Information System Vulnerabilities and Risks

CSEC662 Final Exam
Information System Vulnerabilities and Risk
Name
Course
Date
1) Response to computer network intrusion
First steps after confirming the attack
Responses to intrusions are taken into consideration when improving management of the security of network and communications. The general approach is first addressing issues with the system detection and then response. Analysis and detection helps to evaluate the extent of the problem, while identifying the concerns and classifying them is then prioritized, decision making is reflected in the response and followed by thorough evaluation of the intrusion (Anwar et al., 2017). Analysis of the huge traffic volume of network activities and other network anomalies helps to determine the nature of the attacks. Further analysis follows a detailed study of the characteristics of the attack, source of attack and the features that increases risk of attack.
Another important thing is port scanning is one of the most popular techniques used by attackers to discover the services exposed to possible attacks. Computers that are connected to a local area network (LAN) or Internet run services have ports that maybe at a risk. A port scan help the attacker find which ports are available. A port scan consists of sending a message to each port and the types of response received helped to evaluate whether the ports are secure and the types of weakness. Undertaking port scanning at the organization will help to identify the port based on the level of vulnerability.
Those involved in the response
The key personnel that will participate in the response include the project manager, system administrator, and the IT support staff. Contact details of the personnel involved in the response will be listed and it is important to correctly identify the methods and contact persons in case of other serious incidents, if there are outsoaring, services. Since there is follow-up and delivery of results all involved will be informed about the results of the incident response.
Compensating for your team’s inexperience
One of the main aims of involving the inexperienced staff in the response is that they learn the procedures and methodologies usually used in network intrusion. The team members will be directly involved in response testing, learning how certain intrusion tests are conducted. This helps to provide an independent evaluation of the system risk, without ignoring the need to classify and prioritize the risk in the company (Fidler, 2017). Since the staff will be involved in identifying flaws in the network, there is training and leaning on the job. Besides responding to threats, there is verification of security in the system in the presence of experienced staff.
Type of resources necessary
Exercises to simulate intrusion will keep the team members knowledgeable about some of the attacks, and the personnel are first informed about what to expect and how to detect the intrusions. Prevention, protection and response to the threats require that they become familiar with various tools used to detect network intrusion (Anwar et al., 2017). When such software tools are available, many of the incident response team members can interpret the results after analysis (Scott-Hayward, Natarajan & Sezer, 2016). Visibility of the internal network is crucial to the success of the intervention since there is identification and exploitation using the software tools available. Furthermore, the resources should be dedicated towards improving the security, and there may be other different types of attacks, and especially when the attacks are coordinated by many people. To carry out a realistic intrusion and detect the likelihood of other intrusions being launched the personnel will familiarize themselves with different aspects of the system.
Protection measures need to be considered
In case of vulnerabilities in software that are exploited the appropriate patches ought to be applied to improve security. Perimeter security controls, such as firewalls and intrusion detection systems are still important to stop cyber attacks but are inadequate when faced with sophisticated and large scale attacks. As such, the multi-tier defense strategies are necessary to detect and the network intrusions including the source possible, and the scale of intrusion (Singh, Kumar, Singla & Ketti, 2017). The security tools used should be used to protect the network and applications against attacks, but users also need to be informed about how their decisions and actions may increase the risk of intrusions.
2) Communication and coordination plan
Calling internal stakeholders
The incident response (forensic) team leader and network administrators will firms be informed once there is detection of the network intrusion. The specialist professionals provide valuable advice, and depending on the severity of the incident, other specialized professionals may be contacted to help deal with the network intrusion. The management is then informed as they give the go ahead on taking action to enhance the network security. Establishing the crisis communication team, identifying the communication professionals as well as communication the legal department, the IT team and the management will help to resolve issues on responsibility for the response.
Identifying priorities and assigning resources
. Getting an overview of the situation helps to prioritized and assign the resources since the risks, threats and vulnerabilities are identified and calcified based on their severity. When there are open communication channels, situational analysis is prioritized to determine weaknesses of the system and threats. The incident response team will then be involved in collecting data to understand the damages and potential threats even as they mostly respond first to restore the system. In doing this relevant information is collected for analysis and presented to other stakeholders that are understandable to all without focusing too much on the technicalities. Attacks that compromise the security of the data and increase the risk of data leak may have a long-term impact on the firm’s reputation and ensuring that the system is back and there is improved security provides reassurance that the responders are committed to improving security (Singh et al., 2017). In case of volatile data evidence in the system that can be lost after being turned off or lost over time, there is a need to identify the volatile systems and data since once lost analysis will be a huge challenge.
Communicating with incident responders during the response
The incident responders restore the system and they are informed about analysis of the situation, the main issues problematic points and actions. Details about how the incident response operation will be carried out are addressed with explanations on aims of the intervention and how different members will handle certain tasks and responsibilities. Having a unified the message among all responders ensures that there is clarity on what to do and expect I will provide accurate and information about the incident using different communication channels and since there is open communication the responders can seek clarification and suggestions on how best to restore the network. Identifying what needs to be prioritized for the first responders is important when one has to carry out further investigations within the organization and this is communicated o the response to better prepare them.
Communication with management during the response
After the attack or intrusion it is important to be as truthful as possible without minimizing the consequences of the incident so as to maintaining the trust of the management. I will use clear and concise to highlight why there is a need for incident response and request for resources. The management will likely not fully comprehend the details of the attack, but communicating the impact of the attacks is necessary to respond effectiv...