One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 1497042 |
| Date de publication | 2020-01-06 19:24:42 (vue: 2020-01-06 21:00:27) |
| Titre | NBlog Jan 6 - post-malware-incident notification & other stuff |
| Texte |  A couple of days ago here on NBlog I wrote: "One screamingly-obvious lesson from the rash of ransomware incidents is that we need to anticipate malware infections when the preventive controls fail, which means strengthening the security protecting our business-critical systems and being ready to recover IT services and data efficiently following incidents." That's not all.Anticipating that, despite all we do to prevent them, malware infections are still likely to occur implies the need for several post-event controls. These are the kinds of controls I have in mind:Reliable, efficient, effective, top-quality incident response and management processes - in particular, speed is almost always of the essence in malware incidents, and the responses need to be well-practiced - not just the run-of-the-mill routine infections but the more extreme/serious "outbreaks";Decisive action is required, with strong leadership, clear roles and responsibilities, and of course strong awareness and training both for the response team and for the wider organization;Clarity around priorities for action e.g. halt the spread, assess the damage, find the source/cause, recover;Technological controls, of course, such as network segmentation (part of network architectural design), traffic filtering and (reliable!) isolation of segments pending their being given the all-clear;Clarity around priorities for reporting including rapid escalation and ongoing progress updates, in parallel with the other activities;Forensics, where appropriate, feasible and helpful (e.g. which preventive controls failed, why, and what if anything can be done to strengthen them); |
| Envoyé | Oui |
| Condensat | these that ;decisive ;post ;restoration above account action activities;forensics ago alerts/alarms all almost always anticipate anticipating anything appropriate architectural are aren around assess awareness backups bad being best both bullet business but can certain cleanup clear clear;clarity compliance content continuity controls couple course cover critical customers damage data days design despite detective done done when dust effective efficient efficiently efforts end entirely escalation essence event exactly extreme/serious fail failed failures feasible february figure filtering final find fitting following from further/reinfection future given halt has have helpful here how identify impacts implications implies improved improvement improving incident incidents including infections intend interruptions isolation jan job jumpy just key kinds leadership learn legacy lesson lessons likely making malware management management;additional/heightened materials means mileage mill mind:reliable more nblog need needs network new not notification obvious occur once one ongoing organization;clarity other outbreaks parallel part particular pending phase plenty points post practiced prevent preventive priorities prioritizing processes progress protecting quality raised ransomware rapid rash ready recover recover;technological reliable remainder reporting required resolved;stakeholder response responses responsibilities reviews roles routine run sadly said screamingly security seems segmentation segments service services settled several should something source/cause specifically speed spread stakeholder strengthen strengthening strong stuff such systematic systems taking team testing that everything them there think those top traffic training update updates well what whatever when where which whom why wider will wrote: |
| Tags | Ransomware Malware Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.