This papers describes the function of the information security officer in managing the incident. And the response taken by the information security officer and incident response squad is assigned to assist the information security officer. This information security officer trades with the computing machine security events, incidents and suspected information engineering abuses. This papers describes the systematic process for managing the security incident.
INCIDENT TRACKING SYSTEM
The main information officer is approved to take proper steps in reacting to information security menaces. When confronted with multiple coincident security incidents. They will react to the higher degrees of incidents. The security degrees are distributed into three degrees ; they are level1, level2, level3. Degree 1 is solved with in 3-4 hours and degree 2 is solved within 24 hours and degree 3 is solved within 24-48 hours.
The information security officer ( ISO ) serves as the operational lead and leads the probe. The ISO will appeal to information security incident response processs. The section will supply nucleus and accessory members to help the information security officer during the probes.
All the incidence response squad members will be assigned responsibilities based on the incident fortunes. Specific members and their several functions are outlined. The employee must besides inform his/her supervisor instantly. The employees must advise the information security officer if any information has been compromised.
Initial response
The information security officer informs CIO about the state of affairs. A finding is made whether the incident is suspected security incident or confirmed security incident. Then the squad members of ISO are contacted by the ISO. An appreciative of the incident is gained every bit shortly as possible.
RESPONSE STRATEGY
Once the chance of the incident is determined an incident or security analyst develops a response scheme. All the true information is refering the incident, functionality of the compromised system, including the type of onslaught. The end of the response scheme is to supply an blessing response from the information security officer.
Formulate Response Strategy
I.
Type of Attack
The first measure in this subdivision is to find the response scheme and see the nature of incident. These incidents are classified based on how they impact on public presentation of the cloud calculating services on the web. These categorizations are as follows
Presentment
The machines in this degree are to be considered as hazard. The information security officer can observe the menace coming in the hereafter due to this threat..
Examples:
Potential jobs found proactively via web monitoring tools
Degree 1 Incident
Machines at this degree are considered vulnerable to cognize feats and more menaces to the web.the information security officer must take some action or he will be cut off from the web.
Examples:
No antivirus plan has been detected.
Machine is directing spam mails un wittingly.
Degree 2 Incident
Machines at this degree are infected by virus or worm. The ISO must take some action otherwise he will be cut off from the web.
Examples:
Viruss ( i.e. , Sober, Mytob )
Worms ( i.e. , Nimda, MyDoom, CodeRed )
Degree 3 Incident
Machines at this degree are found to be compromised. The ISO must take some action otherwise he will be cut off from the web.
Examples:
Compromised computing machines
Denial of service onslaughts
Rogue DHCP waiters
Dardans
Unauthorized scanning
Assorted Incident
These are the extra incidents caused by the impact and public presentation of the web. They do non harm cause injury to the computing machines or to the webs. These incidents are carefully investigated by the incident research worker.
Examples:
Bandwidth maltreatment
Unauthorized entree to another ‘s files or electronic mail
Copyright misdemeanors
Stolen IP references
Classify the Victim System
Classifying the victim system will assist to make up one’s mind the response scheme, as different schemes will impact the handiness of the victim system
Determine the Appropriate Type of Response
There are different types of options to explicate a response. Some of them are on-line response versus offline response. Restoring operations and placing the aggressor. The selected response will make up one’s mind what actions are taken and which type of declaration is required. There is another type of issue that will impact the response from the beginning. The beginning of the onslaught may impact the company. If there are more issues with the beginning we have to reach the ISO for farther categorization.
Determine the Response Team
Incident research worker addresses the level1, level2, level3, assorted incidents as normal operating processs. I such instance the incident research worker or incident analyst or security analyst can work as incident response squad. Level3 incidents are addressed by critical response squad ( CIRT ) in case so aggregate eruption or via media of extremely confidential information.
