7 hours 36 minutes

Video Description

This lesson offers an introduction into the topic if incident response and advance forensics and discusses what will be covered over the entire course. Topics covered are: · The Cyber Security Paradox: Security is either 90% or 10% (LTC George Jacobson during the Vietnam War) · What is Cyber Incident Response? · How do incidents and events differ? · NIST 800-61 · The CIA Triad · How and why do cyber security incidents occur?

Video Transcription

Hello. Welcome to cyber. My name is Max Alexander. I'm going to be your subject matter expert. Psy Berries. Incident response in advance. Forensics course. And today we're gonna talk about the introduction to incident response.
So to kind of understand incident response, we first need Thio provide an overview of cybersecurity paradox.
So modern computer systems and networks were designed to be connected.
So to enable companies and businesses to share information, to reach out and touch customers and to just be interacted with each other with their employees. We need that connective ity within our networks and systems.
That being said, no information system is going to be 100% secure. But that doesn't mean that we shouldn't try.
So Lieutenant Colonel George Jacobsen during the Vietnam War said security is either 10% or 90% depending on the expert that you talk to.
But there is not any expert that will doubt that it is either. The 1st 10% are the 1st 90%
so that's important. Cybersecurity is the backbone to protecting our networks to protecting our information to protecting our data systems. So we still have to do that. That being said no matter what we do,
no information system is going to be 100% secure. So regardless of the measures that we put in place, there's always going to be some type of rescue
in some type of threat.
And even if we heart in the system, is this hard as we could make it?
There's going to be some type of end user or person that can interfere with that security and users are always going to be the weakest link. So in very large organizations you're going to have individuals who may not be very computer savvy,
and they might click on malicious links or Goethe websites. They shouldn't go to the next going to endanger your system because obviously was designed to be connected. And there's that vulnerability that that user could exposure to.
So that being said, cyber security incidents will occur and organizations must know how to respond to those incidents is part of due care and due diligence to their customer. But also Justus, part of being a good business under
it's important to respond to these cyber security against attempts to protect your proprietary information
because that's what keeps you in business
or if, uh, you know, first, say the target incident, you are not able to protect your networks, your data systems that well, it could impact your business, and other people may want to go shock that somewhere else. So it's very important to do that,
but kind of to duck tail off of what Colonel Jacobson said.
Colonel T. Lawrence from Lawrence in Arabia fame, said defeating insurgents is messy and slow, like eating soup with a knife. And that kind of
ties into this cybersecurity paradox and to the constant threat that is posed to information systems and computers and networks were always going to end up having to fight this cyber security battle.
Technology advances every day. There's new threats. There's new viruses.
So we're kind of on the losing end of that battle because there's always someone out there trying to one up the cybersecurity expert, and therefore these incidents are gonna occur, and we have to know how to deal with them and respond to
uh, what is a cyber incident response?
So to look at that, we can go to the Nest Publication 861 and the Computer Security Response Center CSRC of the National Institute of Standards and Technology. NEST defines both events and incidents in that publication and a six
the security incident handling guide.
Whereas an event is described simply as an observable occurrence and a system or network, an incident is defined as a violation or threat policy of computer security policies. Acceptable use policies are standard security policy. So so that's a look. That's a lot of information.
So the kind of summarize that an incident is any violation of your organisation's security policies or procedures
that compromises or attempts to compromise the confidentiality, integrity or availability of that information So that CIA triad if your C I S S P you're studying for that siesta speak anything that is going to a potentially compromise that see a triad is going to be an incident,
and each organization is going to be different so they may have their own set of of laws, regulatory rules, administration procedures, policies, guidelines that it's going to use to define a cyber security incident. So it's important to check with with your organization if they've already got rules in place
to see what is defined,
as is a incident
so how do cyber security incidents occur? And there's gonna be many paths that are going to leave to the occurrence of the cyber security incident,
and they're going to require some response. So some of the most common ways that incidents are going to occur and these were just ate a small list of incidents There is, obviously Maur
one of the 1st 1 is just his negligence. So if you're in a classified information setting or you've got proprietary information or sensitive information,
that could be mishandling that information. So if you're on a system and and you've got access to Social Security numbers or you've got access to that proprietary information,
mingling that out to someone who shouldn't have access to that, that that could cause grave harm to your organization so that that is something to take into consideration
insider threats. This is something that is emerging right now that you know it's been going on since the dawn of time. But it's now just coming into the light and something that we're gonna have to deal with. Some of those incidents are example by Edward Snowden. Private Manning
Regardless of whatever you think, their actions were right or wrong,
the organizations that they work for,
I feel that they caused grievous farm. That organization will talk more about cyber insider threat later on and just the type of problems that they can cause for your organization.
Criminal activity is another type of threat that are opposed to information systems, so that could include data theft, loss of tree secrets of someone hacking into your network and accessing Social Security numbers. Credit card Dad, are that
private Terry information that makes your business special?
Um, so that those air those important considerations the basic theft of funds crime where ransomware
having someone have to pay to access their dad again or obtain access to their computer systems
on denial of service is the next one. Maybe it's an insider threat that is planted some type of of logic bomb that prohibits you from accessing information
or a distributed denial of service attack.
Um, like what Iran launched against United States baked banking websites that stopped their customers from going to the websites
could be extortion again. You know, Ransomware is another type of extortion or with Sony Hack, which will also talk about later on trying to blackmail someone to do something or not.
You have activism,
which is kind of exemplified by anonymous. They believe what they're doing is the right thing. And they take
essentially action by hacking people who they don't agree with, two kind of,
some political ideology or end
on, then hacking for thrills. You're gonna have your your basic low level script, kiddies, all the way up to your advanced hacking's, such as goose offers. So these air these air types of how cyber security incidents occur again. This is not an all inclusive list, but these were just some examples of how and why they occur.

Up Next

Incident Response and Advanced Forensics

In this course, you will gain an introduction to Incident Response, learn how to develop three important protection plans, perform advanced forensics on the incident, deep dive into insider and malware threats, and commence incident recovery.

Instructed By

Instructor Profile Image
Max Alexander
VP, Cybersecurity Incident Response Planning at JPMorgan