Scribd Logo
Carica

Benvenuto in Scribd!

  • 7 Things To Do If Your Biz Is Hacked

    Caricato da

    Luis Barreto
    61 visualizzazioni2 pagine
    When a business is hacked, it is important to take several steps: 1) bring in the right experts internally and externally to address the incident, 2) collect information about what happened and work with the incident response team to analyze it, and 3) develop a plan to investigate further, remediate any issues, and restore normal operations as quickly as possible while communicating status appropriately.

    Descrizione originale:

    Biz Hacked

    Titolo originale

    7 Things to Do if Your Biz is Hacked

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    When a business is hacked, it is important to take several steps: 1) bring in the right experts internally and externally to address the incident, 2) collect information about what happened and work with the incident response team to analyze it, and 3) develop a plan to investigate further, remediate any issues, and restore normal operations as quickly as possible while communicating status appropriately.

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    61 visualizzazioni2 pagine

    7 Things To Do If Your Biz Is Hacked

    Caricato da

    Luis Barreto
    When a business is hacked, it is important to take several steps: 1) bring in the right experts internally and externally to address the incident, 2) collect information about what happened and work with the incident response team to analyze it, and 3) develop a plan to investigate further, remediate any issues, and restore normal operations as quickly as possible while communicating status appropriately.

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 2

    7 THINGS TO DO WHEN YOUR BUSINESS IS HACKED

    INCIDENT RESPONSE PLAN

    BRING IN THE RIGHT PEOPLE.

    COLLECT INFORMATION AND


    WORK WITH YOUR IR TEAM.

    BUILD A PLAN.
    Communications

    Were you informed by the FBI ?

    Get your legal team.

    Was critical corporate data compromised?

    Notify the executive board.

    The critical time in any breach


    investigation is the first 24 to 48
    hours. Make your decisions as evidence

    the compliance team.

    Technical analysis

    materializes, and be sure to communicate


    with your Incident Response team.

    Who will participate,


    what will their roles
    be, and what will each
    person do?

    What machines were breached?

    Containment

    How were they hacked?


    Did someone say PHI ? Better bring in

    What will you tell the


    board of directors, the
    public, law enforcement,
    and regulators?

    What was stolen?


    Communication is key.
    Dont make assumptions.

    Where does the threat


    still reside? Clean it up!

    Restoration

    Who will you contact


    should you need to call
    on backups, adjust
    firewalls, block IP
    addresses, or reimage
    corrupted machines?

    SET THE SCOPE OF THE INVESTIGATION, ANALYZE, AND REMEDIATE.

    Triage affected hosts to find indicators of


    compromise (IoC) and create a distilled
    timeline Event logs, file systems, etc.

    Once a set of IoCs has been found, they


    should be put into other security
    systems that
    can spot them
    elsewhere on
    the network.

    The most compromised


    hosts undergo a deep
    investigation for a full
    understanding of what the
    attacker did on that system and
    to use that analysis to create a
    remediation plan.

    LEAD AND ENABLE THE TEAM.

    COMMUNICATE DELIBERATELY
    AND EFFECTIVELY.

    DERIVE AND APPLY LESSONS


    LEARNED.

    Clear roadblocks so that team members


    can dedicate themselves to remediating
    the problem. Then ensure the effective
    flow of information within the team
    so that members can stay
    focused on their
    individual tasks.

    Anything that is communicated outside


    the Incident Response team should be
    supported 100% by evidence and for good
    reason. Information about the breach that
    is told to the board should
    be tailored to answering
    the question, How
    and how soon can
    business get back
    to normal?

    Within a week of cleaning up a breach,


    the team should discuss and document
    its actions to
    determine what
    went right, what
    went wrong,
    and how to be
    better prepared
    the next time.

    7 THINGS TO DO WHEN YOUR BUSINESS IS HACKED


    INCIDENT RESPONSE CHECKLIST AND CONTACTS
    INCIDENT RESPONSE CHECKLIST
    Bring in the right people.
    Collect information and work with your IR team.
    Build a plan.
    Derive and apply lessons learned.
    Set the scope of the investigation, analyze, and remediate.
    Lead and enable the team. Identify anticipated roadblocks.
    Communicate deliberately and effectively.

    INCIDENT RESPONSE CALL LIST


    Legal Lead:
    Executive Lead:
    Compliance Lead:
    Investigation Lead:
    Incident Response Team Lead:
    Incident Response Team Members (internal):

    Incident Response Team Members (external):

    Rapid7: 1-844-RAPID-IR

    Endpoint Analysis Lead:


    Network Analysis Lead:
    Backups Administration:
    Systems Administration:
    Communications Lead (internal):
    Communications Lead (external):
    Communications Approval:
    Communications Approval:

    1-844-RAPID-IR

    www.rapid7.com/incident-response

    Potrebbero piacerti anche