CYB 220 Module 8 Discussion

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

220

Subject

Computer Science

Date

Jan 9, 2024

Type

docx

Pages

1

Uploaded by LieutenantPencilChimpanzee11

Report
CYB 220 Module 8 Discussion When investigating a security event before escalation to incident response. Collection of data dominant. Its not just collection of data but collection of the circumstance. What happened, when, how and what or who does affect. If your intelligence gathering is not fine tuned and flooded with false positives that creates overhead to dissect the information to find what is important to the event or not. Having the IDS/IPS correctly correlating and logging to the SOC and the SIEM platform is ideal. The SIEM will correlate data from multiple sources to help create faster response and remediation. When investigating a serious event and before escalation. The data gathering can be massive. Including justification for escalation to incident response. Then removing an asset from a network. Contacting legal and forensics. Depending on the event, legal authorities may have to be notified processes and policy needs to be in place. Training and table tops need to be conducted. Even bring in third parties to help manage a Table Top session. From malware and phishing emails to ransomware or domain compromise. The first steps are almost always followed and the investigation or data collection begins. False positives that have not been fine tuned or remediated can create false correlations in the monitoring application. During an event and incident. The stress and time to correlation and resolution is key. False positives not just in security appliances or applications but network or systems/servers can cause overhead that takes away focus and positive impact or progress. In many situations time is an essence in getting the correct teams or individuals involved. Many times you may not know who is needed and what is effected. Really, the concern is how far did an event and now incident go. I think an example would be an unauthorized person in a restricted area. Well how long was that person in there? What did they do? Then where else did they go? Same with malware on a machine or something more.
Discover more documents: Sign up today!
Unlock a world of knowledge! Explore tailored content for a richer learning experience. Here's what you'll get:
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

CSIA 459 week 5 discussion..docx
MondelusTravon_Assignment3.docx
Midterm2_2020-21.pdf
Quiz9_2020-21.pdf
Quiz8_2020-21.pdf
Quiz7_2020-21.pdf
CSE543_Au23_HW1.pdf
CIS_223_1.7_Guided Practice_ Cardinality.docx
Quiz 3.pdf
Quiz 4.pdf
Quiz 1.pdf
cse320validargs
Recommended textbooks for you
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
SEE MORE TEXTBOOKS