100%(1)1 out of 1 people found this document helpful
This preview shows page 6 - 9 out of 17 pages.
The Containment, Eradication and Recovery phase is used to manage incident attacks before they overwhelm the system and result into more fatal damages, using predetermined procedures such as disabling system functions or shutting down the systems and disconnecting them from the network to mitigate the effects of any attack (Cichonski et.al, 2012). Finally the post incident activity phase is used by the organization or response team to reflecton the new threats and use lessons learned to improve on incident response plan (Cichonski et.al,2012).Within Target, the incident response plan created will be used in responding to a variety ofpotential threats such as:•Unauthorized access or unauthorized privilege escalation and data breaches, •Denial or Distributed Denial of Service Attacks, •Firewall Breaches, •Viruses and malware outbursts,•Theft or physical loss of equipment, and•Insider Threats (Rouse, 2014).
To mitigate these issues, some of the recommended actions that have been put in place at Target include the following:Incident TypeKill ChainStagePriorityLevelRecommended ActionUnauthorized AccessExploitation & InstallationHighDetect, monitor and investigate unautho-rized access attempts with priority on those that mission critical or contain sensi-tive data.Unauthorized Privi-lege EscalationExploitation & InstallationHighCritical systems are configured to record all privileged escalation events and set alarms for unauthorized privilege escala-tion attempts.Data BreachSystem Compro-miseHighDuring a data breach, all evidence is cap-tured carefully and evidentiary data is col-lected. Alarms are set to alert system and administrators and emergency system shutdown and data recovery steps is initiated.All critical documents or data are backed up on a different system. Denial or Distributed Denial of Service At-tacksExploitation & InstallationHighAn IPS is implemented to monitor, detect and automatically terminate all traffic pat-terns that steps out of the normal behavior of the system. Viruses or Malware Delivery & At-tackLowRemediate any malware infections as quickly as possible. The rest of the net-work needs to scanned to ensure no fur-ther compromise were associated with the outbreak.Insider BreachSystem Compro-miseHighUser accounts are routinely monitored us-ing system log events and security infor-mation and event management products that can generate alerts based on the anal-ysis of log files
Theft of Physical LossSystem Compro-miseHighWhole disk encryption is used to protect all laptops and mobile devices. Lockout screen or remote wiping is lost or stolen equipment is used to remotely remove all critical data on stolen or lost equipment.Firewall BreachesSystem Compro-miseHighTechnology additions and updates are used to evaluate firewall settings and ad-just them as needed in order to minimize the impact on business.