Sample IT Paper on Cyber Security Incident Response Guide

Cyber Security Incident Response Guide

Define Cyber Security Incident Response – Incident response, also known as an IT incident, computer event, or security incident, is a systematic method of dealing with and managing the fallout from a security breach or cyberattack. The objective is to approach the situation in a way that minimizes harm, cuts down on recovery time, and lowers expenses.

Discuss the three steps to Cyber Security Incident Response? According to Lim et al. (2018), the following are the steps to a cyber security incident;

  • Establishing a goal and defining what constitutes a successful incident response, in essence, an event happens when control is lost, whether that’s due to a perimeter breach or a legitimate individual acting improperly, such as tampering with documents or violating privacy. Therefore, the purpose of incident response is to efficiently locate and eliminate these risks from your computing environment or your business as a whole, limiting the harm and rapidly returning to normal operations.
  • Creating a plan Decide which information is most crucial to your company. Apart from your employees, make a list of your company’s most significant assets and note their locations. Not certain What do you do for a living, ask? The crown jewels are the key here.
  • Take initiative Be honest about the risk and avoid denial. By now, it ought to be obvious from all the headlines about breaches that there is a serious risk that cyber threats will harm your company. Ignoring it won’t make it go away and, if/when your organization is compromised, will simply make the damage worse.

Research recent cyber breaches and discuss the cyber “kill” chain for one of the breaches

Recent Cyber Breaches

In June 2022, two recent data breaches were discovered. In one incident, hackers broke into Shields Health Care Group and took medical records and social security numbers (Seh et al., 2020). In another, hackers stole 1.5 million Flagstar Bank customers’ social security numbers. In related news, a former Amazon employee who played a part in the 2019 Capital One breach was found guilty in June 2022. In total, the hacker in question broke into 30 businesses and stole over 100 million people’s data.

Cyber Kill Chain

Research done by Straub (2020) supports that the following are the steps to a cyber kill chain:

ReconnaissanceThe attacker or intruder selects their target during the reconnaissance phase. After that, they thoroughly investigate the target to find any weaknesses that might be exploited.

Weaponization-To take advantage of the target’s weaknesses, the intruder creates malware in the form of a virus, worm, or another weapon in this step. This malware can exploit brand-new, undiscovered vulnerabilities (also known as zero-day exploits) or it can concentrate on a combination of different vulnerabilities, depending on the target and the attacker’s objectives.

Delivery-The weapon must be transmitted to the target during this phase. For this, the intrusive party or attacker may use a variety of techniques, including USB drives, email attachments, and websites.

Exploitation-The malware initiates the action in this stage. The malware’s program code is activated to take advantage of the target’s vulnerability or vulnerabilities.

Installation-The malware installs an access point for the intruder or attacker in this step. The backdoor is another name for this entryway.

Control and command-The malware grants access to the network or system to the intruder or attacker.

Actions on the Goal-Once the attacker or intrusive party has obtained continued access, they finally take action to achieve their goals, such as ransomware encryption, data theft, or even data erasure.

For the company involved in step 2, make at least three recommendations to senior leadership that could avoid breaches in future

Regarding Cain et al. (2018), my suggestions for the businesses involved in step 2 cyber breach to prevent the cyber breach in the future are;

  • For those organizations to control who can access their most important data.
  • For those organizations to provide security awareness training for their employees.
  • For those organizations to frequently update the software they are using.
  • For those organizations to create a plan for responding to a cyberattack.
  • They ought to create secure passwords that are challenging to crack.

 

 

 

References

Cain, A. A., Edwards, M. E., & Still, J. D. (2018). An exploratory study of cyber hygiene behaviors and knowledge. Journal of information security and applications42, 36-45.

Lim, H. S. M., & Taeihagh, A. (2018). Autonomous vehicles for smart and sustainable cities: An in-depth exploration of privacy and cybersecurity implications. Energies11(5), 1062.

Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Ahmad Khan, R. (2020, June). Healthcare data breaches: insights and implications. In Healthcare (Vol. 8, No. 2, p. 133). Multidisciplinary Digital Publishing Institute.

Straub, J. (2020, November). Modeling attack, defense and threat trees and the cyber kill chain, att&ck and stride frameworks as blackboard architecture networks. In 2020 IEEE International Conference on Smart Cloud (SmartCloud) (pp. 148-153). IEEE.