Define Cyber Security Incident Response – Incident response, also known as an IT
incident, computer event, or security incident, is a systematic method of dealing with and
managing the fallout from a security breach or cyberattack. The objective is to approach the
situation in a way that minimizes harm, cuts down on recovery time, and lowers expenses.
Discuss the three steps to Cyber Security Incident Response? According to Lim et al.
(2018), the following are the steps to a cyber security incident;
Establishing a goal and defining what constitutes a successful incident response, in
essence, an event happens when control is lost, whether that's due to a perimeter breach
or a legitimate individual acting improperly, such as tampering with documents or
violating privacy. Therefore, the purpose of incident response is to efficiently locate and
eliminate these risks from your computing environment or your business as a whole,
limiting the harm and rapidly returning to normal operations.
Creating a plan Decide which information is most crucial to your company. Apart from
your employees, make a list of your company's most significant assets and note their
locations. Not certain What do you do for a living, ask? The crown jewels are the key
here.
Take initiative Be honest about the risk and avoid denial. By now, it ought to be obvious
from all the headlines about breaches that there is a serious risk that cyber threats will
harm your company. Ignoring it won't make it go away and, if/when your organization is
compromised, will simply make the damage worse.
Research recent cyber breaches and discuss the cyber “kill” chain for one of the
breaches
3
Recent Cyber Breaches
In June 2022, two recent data breaches were discovered. In one incident, hackers broke
into Shields Health Care Group and took medical records and social security numbers (Seh et al.,
2020). In another, hackers stole 1.5 million Flagstar Bank customers' social security numbers. In
related news, a former Amazon employee who played a part in the 2019 Capital One breach was
found guilty in June 2022. In total, the hacker in question broke into 30 businesses and stole over
100 million people's data.
Cyber Kill Chain
Research done by Straub (2020) supports that the following are the steps to a cyber kill
chain:
Reconnaissance-The attacker or intruder selects their target during the reconnaissance phase.
After that, they thoroughly investigate the target to find any weaknesses that might be exploited.
Weaponization-To take advantage of the target's weaknesses, the intruder creates malware in the
form of a virus, worm, or another weapon in this step. This malware can exploit brand-new,
undiscovered vulnerabilities (also known as zero-day exploits) or it can concentrate on a
combination of different vulnerabilities, depending on the target and the attacker's objectives.
Delivery-The weapon must be transmitted to the target during this phase. For this, the intrusive
party or attacker may use a variety of techniques, including USB drives, email attachments, and
websites.
Exploitation-The malware initiates the action in this stage. The malware's program code is
activated to take advantage of the target's vulnerability or vulnerabilities.
Installation-The malware installs an access point for the intruder or attacker in this step. The
backdoor is another name for this entryway.
4
Control and command-The malware grants access to the network or system to the intruder or
attacker.
Actions on the Goal-Once the attacker or intrusive party has obtained continued access, they
finally take action to achieve their goals, such as ransomware encryption, data theft, or even data
erasure.
For the company involved in step 2, make at least three recommendations to senior
leadership that could avoid breaches in future
Regarding Cain et al. (2018), my suggestions for the businesses involved in step 2 cyber breach
to prevent the cyber breach in the future are;
For those organizations to control who can access their most important data.
For those organizations to provide security awareness training for their employees.
For those organizations to frequently update the software they are using.
For those organizations to create a plan for responding to a cyberattack.
They ought to create secure passwords that are challenging to crack.
5
References
Cain, A. A., Edwards, M. E., & Still, J. D. (2018). An exploratory study of cyber hygiene
behaviors and knowledge. Journal of information security and applications, 42, 36-45.
Lim, H. S. M., & Taeihagh, A. (2018). Autonomous vehicles for smart and sustainable cities: An
in-depth exploration of privacy and cybersecurity implications. Energies, 11(5), 1062.
Seh, A. H., Zarour, M., Alenezi, M., Sarkar, A. K., Agrawal, A., Kumar, R., & Ahmad Khan, R.
(2020, June). Healthcare data breaches: insights and implications. In Healthcare (Vol. 8,
No. 2, p. 133). Multidisciplinary Digital Publishing Institute.
Straub, J. (2020, November). Modeling attack, defense and threat trees and the cyber kill chain,
att&ck and stride frameworks as blackboard architecture networks. In 2020 IEEE
International Conference on Smart Cloud (SmartCloud) (pp. 148-153). IEEE.