1

Copyright © 2012, Elsevier Inc.

All Rights Reserved

Chapter 11

Response

Cyber Attacks Protecting National Infrastructure, 1st ed.

2

• Incident response process is the most familiar component of any cyber security program

• A cyber security program will contain at least the following – Incident trigger

– Expert gathering

– Incident analysis

– Response activities

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Introduction

3

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.1 – General incident response process schema

4

• There are two fundamental types of triggers – Tangible, visible effects of an attack

– Early warning and indications information

• Thus, two approaches to incident response processes – Front-loaded prevention

– Back-loaded recovery

• The two approaches should be combined for comprehensive response picture

• Protecting national assets is worth suffering a high number of false positives

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Pre- Versus Post-Attack Response

5

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.2 – Comparison of front-loaded and back-loaded response processes

6

• Front-loaded prevention critical to national infrastructure protection

• Taxonomy of early warning process triggers – Vulnerability information

– Changes in profiled behavioral metrics

– Match on attack metric pattern

– Component anomalies

– External attack information

• Front-loaded prevention have a high sensitivity to triggers

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Indications and Warning

7

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.3 – Comparison of trigger intensity threshold for response

8

• Optimal incident response team includes two components – A core set of individuals

– A set of subject matter experts

• In complex settings, with multiple incidents, important for team to not work at cross-purposes

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Incident Response Teams

9

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.4 – Management of simultaneous response cases

10

• Response teams in a national setting must plan for multiple concurrent attacks aimed at a company or agency

• Considerations for proper planning include – Avoidance of a single point of contact individual

– Case management automation

– Organizational support for expert involvement

– 24/7 operational support

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Incident Response Teams

11

• Questions addressed in the forensic analysis process include – Root cause

– Exploits

– State

– Consequences

– Action

• Great care must be taken to protect and preserve evidence

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Forensic Analysis

12

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.5 – Generic high-level forensic process schema

13

• Internal expert most likely the best to lead a company investigation

• Forensic analysts need the following – Culture of relative freedom

– Access to interesting technology

– Ability to interact externally

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Forensic Analysis

14

• Should law enforcement be involved and called upon for support?

• Carefully review local, regional, and national laws regarding when law enforcement must be contacted

• Figure 11.6 outlines a decision process

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Law Enforcement Issues

15

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.6 – Decision process for law enforcement involvement in forensics

16

• Three Components of a Disaster Recovery Program – Preparation

– Planning

– Practice

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Disaster Recovery

17

Fig. 11.7 – Disaster recovery exercise configurations

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

18

• National programs can provide centralized coordination – Intrasector coordination should be encouraged

• Currently, coordination is not the main focus of most national emergency response team programs

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

National Response Program

19

Copyright © 2012, Elsevier Inc.

All rights Reserved

C h a p te

r 1 1 –

R e s p o n s e

Fig. 11.8 – National response program coordination interfaces

Sheet1

Competitive Analysis
Factor Our Company Competitor A Competitor B Competitor C Competitor D
Product Line
Pricing
Distribution
Target Audience
Primary
Secondary
Positioning
Objectives
Marketing
Promotion
Sales
Past Year
Five Year History
1
2
3
4
5
Market Share
Past Year
Five Year History
1
2
3
4
5
BDI vs. CDI
Share of Voice
Share of Mind
Promotion Mix
Elements
Relative Emphasis
Creative Strategy
Slogan
Key Benefit
Format
Appeals
Tone
Advertising Media
Spending
Media Classes
Scheduling
Coverage
Weight
Efficiency
Sales Promotion-Consumer
Sales Promotion-Trade
Public Relations Efforts
Spending
Activities
Personal Selling
Role
Packaging
Strengths
Weaknesses
Competitive Power Index
Rating 1-10 (weak-strong)

&"Calibri,Bold"&14&K000000Competitive Analysis Worksheet

&"Calibri,Regular"&K000000Confidential

Marketing Plan Outline

1) Situation Analysis

a. Industry Analysis

i. Market Supply Structure

ii. Market Drivers

iii. Market Trends

iv. Market Growth

2) Customer Analysis

a. Market Demographics/Geographics

b. Market Psychographics

c. Market Behaviors

d. Market Needs

e. Market Segmentation

3) Competitive Analysis

4) SWOT Analysis

5) Marketing Objectives

6) Marketing Strategy

a. Target Markets

b. Positioning

c. Marketing Mix

i. Product/Service

ii. Pricing Strategy

iii. Promotional Strategy

iv. Service Strategy

v. Distribution Strategy

7) Financials

a. Sales Forecast

b. Marketing Budget

8) Implementation

9) Resources

10) Appendix

a. Project Primary Research (directional research to support the recommended marketing strategy

Get help from top-rated tutors in any subject.

Efficiently complete your homework and academic assignments by getting help from the experts at homeworkarchive.com