BSIT380-T302

 In week 11 of BSIT 380 we covered the ways of classifying steps on incident response and how different certifying organizations have different terms. One thing that was a constant was that the steps were separated and many of the term are Cybers security items. When an attack is being repaired it will fall into one of the following categories: Validation, eradication, post-incident activities and containment. The goal with any attack is to isolate to prevent any additional attack surfaces from being attacked, this is done with containment. The next step when a system is either disconnected or in non-LAN/non-web facing environment is to eradicate the attack and any reminisce of it. Next would be to go back and validate that no virus is found in any system files or any network local services that hold the same signature is being used. Finally a incident report or meeting will take place to brief the higher ups on what caused the issue and the steps taken to eradicate the issue as we...

 Within my experience in IT, many repetitive tasks can be done by a well-designed automation system. When I was attending Southeast Tech in Sioux Falls, SD I had the opportunity to learn Linux scripting and the use of making .sh files. Often when creating automation files or formulas the information that is pulled must be accurate, if it is not the rest of the information will be incorrect. When creating a script the first thing is to determine the end goal, then take a step back and look at the overall impact, if a script will be designed to check a system for an item it may be a good idea to estimate how much time doing the items manually would take then compare to the same thing if you had a working script. With my experience, I want to automate something that might be better done manually to prevent errors.

 In the world that we live in there are often people who disagree, some fight it out in twitter or in a boxing ring, however there are some unethical ways people have started silent wars, this includes cyber-attacks on another person’s life or business. In chapter 13 the topic included how to be prepared for threat hunting and uncovering the more difficult attacks. With each attack there is typically a motive, for countries it is often access to sensitive data or disabled a system, for companies it is similar, often companies that run ads for the first time may run into an unintentional DDoS by customers trying to access a resource. The best thing a cybersecurity engineer can do is to help train an maintain systems to filter out the fake traffic versus the real customers.

Within Chapter 12 the biggest thing that I took away was the need for incident response. Any network on the face of the planet that is connected to the world wide web is at risk of being compromised, the best way to manage the risk is to configure a firewall, DMZ, and response plan. When an attack happens there are typically indicators such as multiple failed login attempts, additional system utilization, or systems failing. There should be an SOP or standard operating procedure that is set on what the goal is to minimize the overall impact of an attack, if a single system is a target that system may be isolated or removed network connections. Having account lockout timers can prevent a hacker from using brute-force attacks.

We are already passing week 7, over halfway complete. Within Chapter 11 a topic that jumped out to me was the use of Digital Signatures, they are created using private and public cryptographic keys. With the implementation of Digital Signatures it ensures that non-wet signatures can be verified based on a key or token that only the individual should have access to. In the US Department of Defense they issue all military members CAC or common access cards, they have a certificate that is references via a programmable chip on a card. This card is used to gain access to military bases and restricted areas, they are also configured with Active Directory. In AD the user would plug in the card (something that you have) and enter a pin (something that you know) covering two bases of security ensuring multifactor authentication. 

 Disasters are bound to happen given enough time, and the best way to prepare is to create a plan and inform those whose skill sets will be needed during and after the disaster. A Disaster recovery plan or DRP for short is exactly that! A DRP should include being created with the following information in the following order, Title and last revised date, and members of the committee with primary and secondary contact info. The members of the committee should include at least one c level executive, multiple members from the IT software and hardware team, and the communications and public affairs team. The first chapter will discuss a delegated meeting location if the primary facility is ruined or unable to be met. The next few chapters should include a list of all assets and employee contact info, where to locate insurance information, and what order of communications should be created first. Lastly, the ending should include anything else that pertains to the type of industry such a...