SlideShare a Scribd company logo

Latihan6 comp-forensic-bab5

Download as PPT, PDF
S
sabtolinux

Incident handling involves preparing for, identifying, containing, eradicating, recovering from, and following up on security incidents. An incident is any event that threatens the security of systems and networks, such as system crashes, unauthorized access, or malware. Incident handling procedures include isolating affected systems, notifying authorities, identifying threats, containing damage, collecting evidence, and analyzing the cause of incidents. Computer security incident response teams coordinate incident response and work to secure networks from foreign attacks.

Technology
1 of 19
Downloaded 28 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Incident Handling Presented By Sabto Prabowo
Introduction to Incident Handling An incident is an event or set of events that threatens the security of computing systems and networks. It includes system crashes, packet flooding, and unauthorized use of another user’s account.
Types of Incidents Incidents can be classified as one or more of the following: • Repudiation • Reconnaissance attack • Harassment • Extortion • Pornography trafficking • Organized crime activity • Subversion • Hoax • Caveat
Security Incidents A security incident includes the following: • Evidence of data tampering • Unauthorized access or attempts at unauthorized access from internal and external sources • Threats and attacks by an electronic medium • Defaced Web pages • Detection of some unusual activity, such as possibly malicious code or modified traffic patterns
Security Incidents • Denial-of-service attacks • Other malicious attacks, such as virus attacks, that damage the servers or workstations • Other types of incidents that weaken the trust and confidence in information technology systems
Category of Incidents: Mid Level • Unfriendly employee termination • Violation of special or privileged access to a computer or any computing facility that would normally only be accessible to administrators • Illegal access of the network • Unauthorized storing or processing of data • Destruction of property worth less than $100,000 • Personal theft of an amount less than $100,000 • Presence of computer virus or worm of higher intensity
Category of Incidents: High Level • Suspected computer break-in • Denial-of-service attacks • The presence of a harmful virus or worm, which can lead to serious corruption or loss of data • Changes in hardware, software, and firmware without authentication • Destruction of property worth more than $100,000 • Theft worth more than $100,000 • Child pornography • Gambling • Illegal downloads of copyrighted material, including music, videos, and software • Other illegal file downloads • Any violations of the law
How to Identify an Incident • Suspicious log entries • System alarms from the IDS • Presence of unexplained user accounts on the network • Presence of suspicious files or unknown file extensions on the system • Modified files or folders • Unusual services running or ports opened • Unusual system behavior • Changed drive icons • Drives not accessible • More packets received than expected
How to Prevent an Incident • Scanning • Auditing • Detecting intrusions • Establishing defense-in-depth • Securing clients for remote users
Incident Management - Threat Analysis and Assessment - Vulnerability Analysis - Estimating the Cost of an Incident - Change Control
Incident Reporting - Computer Incident Reporting - Where to Report an Incident - Report a Privacy or Security Violation - Preliminary Information Security Incident Reporting Form - Why Organizations Do Not Report Computer Crimes
Incident Response - Identification of Affected Resources - Incident Assessment - Assignment of Event Identity and Severity Level - Assignment of Incident Task Force Members - Containing Threats - Evidence Collection - Forensic Analysis - Security Incident Response - Incident Response Policy - Computer Security Incident Response Team (CSIRT) - Incident Response Checklist - Response Handling Roles - Contingency Planning - Budget/Resource Allocation
Incident Handling Procedure for Incident Handling: 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Follow-up
CSIRT A computer security incident response team (CSIRT) is trained in dealing with security matters related to intrusions and incidents. The team secures networks from foreign attacks.
Types of Incidents and Levels of Support • Type and severity of the incident or issue • Type of client • Size of the user community affected • Available resources
Incident-Specific Procedures Virus and Worm Incidents 1. Isolate the system. 2. Notify the appropriate authorities. 3. Identify the problem. 4. Contain the virus or worm. 5. Inoculate the systems. 6. Return to a normal operating mode. 7. Perform a follow-up analysis.
Incident-Specific Procedures Hacker Incidents 1. Identify the problem. 2. Notify the appropriate authorities. 3. Identify the hacker. 4. Notify CERT. 5. Perform a follow-up analysis.
Steps for Creating a CSIRT 1. Obtain Management’s Support and Buy-In 2. Determine the CSIRT Development Strategic Plan 3. Gather Relevant Information 4. Design the CSIRT Vision 5. Communicate the CSIRT Vision 6. Begin CSIRT Implementation 7. Announce the CSIRT
World CERTs - APCERT (Asia Pacific Computer Emergency Response Team) - AusCERT (Australia Computer Emergency Response Team) - HKCERT (Hong Kong Computer Emergency Response Team Coordination Center) - JPCERT/CC (Japan Computer Emergency Response Team/Coordination Center) - MyCERT (Malaysian Computer Emergency Response Team - PakCERT (Pakistan Computer Emergency Response Team) - SingCERT (Singapore Computer Emergency Response Team - TWCERT/CC (Taiwan Computer Emergency Response Team/Coordination Center) - CNCERT/CC (China Computer Emergency Response Team/Coordination Center)

