Day 3 - Preparation: Building Checklists

Published: 2008-10-03
Last Updated: 2008-10-14 15:06:02 UTC
by Jason Lam (Version: 1)
0 comment(s)

For the third day of Cyber Security Awareness Month we will look at the practice of building checklists for use in incident handling.  If you are part of a response team and have any anecdotes you can share please send them to us via our contact page. Here are some questions that frame what we are looking for:

- What are some useful checklists to be used in incident handling?
- What are some good resources on the Internet for checlists?
- How tightly or loosely do you follow the checklist?
- How to handle incidents that are not covered by checklist?

Checklists are essential to incident handling. During an incident, the stress level are high and a million things can happen in short period time. Checklists can help incident handlers to ensure all essential incident process are covered, keeping the incident handlers on the right track. SANS SCORE project provides various checklist and incident handling forms that are useful for incident handlers.

We will update this diary with your comments and thoughts throughout the day, so start sending them in.

Update 1:

A reader - GaryK, wrote in and pointed us some helpful resources on this topic,

- incident handling checklist at cert.org
- Incident Handling Steps at Texas A&M University
- Many good links on this page, specifically relevant to this topic is the Sun Microsystem Blueprint online, Securityfocus.com incident articles.

 

 

 

Keywords: Awareness2008
0 comment(s)

Financial Crisis and security

Published: 2008-10-03
Last Updated: 2008-10-03 22:18:01 UTC
by Jason Lam (Version: 1)
0 comment(s)

The world financial crisis has lead to a lot of changes, corporations buy out one another, merging and also all sorts of structural changes are happening for the finanical companies to stay afloat. These changes are having impact on some of the online attacks as well. As reported by multiple sources, the phishers are currently leveraging the opportunity to craft persuasive phish email such as this and this. We are sure to see more of these phishing Emails.

For the long term, the consolidations in the financial sector especially in the US will make phishing easier. The bigger the banks in a country, the easier the phishing operation. As big banks merge together to form mega-banks, it helps the phishers to reach the right group of clients. For example, in the past, every 100 people who received the phish Email, only 5 are customers of a specific bank. After the consolidation, 12 are customers of that bank. This type of situation had been seen in UK and Australia in the past due to the smaller number of banks in these countries. As banks start to consolidates everywhere in the world, this might happen in the US as well.

Jason Lam

Keywords:
0 comment(s)

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives