Essay about Lab #9

642 Words Jul 6th, 2013 3 Pages
Course name and Number: ISSC 362 attack and security 1. When you are notified that a user’s workstation or system is acting strangely and log files indicate system compromise, what is the first thing you should do to the workstation or system and why? a. Disconnect from the network via unplugging the network interface and pull the power cord. Through doing this you can isolate the damage to the areas that it is located without the chances of it uploading data or changing the system during power down. 2. When an antivirus application identifies a virus and quarantines this file, does this mean the computer is free of the virus and any malicious software? b. No it does not. When the virus quarantines the file it …show more content…
e. Damaging the evidence and the logs of the evidence. 7. Why do you want to have the incident response handled by the security incident response team and not the IT organization? f. Because the IT organization isn’t trained in the forensic analysis of incidences. They would be more concerned with getting the system back up then collecting the necessary information. In doing so they would most likely contaminate the evidence beyond use. 8. Do you think it is a good idea to have a security policy that defines the incident response process in your organization? Why or why not? g. Yes I think it is a good idea. Through having a process with a checklist it can insure that all of the information is collected and in such a way that it is usable. Through creating the checklist for the incident handler they can insure 100% success. This also keeps unqualified hands off the evidence. 9. Why should internal legal counsel be notified when a “critical” security incident occurs? h. This is important so that the company can continue in such a way as to be judicially prudent. They must know what is the acceptable method of getting evidence to keep it safe for court admission. There may also be extenuating circumstances that must be taken into account depending on the organization and the event. 10. The post-mortem “lessons learned” step is the last in the incident response process. Why is this the

More about Essay about Lab #9

Open Document