IQ Networks Professional Services:
Assessment
Policies
Design/Consulting
Deployment
Management
Documentation
Training
Compliance
Forensics
Search

Incident Handling Step by Step - Computer Crime Investigation

Securing an infrastructure is a complex task of balancing business needs against security risks. With the discovery of new vulnerabilities almost on a daily basis, there is always the potential for an intrusion. In addition to online intrusions, physical incidents like fires, floods and crime all require a solid methodology for incident handling to be in place, in order to get systems and services back online as quickly and securely as possible.

The first part of the course looks at the invaluable Incident Handling Step-by-Step model. Incident Handling Step-by-Step was created through a consensus process involving experienced incident handlers from corporations, government agencies, and educational institutes, and has been proven effective in hundreds of organizations. This section is designed to provide students a complete introduction to the incident handling process, using the six steps (preparation, identification, containment, eradication, recovery and lessons learned) one needs to follow to prepare for and deal with a computer incident.

The second part of this course examines from-the-trenches case studies to understand what does and does not work in identifying computer attackers. This section provides valuable information on the steps a systems administrator can take to improve the chances of catching and prosecuting attackers.

Course Topics Include

Preparation
  • Building a Jump Kit
  • Identifying the Core Team
  • Instrumentation of the Site and System

Identification

  • Signs of an Incident
  • First Steps
  • Chain of Custody

Containment

  • Documentation Strategies: Video and Audio
  • Containment and Quarantine
  • Pull the Network Cable, Switch and Site
  • Identifying and Isolating the Trust Model

Eradication

  • Evaluating Whether a Backup is Compromised
  • Total Rebuild of the Operating System
  • Moving to a New Architecture
Recovery
  • Who Makes the Determination to Return to Production?
  • Monitoring to System
  • Expect an Increase in Attacks

Special Actions for Responding to Different Types of Incidents

  • Espionage
  • Inappropriate Use
  • Sexual Harassment

Incident Record Keeping

  • Pre-built Forms
  • Legal Acceptability

Incident Follow-Up

  • Lessons Learned Meeting
  • Changes in Process for the Future

To see a full list of our courses please click here

Download Services Brochure

If you wish to have more detailed information about our Services and Products please click here

 

TOP
Copyright IQ Networks, 2003
Reprint Permission

 

Copyright 2003 IQ NETWORKS
- | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - |