Lesson Progress
0% Complete
  1. Analyze the Incident and gather Information.
    1. Record the incident in the ISOC SharePoint. SharePoint link below.
    1. ISOC identified User/Machine has downloaded .EXE from Rare External Location on Unilever provided resource which violates Unilever’s Acceptable Usage of Organization Resource Policy.
      1. ISOC to contact the User to get Business Justification.
      1. If it is a legitimate activity, provide the same in the Incident.
  2. Close the Incident.
    1. If the User is unaware of the .EXE Download and which seems to be Suspicious
  3. ISOC to Contact Unisys team (Endpoint machines)/HCL team(Server) to Run Getsups and provide the logs to ISOC.
  4. ISOC to Identify the malicious EXE file from the Getsups result and ask the user same over the mail to ISOC team for further investigation.
  5. ISOC team to test the .EXE from the open source tools available.
  6. ISOC identifies the EXE file to be suspicious and request the user to delete the EXE from the machine.
  7. ISOC to ask Unisys team (Endpoint machines)/HCL team(Server) to Run a complete On Demand Scan on user machine.
  8. ISOC to provide the complete investigation in the incident.
  9. Close the Incident.
    1. ISOC identified User has accessed torrent website which is against Unilever Security Policy.
      1. ISOC to verify with the user to understand why he tried accessing the Torrent websites.
      1. ISOC identified the machine contains torrent application installed on it. (First time violation)
  10. Advise the user and create awareness.
  11. Close the Incident
  1. ISOC identifies the machine again which contains torrent application installed on it.
  2. ISOC to report the Incident to User’s Line Manager about the activity.
  3. ISOC to Inform SLT (Security Leadership Team).
  4. Report the Incident to HR team – This point is optional as it depends upon the nature and severity of the Incident.
  5. Close the Incident.