Cyber Incident Response

Identifying threats and vulnerabilities

Why threat identification is important

Identifying the threat can be part of response

Threat knwoledge is often needed to properly respond

There are many kinds of threats to an organization's information

Insider threats

Not as big of a threat as in the past but still common

Some insider threats are unintentional

Still often overlooked

This should include contractors, suppliers and even customers!

Outside threats

  • APTs and other threat actors

  • Malware

  • Viruses

  • Script kiddies

  • Competitors

Natural disasters

Often cannot be quantitated

Could result in loss of life (most serious loss)

Uneducated end users

End-user attacks are the most common reasons for breach

  • Phishing attacks, other social engineering, etc

Training programs should include some knowledge of IR

Also often the first indicators of attack

Unqualified IT/security staff

Perhaps the biggest gap

Fixable with appropriate training and resources

Can be the best source of defense

  • Can also be the biggest vulnerability

Ransomware

Becoming more prevalent

Becoming harder to stop

They are getting smarter and expanding their scope

PreviousIncident definitions and severity criteriaNextIncident Response assets inventory and identification

Last updated