1Copyright__2012_Elsevier_IncAll_Rights_ReservedChapter

1

Chapter 11

Response

Cyber Attacks Protecting National Infrastructure, 1st ed.

2

• Incident response process is the most familiar component of any cyber security program

• A cyber security program will contain at least the following – Incident trigger

– Expert gathering

– Incident analysis

– Response activities

C h a p te

r 1 1 –

R e s p o n s e

Introduction

3

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.1 – General incident response process schema

4

• There are two fundamental types of triggers – Tangible, visible effects of an attack

– Early warning and indications information

• Thus, two approaches to incident response processes – Front-loaded prevention

– Back-loaded recovery

• The two approaches should be combined for comprehensive response picture

• Protecting national assets is worth suffering a high number of false positives

C h a p te

r 1 1 –

R e s p o n s e

Pre- Versus Post-Attack Response

5

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.2 – Comparison of front-loaded and back-loaded response processes

6

• Front-loaded prevention critical to national infrastructure protection

• Taxonomy of early warning process triggers – Vulnerability information

– Changes in profiled behavioral metrics

– Match on attack metric pattern

– Component anomalies

– External attack information

• Front-loaded prevention have a high sensitivity to triggers

C h a p te

r 1 1 –

R e s p o n s e

Indications and Warning

7

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.3 – Comparison of trigger intensity threshold for response

8

• Optimal incident response team includes two components – A core set of individuals

– A set of subject matter experts

• In complex settings, with multiple incidents, important for team to not work at cross-purposes

C h a p te

r 1 1 –

R e s p o n s e

Incident Response Teams

9

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.4 – Management of simultaneous response cases

10

• Response teams in a national setting must plan for multiple concurrent attacks aimed at a company or agency

• Considerations for proper planning include – Avoidance of a single point of contact individual

– Case management automation

– Organizational support for expert involvement

– 24/7 operational support

C h a p te

r 1 1 –

R e s p o n s e

Incident Response Teams

11

• Questions addressed in the forensic analysis process include – Root cause

– Exploits

– State

– Consequences

– Action

• Great care must be taken to protect and preserve evidence

C h a p te

r 1 1 –

R e s p o n s e

Forensic Analysis

12

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.5 – Generic high-level forensic process schema

13

• Internal expert most likely the best to lead a company investigation

• Forensic analysts need the following – Culture of relative freedom

– Access to interesting technology

– Ability to interact externally

C h a p te

r 1 1 –

R e s p o n s e

Forensic Analysis

14

• Should law enforcement be involved and called upon for support?

• Carefully review local, regional, and national laws regarding when law enforcement must be contacted

• Figure 11.6 outlines a decision process

C h a p te

r 1 1 –

R e s p o n s e

Law Enforcement Issues

15

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.6 – Decision process for law enforcement involvement in forensics

16

• Three Components of a Disaster Recovery Program – Preparation

– Planning

– Practice

C h a p te

r 1 1 –

R e s p o n s e

Disaster Recovery

17

Fig. 11.7 – Disaster recovery exercise configurations

C h a p te

r 1 1 –

R e s p o n s e

18

• National programs can provide centralized coordination – Intrasector coordination should be encouraged

• Currently, coordination is not the main focus of most national emergency response team programs

C h a p te

r 1 1 –

R e s p o n s e

National Response Program

19

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.8 – National response program coordination interfaces

Sheet1

Competitive Analysis
Factor	Our Company	Competitor A	Competitor B	Competitor C	Competitor D
Product Line
Pricing
Distribution
Target Audience
Primary
Secondary
Positioning
Objectives
Marketing
Promotion
Sales
Past Year
Five Year History
1
2
3
4
5
Market Share
Past Year
Five Year History
1
2
3
4
5
BDI vs. CDI
Share of Voice
Share of Mind
Promotion Mix
Elements
Relative Emphasis
Creative Strategy
Slogan
Key Benefit
Format
Appeals
Tone
Advertising Media
Spending
Media Classes
Scheduling
Coverage
Weight
Efficiency
Sales Promotion-Consumer
Sales Promotion-Trade
Public Relations Efforts
Spending
Activities
Personal Selling
Role
Packaging
Strengths
Weaknesses
Competitive Power Index
Rating 1-10 (weak-strong)

&"Calibri,Bold"&14&K000000Competitive Analysis Worksheet

&"Calibri,Regular"&K000000Confidential

Marketing Plan Outline

1) Situation Analysis

a. Industry Analysis

i. Market Supply Structure

ii. Market Drivers

iii. Market Trends

iv. Market Growth

2) Customer Analysis

a. Market Demographics/Geographics

b. Market Psychographics

c. Market Behaviors

d. Market Needs

e. Market Segmentation

3) Competitive Analysis

4) SWOT Analysis

5) Marketing Objectives

6) Marketing Strategy

a. Target Markets

b. Positioning

c. Marketing Mix

i. Product/Service

ii. Pricing Strategy

iii. Promotional Strategy

iv. Service Strategy

v. Distribution Strategy

7) Financials

a. Sales Forecast

b. Marketing Budget

8) Implementation

9) Resources

10) Appendix

a. Project Primary Research (directional research to support the recommended marketing strategy

blog6

Sheet1

Get help from top-rated tutors in any subject.