Artificial Intelligence: A Force for Good

-
  Artificial intelligence (AI) is a rapidly developing technology with the potential to revolutionize many aspects of our lives. While there are some concerns about the potential negative impacts of AI, there are also many ways that it can be used for good. Here are some examples of how AI is being used for good: Healthcare: AI is being used to develop new drugs and treatments, improve diagnosis and treatment of diseases, and provide personalized healthcare. For example, AI-powered systems are being used to analyze medical images and data to detect cancer and other diseases earlier and more accurately than ever before. Education: AI is being used to personalize learning, provide real-time feedback, and help students learn at their own pace. For example, AI-powered tutors can provide personalized feedback to students on their homework and help them identify areas where they need additional help. Environment: AI is being used to monitor and protect the environment. For ex...
Post a Comment

Phases of Incident Response and How They Impact a Company.

-

Hello, and Welcome to my blog!

 This week we will be looking at the phases of Incident Response and how they may impact a company.

 What is an Incident Response?

An incident response plan is well a documented, written plan with six distinct phases that help IT professionals and staff identify and deal with a cybersecurity incident, such as a data breach or cyberattack. Properly create and manage an incident response plan that involves regular updates and training. 

 The plan contains six phases: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.

 Preparation 

This phase will be the main workhorse of the Incident Response plan and the most crucial phase to protect your business. The response plan should be well documented and thoroughly explains everyone’s roles and responsibilities. It is best to test the said plan as practice makes perfect and prepared if something was to occur.

 Identification

This is where a determination will be made whether you have been breached. As a breach or incident, could happen from different areas, it is best to address some questions to determine best the next course of action, such as When did the event happen? How was it discovered? Who discovered it? How will it affect the operation? Have any areas been impacted? And Has the source of the event been found?

 Containment

 When a breach is first discovered, your initial instinct may be to delete everything to get rid of it securely. However, that will likely hurt you in the long run since you’ll be destroying valuable evidence that you need to determine where the breach started and devise a plan to prevent it from happening again.

 Instead, contain the breach, so it does not spread and cause further damage to your business. If you can, disconnect affected devices from the Internet. Have short-term and long-term containment strategies ready. It is also good to have a redundant system back-up to help restore business operations. That way, any compromised data is not lost forever.

 This is also an excellent time to update and patch your systems, review your remote access protocols, change all user and administrative access credentials, and harden all passwords.

 

Eradication

 Once the issue has been contained, the next step is to eliminate the breach's root cause. This involves removing any malware found, system hardened and patched, and updates should be applied. If any malware traces or any security issues still linger, the odds of losing valuable data and liability could increase.

 

Recovery

This is the process of restoring and returning affected systems and devices into your business environment. During this time, it is essential to get your systems and business operations up and running again without the fear of another breach.

 

Lessons Learned

Once the investigation is complete, hold an after-action meeting with all Incident Response Team members and discuss what you have learned from the data breach. This is where you will analyze and document everything about the breach. Determine what worked well in your response plan, and where there were some holes. Lessons learned from both mock and real events will help strengthen your systems against future attacks.

 As you can see, there is a lot that goes into creating the incident response plan. It is essential to see that these types of plans are there to help guide you and your team to respond appropriately in the event of a security breach. These plans have their weight in gold, as being prepared is only part of the battle.

 If you would like to know more about the subject, please see the links below to learn more. Also, was there anything I may have left out? If so, please feel free to leave a comment below. I would love to hear from you!

  What is an incident response?

 6 Phases in the incident response plan

Reference

DAVID ELLIS. (n.d.). 6 phases in the incident response plan. SecurityMetrics. https://www.securitymetrics.com/blog/6-phases-incident-response-plan

Margaret Rouse. (2019, June 28). What is incident response? Definition from WhatIs.com. SearchSecurity. https://searchsecurity.techtarget.com/definition/incident-response

Updated: 8/26/2020

Comments

Post a Comment

Popular posts from this blog

What Makes a Security Plan?

-
      Hello, and welcome back to my blog. This week, I would like to quickly discuss the levels that go into making a security plan. These types of plans are an important tool for IT departments and Cybersecurity Administrators to design a plan that will help protect or slow down an attack on the network.     Of course, security plans can vary from company to company; however, their purpose remains the same, with threats looming every day. With IT managers adjusting in response to the ever-changing threats, the created security plan must be designed to stop or slow down any attempt to breach network defenses. Below we will look at the principal components of a security plan and what they entail.    Separate Networks              As the name suggests, having more than one network can protect company assists from hackers and the like. The reason being is that having every computer on one network would lea...
Read more

Public vs. Private Clouds: A quick look at the Pros and Cons

-
Hello, and welcome back to my blog! This week we will be discussing the positive and negative sides of using public and private clouds.         For many small businesses, turning to the cloud would seem like a daunting and challenging task. Just thinking about the many different types of Cloud services and various companies that offer them would take time to sort out what you want and how to make the change.       I will cover the pros and cons of using public and private clouds in the hopes that you will come away with a little bit more knowledge on the matter than when you arrived. Of course, if you would like to know more about the different types of cloud services outside of these two, I am about to discuss, here is a link to one of my earlier postings here,  Link      So, let us go and dive into what these two types of cloud services are. If you have heard of companies like Google, Microsoft, and Amazon, you may also ...
Read more

The Differences between Hubs, Bridges, and Switches, and which one I would recommend using in your home or office

-
         There are many challenges that a network engineer will face when creating a network for a business. Even a homeowner may wish to design their network layout in the hopes that it will connect every room in their home. But what happens when you have multiple devices on a network and more than one device in a room? This can pose a problem if the tools available are not entirely understood by the one that is designing or implementing the network. This week, I will go into what a hub, a bridge, and a switch and their differences to help those looking for the differences and assist them in making the best choice for their home and business. What is a Hub?   Hubs provide a dedicated physical connection for each device that is connected to it. This can help reduce the possibility of one computer were to fail; it would not affect the other computers connected lose connectivity. The downside of a hub is that it shares bandwidth with other attached devi...
Read more