detection of incidents at a primary level. They perform the actions necessary to block network traffic from a suspected intruder. Module 03 Page 442 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Security Fundamentals Exam 212-82 Internal Auditor Internal auditors must ensure that an organization complies with the regulations, business standards, and laws of its regions of operation. They must regularly audit the policies and procedures followed by the organization to maintain information security. They must also ensure that the organization’s systems, devices, and other network resources are up-to-date and compliant with industrial regulations. They must identify and report any security loopholes to management. Financial Auditor Financial auditors are responsible for calculating the costs involved in an incident, such as damages or losses caused by the incident and costs incurred by IH&R. Along these lines, they must notably estimate the cost of cyber insurance and claim it when required. Human Resource The human resources department is responsible for analyzing the human aspects of the disaster and conducting post-event counseling. Notably, it is responsible for tracking, recording, reporting, and compensating the organization’s human resources for all the billable hours related to performing duties throughout the event. It also ensures the submission of records as well as other information related to payroll and keeps track of the records of all injuries along with the investigation results relating to events. Moreover, it is responsible for counseling people after the event and notifying various people, as per organization policy. Public Relations This department serves as a primary media contact and thus informs media about an event. It updates the organization’s website information and monitors media coverage. Along these lines, it is responsible for stakeholder communication, including communications with: o The board o Foundation personnel o Donors o Grantees suppliers/vendors o Media Module 03 Page 443 Certified Cybersecurity Technician Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.