The Containment Eradication and Recovery phase is used to manage incident

The containment eradication and recovery phase is

This preview shows page 6 - 9 out of 17 pages.

The Containment, Eradication and Recovery phase is used to manage incident attacks before they overwhelm the system and result into more fatal damages, using predetermined procedures such as disabling system functions or shutting down the systems and disconnecting them from the network to mitigate the effects of any attack (Cichonski et.al, 2012). Finally the post incident activity phase is used by the organization or response team to reflect on the new threats and use lessons learned to improve on incident response plan (Cichonski et.al, 2012).Within Target, the incident response plan created will be used in responding to a variety of potential threats such as: Unauthorized access or unauthorized privilege escalation and data breaches, Denial or Distributed Denial of Service Attacks, Firewall Breaches, Viruses and malware outbursts, Theft or physical loss of equipment, and Insider Threats (Rouse, 2014).
Image of page 6
To mitigate these issues, some of the recommended actions that have been put in place at Target include the following: Incident Type Kill Chain Stage Priority Level Recommended Action Unauthorized Access Exploitation & Installation High Detect, monitor and investigate unautho- rized access attempts with priority on those that mission critical or contain sensi- tive data. Unauthorized Privi- lege Escalation Exploitation & Installation High Critical systems are configured to record all privileged escalation events and set alarms for unauthorized privilege escala- tion attempts. Data Breach System Compro- mise High During a data breach, all evidence is cap- tured carefully and evidentiary data is col- lected. Alarms are set to alert system and administrators and emergency system shut down and data recovery steps is initiated. All critical documents or data are backed up on a different system. Denial or Distributed Denial of Service At- tacks Exploitation & Installation High An IPS is implemented to monitor, detect and automatically terminate all traffic pat- terns that steps out of the normal behavior of the system. Viruses or Malware Delivery & At- tack Low Remediate any malware infections as quickly as possible. The rest of the net- work needs to scanned to ensure no fur- ther compromise were associated with the outbreak. Insider Breach System Compro- mise High User accounts are routinely monitored us- ing system log events and security infor- mation and event management products that can generate alerts based on the anal- ysis of log files
Image of page 7
Theft of Physical Loss System Compro- mise High Whole disk encryption is used to protect all laptops and mobile devices. Lockout screen or remote wiping is lost or stolen equipment is used to remotely remove all critical data on stolen or lost equipment. Firewall Breaches System Compro- mise High Technology additions and updates are used to evaluate firewall settings and ad- just them as needed in order to minimize the impact on business.
Image of page 8
Image of page 9

You've reached the end of your free preview.

Want to read all 17 pages?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture