Part 1 - An Overall View of the Course

Video Activity

This lesson offers an introduction into the topic if incident response and advance forensics and discusses what will be covered over the entire course. Topics covered are: · The Cyber Security Paradox: Security is either 90% or 10% (LTC George Jacobson during the Vietnam War) · What is Cyber Incident Response? · How do incidents and events differ? ...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 56 minutes
Difficulty
Advanced
CEU/CPE
7
Video Description

This lesson offers an introduction into the topic if incident response and advance forensics and discusses what will be covered over the entire course. Topics covered are: · The Cyber Security Paradox: Security is either 90% or 10% (LTC George Jacobson during the Vietnam War) · What is Cyber Incident Response? · How do incidents and events differ? · NIST 800-61 · The CIA Triad · How and why do cyber security incidents occur?

Video Transcription
00:03
>> Hello, and welcome to Cybrary.
00:03
My name is Max Alexander.
00:03
I'm going to be your subject matter expert for
00:03
Cybrary's Incident Response and
00:03
>> Advance Forensics course.
00:03
>> Today, we're going to talk about
00:03
the introduction to incident response.
00:03
To understand incident response,
00:03
we first need to provide
00:03
an overview of cybersecurity paradox.
00:03
Modern computer systems and
00:03
networks were designed to be connected.
00:03
To enable companies and businesses
00:03
>> to share information,
00:03
>> to reach out and touch customers,
00:03
and to just be interactive with each other,
00:03
with their employees,
00:03
we need that connectivity
00:03
within our networks and systems.
00:03
That being said,
00:03
no information system is going
00:03
>> to be 100 percent secure,
00:03
>> but that doesn't mean that we shouldn't try.
00:03
Lieutenant Colonel George Jacobson
00:03
during the Vietnam War said,
00:03
"Security is either 10 percent or 90 percent,
00:03
>> depending on the expert that you talk to.
00:03
>> But there is not any expert that will doubt that its
00:03
either the first 10 percent of
00:03
the first 90 percent." That's important.
00:03
Cybersecurity is the backbone
00:03
>> to protecting our networks,
00:03
>> to protecting our information,
00:03
to protecting our data systems,
00:03
so we still have to do that.
00:03
That being said, no matter what we do,
00:03
no information system is going
00:03
>> to be 100 percent secure.
00:03
>> Regardless of the measures that we put in place,
00:03
there's always going to be some type
00:03
of risk and some type of threat.
00:03
Even if we harden
00:03
the system as hard as we could make it,
00:03
there's going to be some type of
00:03
end-user or a person that
00:03
can interfere with that security and
00:03
users are always going to be the weakest link.
00:03
In very large organizations,
00:03
you're going to have individuals who
00:03
may not be very computer savvy,
00:03
and they might click on malicious links
00:03
>> or go to websites that they shouldn't go
00:03
>> to and that's going to endanger your system
00:03
because obviously, it was designed to be connective,
00:03
and there's that vulnerability
00:03
that that user could expose you to.
00:03
That being said, cybersecurity incidents will occur and
00:03
organizations must know how to respond to
00:03
those incidents as part of
00:03
due care and due diligence to their customer.
00:03
But also just as part of being a good business owner,
00:03
it's important to respond to
00:03
these cybersecurity incidents to
00:03
protect your proprietary information,
00:03
because that's what keeps you in business.
00:03
Or if we say the target incident,
00:03
you are not able to protect your networks,
00:03
your data systems that well,
00:03
it could impact your business
00:03
and other people may want to go shop at somewhere else.
00:03
It's very important to do that.
00:03
But to dovetail off of what Colonel Jacobson said,
00:03
Colonel T.E. Lawrence
00:03
>> from Lawrence in Arabia fame said,
00:03
>> "Defeating insurgents is messy and slow,
00:03
like eating soup with a knife."
00:03
That ties into this cybersecurity paradox
00:03
and to the constant threat
00:03
that is posed to information systems,
00:03
and computers, and networks.
00:03
We're always going to end up having to
00:03
fight this cybersecurity battle.
00:03
Technology advances every day,
00:03
there's new threats, there's new viruses,
00:03
so we're on the losing end
00:03
>> of that battle because there's
00:03
>> always someone out there trying to
00:03
one up the cybersecurity expert.
00:03
Therefore, these incidents are going to occur and
00:03
we have to know how to deal
00:03
with them and respond to them.
00:03
