Artificial Intelligence: A Force for Good

-
  Artificial intelligence (AI) is a rapidly developing technology with the potential to revolutionize many aspects of our lives. While there are some concerns about the potential negative impacts of AI, there are also many ways that it can be used for good. Here are some examples of how AI is being used for good: Healthcare: AI is being used to develop new drugs and treatments, improve diagnosis and treatment of diseases, and provide personalized healthcare. For example, AI-powered systems are being used to analyze medical images and data to detect cancer and other diseases earlier and more accurately than ever before. Education: AI is being used to personalize learning, provide real-time feedback, and help students learn at their own pace. For example, AI-powered tutors can provide personalized feedback to students on their homework and help them identify areas where they need additional help. Environment: AI is being used to monitor and protect the environment. For exampl
Post a Comment

Incident Response and Forensic Analysis, a relationship.

-

Hello, and Welcome to my blog!

This week, we will be discussing how forensics is related to incident response.

Before we dive in, if you are not familiar with incident response, check out this link that will take you to one of my other posts that describes what incident response is.


The forensics part that is related to the incident response takes place after everything has happened. After the response team has done what they can, the forensic team comes in and analyze what has been taken. This team can be part of the response team or a separate group from the response team.


They have their own goals, data requirements, team skills, and benefits for both teams they have, and each of these has differences between them. It is also possible for a person to have both sets of skills and maybe both teams.

Incident Response vs. Forensic Analysis

Both of these are two related disciplines that use similar tools. Here are the essential highlights.

Incident Response:

Goals:

·         Focused on determining a quick response.

Data Requirements:

·         Requires short-term data sources, often no more then a month.

Team Skills:

·         Strong log analysis and malware analysis capabilities.

·         Ability to quickly isolate an infected device and to develop means to mitigate or quarantine the devices

·         Interaction with other security and operations team members.

Benefits:

·         The first line of defense in security operations.

·         Eliminate a threat on one machine in real-time.

·         Keeping breaches isolated and limited in impact.

               

Forensic Analysis:

Goals:

·         Completing analysis and gathering risks and impacts (part of scheduled compliance, legal discovery, or law enforcement investigation).

·         Focused on a full understanding and thorough resolution of a breach.

Data Requirements:

·         Requires much longer-lived logs and files.

·         A successful attack investigation can occur over somewhere between 150 and 300 days.

Team Skills:

·         Strong log analysis and malware analysis capabilities.

·         Requires interaction with a much broader set of departments, including operations, legal HR, and compliance.

Benefits:

·         Post-Incident Analysis.

·         Resolution of all threats with the careful analysis of an entire attack chain.

·         Ability to respond judicially.

 

Both are similar and take place in different stages. These stages are short-term, which happens during the attack. And long-term, which take place post-incident.

The short-term part of the incident response happens during the event of the attack, which are:

  • ·         Events
  • ·         Isolation, Containment, and Investigation
  • ·         Reporting
  • ·         Acquiring the evidence without altering or damaging the original.
  • ·         Verify that your recovered evidence is the same as the originally seized data.
  • ·         Transport evidence and ensure that integrity of the evidence.
  • ·         Communicate the incident to the receptive entity.

While the long-term is:

  • ·         Post-incident analysis
  • ·         Analyze the data without modifying it.
  • ·         Deepen visibility into processes and actions that occurred on devices and operating systems.
  • ·         Mitigate gaps and vulnerabilities.
  • ·         Focus on a scientific approach.
  • ·         Extensive reporting features.

 

A lot goes into both; however, they are essential for a business to understand that without a response team, it could spell trouble down the road if an attack happens and is not stopped in time. This is why it is vital to have an incident response team with forensic skills.

So, did I leave anything out? If so, please leave a comment below, I would love to hear from you.

Also, are you part of an incident response team? How has your experience in this area surprised you in any way? If so, please leave a comment below as well.

Until next week!

 

Source

Infosec. (n.d.). Incident response and forensics. Infosec Resources. https://resources.infosecinstitute.com/category/computerforensics/introduction/areas-of-study/computer-forensics-investigations/incident-response-and-forensics/#gref

Updated: 8/26/2020

Comments

Post a Comment

Popular posts from this blog

What Makes a Security Plan?

-
      Hello, and welcome back to my blog. This week, I would like to quickly discuss the levels that go into making a security plan. These types of plans are an important tool for IT departments and Cybersecurity Administrators to design a plan that will help protect or slow down an attack on the network.     Of course, security plans can vary from company to company; however, their purpose remains the same, with threats looming every day. With IT managers adjusting in response to the ever-changing threats, the created security plan must be designed to stop or slow down any attempt to breach network defenses. Below we will look at the principal components of a security plan and what they entail.    Separate Networks              As the name suggests, having more than one network can protect company assists from hackers and the like. The reason being is that having every computer on one network would lead to issues if that subsequent work were to fail, which would stop operati
Read more

Public vs. Private Clouds: A quick look at the Pros and Cons

-
Hello, and welcome back to my blog! This week we will be discussing the positive and negative sides of using public and private clouds.         For many small businesses, turning to the cloud would seem like a daunting and challenging task. Just thinking about the many different types of Cloud services and various companies that offer them would take time to sort out what you want and how to make the change.       I will cover the pros and cons of using public and private clouds in the hopes that you will come away with a little bit more knowledge on the matter than when you arrived. Of course, if you would like to know more about the different types of cloud services outside of these two, I am about to discuss, here is a link to one of my earlier postings here,  Link      So, let us go and dive into what these two types of cloud services are. If you have heard of companies like Google, Microsoft, and Amazon, you may also know that they offer paid or free cloud services. Other vendors
Read more

The Differences between Hubs, Bridges, and Switches, and which one I would recommend using in your home or office

-
         There are many challenges that a network engineer will face when creating a network for a business. Even a homeowner may wish to design their network layout in the hopes that it will connect every room in their home. But what happens when you have multiple devices on a network and more than one device in a room? This can pose a problem if the tools available are not entirely understood by the one that is designing or implementing the network. This week, I will go into what a hub, a bridge, and a switch and their differences to help those looking for the differences and assist them in making the best choice for their home and business. What is a Hub?   Hubs provide a dedicated physical connection for each device that is connected to it. This can help reduce the possibility of one computer were to fail; it would not affect the other computers connected lose connectivity. The downside of a hub is that it shares bandwidth with other attached devices, limiting it to half-dupl
Read more