Scribd
Upload
9 views

Coursework Forensics

The document discusses the types of security breaches an incident responder may encounter, including malware attacks, unauthorized access, phishing attacks, insider threats, DDoS attacks, data breaches, social engineering attacks, and man-in-the-middle attacks. It also lists the various functions of a Computer Emergency Response Team, such as threat intelligence, proactive monitoring, incident response, vulnerability management, security research and development, training and awareness, forensics and investigation, incident reporting and communication, incident recovery and post-incident analysis, and policy and standards development.

Uploaded by

bpom422
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
9 views

Coursework Forensics

The document discusses the types of security breaches an incident responder may encounter, including malware attacks, unauthorized access, phishing attacks, insider threats, DDoS attacks, data breaches, social engineering attacks, and man-in-the-middle attacks. It also lists the various functions of a Computer Emergency Response Team, such as threat intelligence, proactive monitoring, incident response, vulnerability management, security research and development, training and awareness, forensics and investigation, incident reporting and communication, incident recovery and post-incident analysis, and policy and standards development.

Uploaded by

bpom422
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

As a cyber-security professional, the following are the types of security

breaches I may encounter as an incident responder;


1. Malware attack.
Malicious attacks can occur through various means, such as email attachments
and compromised websites. Malware includes Trojans, worms, ransomware,
adware, spyware and various types of viruses. These attacks can lead to
unauthorized access, data theft, or system disruption.
2. Unauthorized access.
An incident where an attacker gains unauthorized access to a computer system or
network, allowing them to potentially steal sensitive information, modify data, or
disrupt services.
3. Phishing attack.
An attacker masquerades as a reputable entity or person in an email or other
communication channel in this type of attack. The attacker uses phishing emails to
distribute malicious links or attachments that can perform a variety of functions,
including extracting login credentials or account information from victims. i.e.
Spear phishing is a more targeted type of phishing attack and occurs when the
attacker invests time researching the victim to pull off an even more successful
attack.
4. Insider threats.
Security breaches can also originate from within the organization, where an
employee or contractor intentionally or inadvertently exposes sensitive
information, misuses privileges, or compromises systems.
5. Distributed Denial of Service attacks(DDoS).
These attacks involve overwhelming a targeted server or network with a flood of
incoming traffic, making it unavailable to legitimate users. Incident responders
need to identify the source of the attack and implement mitigation strategies.
6. Data breaches.
Incidents where personal or confidential information is accessed, stolen, or
disclosed without authorization, often resulting in potential financial loss, identity
theft, or reputational damage.
7. Social engineering attacks.
Attackers often manipulate people into availing confidential information or
granting access to restricted systems through techniques like phishing or
impersonation. Incident responders must identify these attacks and provide
awareness training to prevent future occurrences.
8. Man-in-the-middle attack.
A man in the middle attack is one where an attacker intercepts and alters messages
between two parties that believe they are communicating with each other. Both
victims are manipulated in this kind of attack. Examples of man in the middle
attacks are session hijacking, Wi-Fi eaves dropping and email hijacking.

Part(B): The various functions of Computer Emergency Response Team are;

1. Threat Intelligence.
They actively gather and analyze information on emerging cyber threats,
vulnerabilities, and attack techniques. They share this intelligence with
stakeholders within their organization or sector to enhance awareness and help
prevent future incidents.
2. Proactive Monitoring.
They implement monitoring systems to detect potential security incidents or
breaches. They continuously monitor the organization's networks, systems, and
applications for any abnormalities or suspicious activities.
3. Incident Response.
They are responsible for detecting, analyzing, and responding to cybersecurity
incidents and breaches. They quickly investigate and identify the nature and scope
of an attack, contain the threat, and develop a strategy to mitigate the damage.
4. Vulnerability Management.
They regularly monitor and assess vulnerabilities in computer systems and
networks. They identify security flaws, prioritize them based on potential risk, and
recommend solutions or countermeasures to ensure the system is secure.
5. Security Research and Development.
They often conduct research and development in the field of cybersecurity. They
work on improving security technologies, developing new tools, and creating best
practices to stay ahead of emerging threats.
6. Training and Awareness.
They provide training and awareness programs for employees, users, and
stakeholders. They educate them on cybersecurity best practices, safe online
behavior, and how to respond to potential threats or incidents.
7. Forensics and Investigation.
They perform digital forensics analysis to identify the source, extent, and impact
of a security incident. They collect and preserve digital evidence, analyze it to
determine the attack vectors, and assist in legal proceedings if necessary.
8. Incident Reporting and Communication.
They maintain effective communication channels to report and share information
about security incidents promptly. They liaise with internal teams, external
partners, law enforcement agencies, and other CERTs to coordinate response
efforts and exchange relevant information.
9. Incident Recovery and Post-Incident Analysis.
They assist in the recovery process after a security incident, helping to restore
systems, data, and services. They conduct post-incident analysis to understand the
root causes of the incident, identify vulnerabilities, and propose preventive
measures to avoid similar incidents in the future.
10. Policy and Standards Development.
They contribute to the development and implementation of cybersecurity policies,
standards, and procedures within their organization or industry. They ensure
compliance with regulatory requirements and establish guidelines for secure
practices.

You might also like