>> What is a cyber incident response?
00:03
>> To look at that, we can go to the
00:03
>> NIST Publication 800-61
00:03
>> and the Computer Security Response Center, CSRC,
00:03
>> of the National Institute of Standards and Technology,
00:03
NIST, defines both events
00:03
and incidents in that publication,
00:03
the security incident handling guide.
00:03
Whereas an event is described simply as
00:03
an observable occurrence in a system or network,
00:03
an incident is defined as a violation or
00:03
a threat of computer security policies,
00:03
acceptable use policies,
00:03
or standard security policies.
00:03
That's a lot of information.
00:03
To summarize that,
00:03
an incident is any violation of
00:03
your organization's security policies or
00:03
procedures that compromises or
00:03
attempts to compromise the confidentiality,
00:03
integrity, or availability of
00:03
that information so that CIA triad,
00:03
if you're a CISSP or studying for that CISSP,
00:03
anything that is going to or potentially
00:03
compromise that CIA triad is going to be an incident.
00:03
Each organization is going to be different.
00:03
They may have their own set of laws, regulatory rules,
00:03
administration procedures, policies,
00:03
guidelines that it's going to use
00:03
to defining a cybersecurity incidents.
00:03
It's important to check with
00:03
your organization if they've already got rules in
00:03
place to see what is defined as an incident.
00:03
How do cybersecurity incidents occur?
00:03
There's going to be many paths that are
00:03
going to lead to the occurrence of
00:03
the cybersecurity incident and they're
00:03
going to require some response.
00:03
Some of the most common ways
00:03
that incidents are going to occur,
00:03
and these are just a small list of incidents,
00:03
there is obviously more,
00:03
one of the first one is negligence.
00:03
If you're in a classified information setting,
00:03
or you've got proprietary information,
00:03
or sensitive information,
00:03
that could be mishandling that information.
00:03
If you're on a system and you've got access to
00:03
social security numbers or you've got
00:03
access to that proprietary information,
00:03
mailing that out to
00:03
someone who shouldn't have access to that,
00:03
that could cause great harm to your organization.
00:03
That is something to take into consideration.
00:03
Insider threats.
00:03
This is something that is emerging right now that
00:03
it's been going on since the dawn of time,
00:03
but it's now just coming into
00:03
the light and something that
00:03
we're going to have to deal with.
00:03
Some of those incidents
00:03
are example by Edward Snowden, Private Manning.
00:03
Regardless of whatever you
00:03
think their actions were right or wrong,
00:03
the organizations that they worked for feel
00:03
>> that they caused grievous harm to that organization.
00:03
>> We'll talk more about cyber insider threat later on and
00:03
just the type of
00:03
problems that they can cause for your organization.
00:03
Criminal activity is another type
00:03
of threat that are posed to information systems.
00:03
That could include data theft,
00:03
loss of trade secrets.
00:03
Someone hacking into your network and
00:03
accessing social security numbers,
00:03
credit card data, or
00:03
that proprietary information that
00:03
makes your business special.
00:03
Those are important consideration.
00:03
The basic theft of funds,
00:03
crimeware, ransomware,
00:03
having someone have to pay to access their data
00:03
again or obtain access to their computer systems.
00:03
Denial of service is the next one,
00:03
maybe it's an insider threat
00:03
that has planted some type of logic bomb
00:03
>> that prohibits you from accessing information.
00:03
>> Or distributed denial of
00:03
service attack like what Iran launched against
00:03
United States banking websites that
00:03
stopped their customers from going to the websites.
00:03
Could be extortion, again,
00:03
ransomware is another type of extortion
00:03
>> or the Sony hack,
00:03
>> which we'll also talk about later on,
00:03
trying to blackmail someone
00:03
to do something or not do something.
00:03
You have hacktivism, which is exemplified by anonymous.
00:03
They believe what they're doing is
00:03
the right thing and they take essentially action
00:03
by hacking people who they don't agree with
00:03
to some political ideology or end.
00:03
Then hacking for thrills.
00:03
You're going to have your
00:03
>> basic low-level script kiddies
00:03
>> all the way up to your advanced hackers,
00:03
>> such as Guicifer.
00:03
>> These are types of how cybersecurity incidents occur.
00:03
Again, this is not an all inclusive list,
00:03
but these are just some examples of
00:03
how and why they occur.
Up Next