Download Security Incident Response Long Form

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
Document related concepts

Remote Desktop Services wikipedia , lookup

Lag wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Computer security wikipedia , lookup

Cross-site scripting wikipedia , lookup

Transcript 
SECURITY INCIDENT RESPONSE (DETAIL FORM)
Page _____ of _____
The following is a sample incident report. The report is an example of the types of information and incident details that will be
used to track and report security incidents for CSU. The format of this report is subject to change as reporting standards and
capabilities are further developed.
Contact Information and Incident
Last Name:
Job Title:
Phone:
Mobile:
Email:
First Name:
Alt Phone:
Pager:
Fax:
Incident Description
Date/Time and Recovery Information
Date/Time of First Attack:
Date/Time of Attack Detected:
Has the Attack Ended:
Duration of Attack (in hours):
Severity of Attack:
Estimated Recovery Time of this Report (Clock)
Estimated Recovery Time of this Report (Staff Hours)
Estimated Damage Account as of this Report ($$$ Loss)
Number of Hosts Affected:
Number of Users Affected:
Type of Incident Detected:
Exposing
Confidential/Classified/
Unclassified Data
Anonymous FTP abuse
Using Machine Illegally
ICQ Abuse/IRC Abuse
Other (Specify)
SB1386 – Is Email
Notification Required?
Comments (Specify Incident
Details and additional
information):
Theft of Information
Technology
Resources/ Other
Assets
Attacking Attackers/
Other Sites
Impersonation
Life Threatening
Activity
Yes
No
Date:
Time:
Time:
Yes
No
Low
Medium
High
Creating accounts
Altering
DNS/Website/Data
/ Logs
Destroying Data
Credit Card Fraud
Fraud
Increasing
Notoriety of
Attacker
Password Cracking
Installing a Back
Door/Trojan Horse
Unauthorized
Use/Access
Attacking the Internet
SB1386 - Email
Notification Sent Out?
Don’t Know
Sniffer
Yes
No
General Information
How Did You Initially Become Aware of the Incident?
Automated Software
Notification
Automated Review
of Log Files
Don’t Know
Other (Specify)
Manual Review of
Log Files
System Anomaly (i.
e., Crashes,
Slowness)
Third Party
Notification
Attack Technique (Vulnerability Exploited / Exploit Used)
CVE/CERT VU or
BugTraq Number
Virus, Trojan Horse,
Worm, or Other
Malicious Code
Scanning/Probing
Other
Denial of Service or
Distributed Denial of
Service Attack
Unauthorized Access to Affected Computer
Privileged Compromise (Root/Admin
Access) User Account Compromise/Web
Compromise (Defacement)
Suspected perpetrator(s) or possible motivation(s) of attack:
CSU staff/students/
faculty
Other (Specify)
Former staff/
students/faculty
External Party
Unknown
Malicious Code
Virus, Worm
Name or Description of Virus
Yes (Provide
Is Anti-Virus Software Installed on the
Name)
Affected Computer(s)?
Yes
Did the Anti-Virus Software Detect the
Virus?
When was your Anti-Virus Software Last Updated?
No
No
Network Activity
Protocols
Name or Description of Virus
TCP
Other
UDP
ICMP
IPSec
IP Multicast
Ipv6
Please Identify Source Ports Involved in the Attack:
Please Identify Destination Ports Involved in the Attack:
Impact of Attack
Hosts
Individual Hosts
Does this Host represent an Attacking or Victim Host?
Host Name:
Operating System Affected:
Applications Affected:
Others:
Primary Purpose of this Host:
User Desktop Machine
Domain Controller
Application Server
Victim
IP Address:
Patch Level (if known):
Database:
User Laptop Machine
Web Server
Domain Name Server
Time Server
Other Infrastructure Services
Attacker
Mail Server
NFS/File System Server
Bulk Hosts
Bulk Host Information
(Details):
Comments (Please detail
incident):
Data Compromised:
Did the attack result in a loss/compromise
of sensitive or personal information?
Comments:
Did the attack result in damage to
system(s) or date:
Comments:
Yes (Specify)
No
Other
Yes (Specify)
No
Other
Law Enforcement
Yes
No
Has Law Enforcement Been Notified?
Remediation:
Please detail what corrective actions have been taken (specify):
Comments:
Lessons Learned Information (Optional)
Both
FTP Server
Database Server
Did Your Detection and Response Process and Procedures Work as
Intended?
Comments:
Please provide Discovery Methods and Monitoring Procedures that
would have Improved Your Ability to Detect an Intrusion.
Comments:
Are there Improvements to Procedures and Tools that would have
Aided You in the Response Process.
Comments:
Are there Improvements that would have Enhanced Your Ability to
Contain an Intrusion
Comments:
Are there Correction Procedures that would have Improved Your
Effectiveness in Recovering Your Systems.
Comments:
Related documents
Self Matters: Confronting Stress and Taking Care of yourself
Self Matters: Confronting Stress and Taking Care of yourself
File - Wisconsin MABAS Division 112
File - Wisconsin MABAS Division 112
Practice Based Improvement Log
Practice Based Improvement Log
Comprehensive All-Hazard Emergency Response Plan Overview
Comprehensive All-Hazard Emergency Response Plan Overview
PHYSICAL PLANT Incident Investigation Director’s Checklist
PHYSICAL PLANT Incident Investigation Director’s Checklist
The Information Security Jigsaw The Technical Elements
The Information Security Jigsaw The Technical Elements
Exposure Report
Exposure Report
Bloodborne Pathogens
Bloodborne Pathogens
Incident Report
Incident Report
IHNV (Infectious Hematopoietic Necrosis Virus) is one of the most
IHNV (Infectious Hematopoietic Necrosis Virus) is one of the most
EXAMPLES FOR CRITICAL INCIDENT ANALYSIS
EXAMPLES FOR CRITICAL INCIDENT ANALYSIS
Security and Assurance in IT organization
Security and Assurance in IT organization
SECURITIES AND FUTURES ACT (CAP. 289)
SECURITIES AND FUTURES ACT (CAP. 289)
Trend reporting on types of injuries
Trend reporting on types of injuries
SECTION VI— INCIDENT MANAGEMENT SYSTEM (IMS) 6.6
SECTION VI— INCIDENT MANAGEMENT SYSTEM (IMS) 6.6
Children`s Hospital Surge Hospital Overload Response Plan
Children`s Hospital Surge Hospital Overload Response Plan
Selected teams will give a brief report to the
Selected teams will give a brief report to the
Security Incident Investigation Report Sample
Security Incident Investigation Report Sample
Ext_09
Ext_09
Emergency Preparedness Compliance Incident Command Training
Emergency Preparedness Compliance Incident Command Training
Guidelines for Off-Site Care Facilities
Guidelines for Off-Site Care Facilities
Emergency Operations Field Guide
Emergency Operations Field Guide