1
Copyright © 2012, Elsevier Inc.
All Rights Reserved
Chapter 11
Response
Cyber Attacks Protecting National Infrastructure, 1st ed.
2
• Incident response process is the most familiar component of any cyber security program
• A cyber security program will contain at least the following – Incident trigger
– Expert gathering
– Incident analysis
– Response activities
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Introduction
3
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Fig. 11.1 – General incident response process schema
4
• There are two fundamental types of triggers – Tangible, visible effects of an attack
– Early warning and indications information
• Thus, two approaches to incident response processes – Front-loaded prevention
– Back-loaded recovery
• The two approaches should be combined for comprehensive response picture
• Protecting national assets is worth suffering a high number of false positives
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Pre- Versus Post-Attack Response
5
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Fig. 11.2 – Comparison of front-loaded and back-loaded response processes
6
• Front-loaded prevention critical to national infrastructure protection
• Taxonomy of early warning process triggers – Vulnerability information
– Changes in profiled behavioral metrics
– Match on attack metric pattern
– Component anomalies
– External attack information
• Front-loaded prevention have a high sensitivity to triggers
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Indications and Warning
7
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Fig. 11.3 – Comparison of trigger intensity threshold for response
8
• Optimal incident response team includes two components – A core set of individuals
– A set of subject matter experts
• In complex settings, with multiple incidents, important for team to not work at cross-purposes
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Incident Response Teams
9
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Fig. 11.4 – Management of simultaneous response cases
10
• Response teams in a national setting must plan for multiple concurrent attacks aimed at a company or agency
• Considerations for proper planning include – Avoidance of a single point of contact individual
– Case management automation
– Organizational support for expert involvement
– 24/7 operational support
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Incident Response Teams
11
• Questions addressed in the forensic analysis process include – Root cause
– Exploits
– State
– Consequences
– Action
• Great care must be taken to protect and preserve evidence
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Forensic Analysis
12
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Fig. 11.5 – Generic high-level forensic process schema
13
• Internal expert most likely the best to lead a company investigation
• Forensic analysts need the following – Culture of relative freedom
– Access to interesting technology
– Ability to interact externally
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Forensic Analysis
14
• Should law enforcement be involved and called upon for support?
• Carefully review local, regional, and national laws regarding when law enforcement must be contacted
• Figure 11.6 outlines a decision process
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Law Enforcement Issues
15
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Fig. 11.6 – Decision process for law enforcement involvement in forensics
16
• Three Components of a Disaster Recovery Program – Preparation
– Planning
– Practice
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Disaster Recovery
17
Fig. 11.7 – Disaster recovery exercise configurations
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
18
• National programs can provide centralized coordination – Intrasector coordination should be encouraged
• Currently, coordination is not the main focus of most national emergency response team programs
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
National Response Program
19
Copyright © 2012, Elsevier Inc.
All rights Reserved
C h a p te
r 1 1 –
R e s p o n s e
Fig. 11.8 – National response program coordination interfaces
Sheet1
Competitive Analysis | |||||
Factor | Our Company | Competitor A | Competitor B | Competitor C | Competitor D |
Product Line | |||||
Pricing | |||||
Distribution | |||||
Target Audience | |||||
Primary | |||||
Secondary | |||||
Positioning | |||||
Objectives | |||||
Marketing | |||||
Promotion | |||||
Sales | |||||
Past Year | |||||
Five Year History | |||||
1 | |||||
2 | |||||
3 | |||||
4 | |||||
5 | |||||
Market Share | |||||
Past Year | |||||
Five Year History | |||||
1 | |||||
2 | |||||
3 | |||||
4 | |||||
5 | |||||
BDI vs. CDI | |||||
Share of Voice | |||||
Share of Mind | |||||
Promotion Mix | |||||
Elements | |||||
Relative Emphasis | |||||
Creative Strategy | |||||
Slogan | |||||
Key Benefit | |||||
Format | |||||
Appeals | |||||
Tone | |||||
Advertising Media | |||||
Spending | |||||
Media Classes | |||||
Scheduling | |||||
Coverage | |||||
Weight | |||||
Efficiency | |||||
Sales Promotion-Consumer | |||||
Sales Promotion-Trade | |||||
Public Relations Efforts | |||||
Spending | |||||
Activities | |||||
Personal Selling | |||||
Role | |||||
Packaging | |||||
Strengths | |||||
Weaknesses | |||||
Competitive Power Index | |||||
Rating 1-10 (weak-strong) |
&"Calibri,Bold"&14&K000000Competitive Analysis Worksheet
&"Calibri,Regular"&K000000Confidential
Marketing Plan Outline
1) Situation Analysis
a. Industry Analysis
i. Market Supply Structure
ii. Market Drivers
iii. Market Trends
iv. Market Growth
2) Customer Analysis
a. Market Demographics/Geographics
b. Market Psychographics
c. Market Behaviors
d. Market Needs
e. Market Segmentation
3) Competitive Analysis
4) SWOT Analysis
5) Marketing Objectives
6) Marketing Strategy
a. Target Markets
b. Positioning
c. Marketing Mix
i. Product/Service
ii. Pricing Strategy
iii. Promotional Strategy
iv. Service Strategy
v. Distribution Strategy
7) Financials
a. Sales Forecast
b. Marketing Budget
8) Implementation
9) Resources
10) Appendix
a. Project Primary Research (directional research to support the recommended marketing strategy

Get help from top-rated tutors in any subject.
Efficiently complete your homework and academic assignments by getting help from the experts at homeworkarchive.com