Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Day 3 - Preparation: Building Checklists

Published: 2008-10-03
Last Updated: 2008-10-14 15:06:02 UTC
by Jason Lam (Version: 1)
0 comment(s)

For the third day of Cyber Security Awareness Month we will look at the practice of building checklists for use in incident handling.  If you are part of a response team and have any anecdotes you can share please send them to us via our contact page. Here are some questions that frame what we are looking for:

- What are some useful checklists to be used in incident handling?
- What are some good resources on the Internet for checlists?
- How tightly or loosely do you follow the checklist?
- How to handle incidents that are not covered by checklist?

Checklists are essential to incident handling. During an incident, the stress level are high and a million things can happen in short period time. Checklists can help incident handlers to ensure all essential incident process are covered, keeping the incident handlers on the right track. SANS SCORE project provides various checklist and incident handling forms that are useful for incident handlers.

We will update this diary with your comments and thoughts throughout the day, so start sending them in.

Update 1:

A reader - GaryK, wrote in and pointed us some helpful resources on this topic,

- incident handling checklist at cert.org
- Incident Handling Steps at Texas A&M University
- Many good links on this page, specifically relevant to this topic is the Sun Microsystem Blueprint online, Securityfocus.com incident articles.

 

 

 

Keywords: Awareness2008
0 comment(s)

Financial Crisis and security

Published: 2008-10-03
Last Updated: 2008-10-03 22:18:01 UTC
by Jason Lam (Version: 1)
0 comment(s)

The world financial crisis has lead to a lot of changes, corporations buy out one another, merging and also all sorts of structural changes are happening for the finanical companies to stay afloat. These changes are having impact on some of the online attacks as well. As reported by multiple sources, the phishers are currently leveraging the opportunity to craft persuasive phish email such as this and this. We are sure to see more of these phishing Emails.

For the long term, the consolidations in the financial sector especially in the US will make phishing easier. The bigger the banks in a country, the easier the phishing operation. As big banks merge together to form mega-banks, it helps the phishers to reach the right group of clients. For example, in the past, every 100 people who received the phish Email, only 5 are customers of a specific bank. After the consolidation, 12 are customers of that bank. This type of situation had been seen in UK and Australia in the past due to the smaller number of banks in these countries. As banks start to consolidates everywhere in the world, this might happen in the US as well.

Jason Lam

Keywords:
0 comment(s)
Diary Archives