Now that the network security team contained the incident and restored service, it was time to move to eradication. Eradication involves taking necessary steps to eliminate damage done during the incident and removing any vulnerabilities which may have allowed the incident to have success.
Eradication in this incident means the removal of remote administration in the firewall configurations and patching of the system to remove critical vulnerabilities. If an attacker still maintains access to a system while the network team is investigating, eradication would involve disconnecting and denying further connections to or from the attacker. The network team performed further steps to eradicate this type of attack by applying updates to the standby firewall system. These updates patched vulnerabilities in the firewall operating system and changed its configuration to prevent this type of incident from occurring in the future.
The incident response plan then had the team focus on recovery from the incident. During this stage, the team ensured all systems were back online and functioning as expected. The team also deployed additional monitoring capabilities to be alerted to potential incidents. This additional monitoring will allow the network team to respond sooner to potential attacks. Recovery involves restoration of services and/or systems which were impacted during the incident. In this case the standby firewall was brought online in order to restore internet services so the clinic could effectively treat patients as soon as possible.
Once the systems were restored and additional monitoring enabled, the team worked on generating a report. This report detailed the incident as well as the st...
... middle of paper ...
...network team is doing its part to recommend updates to the network intrusion detection system (NIDS). NIDS will be configured to detect any attempt to exploit vulnerabilities on systems within our network. Also the team has setup alerts which will send email to the team when there is a change in the baseline network bandwidth which can be a precursor to an attack. Additional monitoring has been enabled to alert the team when there is administrative access to the firewall. Also the team will work to build resiliency in the network to automatically switch the network to additional circuits when under this type of attack. These recommendations have already been approved as action items by senior leadership. Since patient care is the clinic’s primary mission, senior leadership has stated these recommendation are vital to ensuring the clinic can fulfill its mission.
Need Writing Help?
Get feedback on grammar, clarity, concision and logic instantly.Check your paper »
- We have conducted an audit of the Network Security Audit. This audit was conducted under the authority of Article VII, Section 5 of the Garland City Charter and in accordance with the Annual Audit Plan approved by the Garland City Council. Objective The objective of this audit is to: A. Provide management with an independent assessment relating to the effectiveness of physical controls in place to prevent unauthorized access to sensitive material. B. Provide management with an evaluation of the IT’s administrative controls that sets tone of an organization, influencing the controls consciousness of its people.... [tags: Security, Information security, Computer security]
1335 words (3.8 pages)
- Not until, recently, the “boundary” between government workplace and the internet were “trusted”, while anything outside of it was “untrusted”. State and federal government agencies are at an increased risk of cyber security attacks. Dozens of federal agencies experienced system breaches in the last few years, affecting millions of employees. With the rise of cybersecurity threats, malware is the number one threat to government systems and national security. Yet, the public sector continues to struggle with outdated information technology infrastructure and lax policies.... [tags: Security, Computer security, National security]
1165 words (3.3 pages)
- In the first place, many companies are currently on the same shape as International Produce, because they did not have a plan which can deal with confidentiality, integrity, and availability (CIA) related incidents. Not only, International Produce has no regulatory requirements that would have made incident response planning a priority, but also this company needs to understand that Incident response is not a standalone item, but must rest on a foundation of policies and an ability to properly determine what an incident is and when one has occurred.... [tags: Security, Computer security, Information security]
1257 words (3.6 pages)
- To: Incoming Computer Science Students From: Christopher Beberness Subject: Vulnerability Assessment Analysis Date: October 8, 2016 Purpose The vulnerability assessment is used in the cyber security field of the computer science. The purpose of this report template is to effectively convey information conducted from a penetration test on a company’s network. Background The vulnerability assessment report is comprised of any exploit or possible weaknesses found in a company’s network while conducting a penetration test as well as a level of risk and how it can be addressed .... [tags: Computer security, Computer, Security]
1049 words (3 pages)
- body parts and failing to encrypt veterans’ data for security. (McCann, 2013). As we all can see the VA needs a lot of work in order to keep our Veteran’s and their information safe. After the breach in 2006, beginning in May 2007, the VA’s, IT office put together a group called the Data Breach Core Team, (DBCT), which is consist of 30 members throughout the Department of Veteran Administrator. Their main job is to review all breaches that the VA has and assign them a category of low, medium or high.... [tags: Computer security, Information security, Security]
1048 words (3 pages)
- Report on Village Network For Young Black Men Setting the Scene:- ------------------- The Village Network is a six months development programme, which comprises one on one support, group sessions which encourages peer support, and a network of partners from the private, public and voluntary sector. It’s a model that was piloted with lone parents in which 11 of the participants, work or running successful businesses. Work continues with others still going into work or having the confidence to look for work placements themselves.... [tags: Papers]
548 words (1.6 pages)
- When I was hired to teach math at Patrick Henry High School I had no idea of the things to come. Being a math instructor, I somehow was drafted to be part of the CERT at Patrick Henry. You see, CERT stands for Computer Emergency Response Team and as a team member I have certain responsibilities once a “computer emergency” occurs. While I don’t want to spend any time defining what constitutes a “computer emergency”, I will explain the current situation in which I find myself involved. A certain teacher at our school, who shall remain nameless, pending our CERT investigation, contracted a virus on their computer.... [tags: CERT, Teacher Network Use]
1114 words (3.2 pages)
- Most small to mid-size corporations cannot afford a complete Computer Emergency Response Team (CERT). A lot of large outsource this operation as well. The team being internal or external makes a significant difference in the first stages of an investigation. We will assume that we are working as a forensic contractor. Given the most opportune situation our forensic team should consist of multiple job titles, but some of these may be held by the same person. One very important position is a legal representative.... [tags: Technology, computers]
1309 words (3.7 pages)
- The Home Depot is a retail store for the more do it yourself people that have home improvement and construction products and services. This company has been at the top of the list for construction and home improvement retailers since 1978 and an annual revenue of close to $80 billion from over 2,000 locations. In 2014 this organization was hit with arguably the biggest retailer breach in history, topping the target breach in the previous year. This was the first time that Home Depot had been breached to this scale and they took a devastating blow.... [tags: Credit card, Computer security, Debit card]
886 words (2.5 pages)
- In a company, a senior management needs to address management tasks and have an information security governance. The information security governance (ISG) is a way for a company to protect information in the information systems. According to Grama, the responsibility of the ISG falls on the executive management team to protect the information assets, (p. 373, 2011). The company will need to have its information security goals align with its business needs to help protect information. For example, a company needs to make a profit to stay in business and it should include goals to protect information from hackers.... [tags: IT department, haccker, senior management]
1130 words (3.2 pages)