FireEye presentation
Details on North Korean Regime backed Threat Group = steal dollars from financial
Fake News accounts on Facebook = designed to incite people
Event = observed occurrence in an information system that actually happened, don't know if malicious, don't know if data has left company
- An email
- A phone call
- A System Crash
Incident = Adverse event in an information system, it includes the significant threat of the event, it implies harm or the attempt to harm.
- Violation of an explicit or Implied security policy
- Attempts to gain unauthorized access
- Unwanted denial of resources
- Unauthorized use of system or resource, an intrusion
- Changes made without an owners knowledge or consent
Breach = A confirmed Incident that results in confirmed disclosure of data to an unauthorized party.
Incident Response Cycle
Preparation
- Incident Response Plan (IR Plan) = Who do you notify?
Detection and Analysis
Containment Eradication & Recovery
Post-Incident Activity
Existing Security Controls
IPS = snort