Back to Course
Incident Response
0% Complete
0/71 Steps
-
Incident ResponseIncident Reporting
-
Incident Response Use CasesLab Setup
-
Role Playing - Shift Manager
-
Demonstrating: Investigating and Escalating
-
Report from Malware Analyst
-
Exercise 1.1: Exploring Suspicious Executable Detected using SIEM
-
Exercise 1.2: Investigating Multiple Failed Logins using SIEM
-
Exercise 3: Mitigating Risk
-
Exercise 4.1: Asking the Right Questions
-
Scenario 4.1: Asking the Right Questions
-
Scenario 4.2: Suspicious or Malicious?
-
Exercise 4.2: Reviewing the Shift Log
-
Exercise 4.3: Investigating an Unauthorized Login Attempt
-
Exercise 4.4: Investigating Firewall Traffic
-
Exercise 4.5: Reviewing the Security Operations Mailbox
-
Exercise 5.1: Reviewing New Intelligence
-
Exercise 5.2: Assessing Threat Severity
-
Exercise 6: Recommending Remediation
-
Exercise 7: Conducting a Post-Incident Review
-
Exercise 8: Communicating with Operations and Senior Management
-
Business ContinuityBusiness Continuity Plan Development8 Topics
-
BCP Invocation Process2 Topics
-
Emergency Procedures7 Topics
-
Crisis Management Team10 Topics
-
BCP Seating Plan
-
Overview
-
Disaster RecoveryScope of Critical Services
-
Network Services
-
Application Hosting Service
-
File Hosting Services
-
Call Centre and Voice Recording Services
-
Regulatory Links
-
Thin Client Environment
-
Voice System (Non-Service Desk)
-
Printing Services
-
Recovery Time Objective (RTO) & Recovery Point Objective
-
Single Point of Failure
-
Redundancy Requirements
-
Alternate Locations
-
Contact Protocol4 Topics
Participants3
In Progress
Lesson 8 of 40
In Progress
Exercise 3: Mitigating Risk
Goals
To identify opportunities to mitigate risk.
Objectives
After completing this exercise, you should be able to:
- Identify organization risk in a data breach situation.
- Align risk mitigation strategies with the Cyber Kill Chain.
Introduction
In this exercise, you review the January 2013 NY Times article on the breach which occurred there during the four preceding months. Using the 5D’s (deter, detect, delay, deny, and defend), you suggest mitigation steps for each point on the Cyber Kill Chain.
Resources
Hackers in China Attacked the Times for Last 4 Months
Published: January 30, 2013
Here is a link to the New York Times article:
The Cyber Kill Chain is included here for your reference.
Instructions
Suggest mitigation steps using the 5D’s:
• Deter
• Detect
• Delay
• Deny
• Defend
Mitigation steps may include:
• Technology
• processes
Cyber Kill Chain Phase | Mitigation Suggestion |
Act on Objectives | Sample answer: Deny exfiltration by blocking zip files greater than 5 MB from leaving the host. Detect exfiltration by creating an alert on zip files and rar files attempting to leave the network. |
Command and Control | |
Installation | |
Exploitation | |
Delivery |