More Related Content

PPTX
Cyber Security # Lec 2
Kabul Education University
 
PPTX
Cyber Security # Lec 3
Kabul Education University
 
PPTX
Information security ist lecture
Zara Nawaz
 
PDF
CNIT 123: Ch 1 Ethical Hacking Overview
Sam Bowne
 
PPTX
Information Security (Malicious Software)
Zara Nawaz
 
PPTX
06. security concept
Muhammad Ahad
 
PPTX
Cryptography and Network security # Lecture 3
Kabul Education University
 
PPTX
Network Security
Joe Baker
 
Cyber Security # Lec 2
Kabul Education University
 
Cyber Security # Lec 3
Kabul Education University
 
Information security ist lecture
Zara Nawaz
 
CNIT 123: Ch 1 Ethical Hacking Overview
Sam Bowne
 
Information Security (Malicious Software)
Zara Nawaz
 
06. security concept
Muhammad Ahad
 
Cryptography and Network security # Lecture 3
Kabul Education University
 
Network Security
Joe Baker
 

What's hot (20)

PPT
Understanding the need for security measures
joy grace bagui
 
PPTX
Cryptography and Network Security # Lecture 2
Kabul Education University
 
PPTX
Industry Best Practice against DDoS Attacks
Marcelo Silva
 
PPTX
Unit4 next
Integral university, India
 
PPTX
Ethical Hacker
keriann70
 
PPTX
Security Basics
Rishi Prasath
 
PPTX
5 Security Tips to Protect Your Login Credentials and More
Community IT Innovators
 
PDF
Irm 5-malicious networkbehaviour
Kasper de Waard
 
PPTX
Introduction to Network Security
John Ely Masculino
 
PPTX
Prevention is not enough
Novosco
 
PPTX
Recover your files from Ransomware - Ransomware Incident Response by Tictac
TicTac Data Recovery
 
PPTX
Data Security
AkNirojan
 
ODP
Network Security Topic 1 intro
Khawar Nehal khawar.nehal@atrc.net.pk
 
PDF
CNIT 123: Ch 3: Network and Computer Attacks
Sam Bowne
 
PPTX
Data protection and security
nazar60
 
PDF
Cs8792 cns - unit v
ArthyR3
 
PPTX
Basic Security Concepts of Computer
Faizan Janjua
 
PDF
Introduction IDS
Hitesh Mohapatra
 
PPTX
Software Security
AkNirojan
 
PPT
Ch1 cse
bhaskard8
 
Understanding the need for security measures
joy grace bagui
 
Cryptography and Network Security # Lecture 2
Kabul Education University
 
Industry Best Practice against DDoS Attacks
Marcelo Silva
 
Unit4 next
Integral university, India
 
Ethical Hacker
keriann70
 
Security Basics
Rishi Prasath
 
5 Security Tips to Protect Your Login Credentials and More
Community IT Innovators
 
Irm 5-malicious networkbehaviour
Kasper de Waard
 
Introduction to Network Security
John Ely Masculino
 
Prevention is not enough
Novosco
 
Recover your files from Ransomware - Ransomware Incident Response by Tictac
TicTac Data Recovery
 
Data Security
AkNirojan
 
Network Security Topic 1 intro
Khawar Nehal khawar.nehal@atrc.net.pk
 
CNIT 123: Ch 3: Network and Computer Attacks
Sam Bowne
 
Data protection and security
nazar60
 
Cs8792 cns - unit v
ArthyR3
 
Basic Security Concepts of Computer
Faizan Janjua
 
Introduction IDS
Hitesh Mohapatra
 
Software Security
AkNirojan
 
Ch1 cse
bhaskard8
 
Ad

Viewers also liked (6)

PPT
Latihan7 comp-forensic-bab6
sabtolinux
 
PPT
Latihan 1 computer forensic
sabtolinux
 
PPT
Latihan8 comp-forensic-bab5
sabtolinux
 
PPT
Latihan9 comp-forensic-bab6
sabtolinux
 
PPT
Kasus cybercrime
sabtolinux
 
PPT
Latihan7 comp-forensic-bab6
sabtolinux
 
Latihan7 comp-forensic-bab6
sabtolinux
 
Latihan 1 computer forensic
sabtolinux
 
Latihan8 comp-forensic-bab5
sabtolinux
 
Latihan9 comp-forensic-bab6
sabtolinux
 
Kasus cybercrime
sabtolinux
 
Latihan7 comp-forensic-bab6
sabtolinux
 
Ad

Similar to Latihan6 comp-forensic-bab5 (20)

