Vulnerability testing tools that simulate realworld

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ing facility, or applying a patch. This is properly called “following recovery procedures,” because just arbitrarily making a change to the environment may introduce more problems. The recovery procedures may state that a new image needs to be installed, backup data needs to be restored, the system needs to be tested, and all configurations must be properly set. Regardless of the specifics of the recovery procedures, before an affected system is returned to production, you must first ensure that it can withstand another attack. It doesn’t take long for word to get out within the hacker community that a weak system is online. Trained information security personnel should test the system for vulnerabilities to provide information assurance. Vulnerability testing tools that simulate realworld attacks can help the team harden the system against a variety of attacks, including those that were originally directed against it. CAUTION An attacked or infected system should never be trusted because you do not necessarily know all the changes that have taken place and the true extent of the damage. Some malicious code could still be hiding somewhere. Systems should be rebuilt to ensure that all of the potential bad mojo has been released by carrying out a proper exorcism. What Can We Learn from This? Closure of an incident is determined by the nature or category of the incident, the desired incident response outcome (for example, business resumption or system restoration), and the team’s success in determining the incident’s source and root cause. Once it is determined that the incident is closed, it is a good idea to have a team briefing that includes all groups affected by the incident to answer the following questions: • What happened? • What did we learn? • How can we do it better next time? The team should review the incident and how it was handled and carry out a postmortem analysis. The information that comes out of this meeting should indicate what needs to go into the incidence response process and...
View Full Document

Ask a homework question - tutors are online