Computer Incident Response Framework

Would you know how to respond if a distributed denial of service attack was launched against your network and successfully shut it down? What if your databases were compromised and personal identifying information, or other sensitive data was breached? What would be the consequences if your website was disabled or defaced and users couldn’t access your site-or couldn’t trust that the information on the site was accurate? Would you know what to do? These are real incidents that can happen and not just what ifs.

Symantec reported that 75% of enterprises that they surveyed reported experiencing some form of cyber attack in 2009; the FBI reported $600 million in 2009 in various losses were attributed to cyber crime.

Universities must be able to recognize computer security incidents and respond to them appropriately in order to minimize the damage that they can cause and help prevent future occurrences. This proposal will provide best practices for developing and implementing strategies for effective incident response. Topics for discussion will include:

  • Global Threats
  • Incident Response Policy development
  • Importance of having an incident response plan
  • Incident Response Plan Components
  • Common pitfalls in incident planning and preparation
  • How to pre-plan for the imminent incident:
    – Forensic Data Sources
    – Incident Documentation and Log Retention
    – Forensic Preservation
    – First Responders

Zachery Mitcham –

Leave Feedback on