PDF
CNIT 50: 9. NSM Operations
Sam Bowne
 
PPT
Computer Security ch18 ppt and pentesting
JosephNketia1
 
PPTX
Introduction to Cyber Forensics Module 1
Anpumathews
 
PPTX
Threats and vulnerability , a danger to our valuable data and information.pptx
SARVSHRESTH98
 
PPTX
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
PPT
css ppt.ppt
ShivaTyagi26
 
PDF
Computer security
Mahesh Singh Madai
 
PDF
File000119
Desmond Devendran
 
PPTX
Security and control in mis
Gurjit
 
PPTX
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Knoldus Inc.
 
PPTX
Network security and firewalls
Murali Mohan
 
PPTX
Lecture 5.1.pptx
Dibyesh1
 
PPTX
BAIT1003 Chapter 11
limsh
 
PPTX
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
AlishbaAbbasi5
 
PPTX
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
PPTX
Lecture 3 security threats in data analysis.pptx
chesenybrian2022
 
PPTX
3-UnitV_security.pptx
SubhadipDutta36
 
PPTX
Cyber security for business
Daniel Thomas
 
PDF
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Falgun Rathod
 
PPTX
9 - Security
Raymond Gao
 
CNIT 50: 9. NSM Operations
Sam Bowne
 
Computer Security ch18 ppt and pentesting
JosephNketia1
 
Introduction to Cyber Forensics Module 1
Anpumathews
 
Threats and vulnerability , a danger to our valuable data and information.pptx
SARVSHRESTH98
 
Lec 1- Intro to cyber security and recommendations
BilalMehmood44
 
css ppt.ppt
ShivaTyagi26
 
Computer security
Mahesh Singh Madai
 
File000119
Desmond Devendran
 
Security and control in mis
Gurjit
 
Definitive Security Testing Checklist Shielding Your Applications against Cyb...
Knoldus Inc.
 
Network security and firewalls
Murali Mohan
 
Lecture 5.1.pptx
Dibyesh1
 
BAIT1003 Chapter 11
limsh
 
DOC-20250311-WA00nnjnnnnnnnnnnnnnnnnnn..pptx
AlishbaAbbasi5
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
Lecture 3 security threats in data analysis.pptx
chesenybrian2022
 
3-UnitV_security.pptx
SubhadipDutta36
 
Cyber security for business
Daniel Thomas
 
Threat Hunting by Falgun Rathod - Cyber Octet Private Limited
Falgun Rathod
 
9 - Security
Raymond Gao
 

Recently uploaded (20)

PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Cloud computing and distributed systems.
kkkkkhan
 
KodekX | Application Modernization Development
KodekX
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Encapsulation theory and applications.pdf
gurumoop
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Approach and Philosophy of On baking technology
30anthuong17
 

Latihan6 comp-forensic-bab5

  • 2. Introduction to Incident Handling An incident is an event or set of events that threatens the security of computing systems and networks. It includes system crashes, packet flooding, and unauthorized use of another user’s account.
  • 3. Types of Incidents Incidents can be classified as one or more of the following: • Repudiation • Reconnaissance attack • Harassment • Extortion • Pornography trafficking • Organized crime activity • Subversion • Hoax • Caveat
  • 4. Security Incidents A security incident includes the following: • Evidence of data tampering • Unauthorized access or attempts at unauthorized access from internal and external sources • Threats and attacks by an electronic medium • Defaced Web pages • Detection of some unusual activity, such as possibly malicious code or modified traffic patterns
  • 5. Security Incidents • Denial-of-service attacks • Other malicious attacks, such as virus attacks, that damage the servers or workstations • Other types of incidents that weaken the trust and confidence in information technology systems
  • 6. Category of Incidents: Mid Level • Unfriendly employee termination • Violation of special or privileged access to a computer or any computing facility that would normally only be accessible to administrators • Illegal access of the network • Unauthorized storing or processing of data • Destruction of property worth less than $100,000 • Personal theft of an amount less than $100,000 • Presence of computer virus or worm of higher intensity
  • 7. Category of Incidents: High Level • Suspected computer break-in • Denial-of-service attacks • The presence of a harmful virus or worm, which can lead to serious corruption or loss of data • Changes in hardware, software, and firmware without authentication • Destruction of property worth more than $100,000 • Theft worth more than $100,000 • Child pornography • Gambling • Illegal downloads of copyrighted material, including music, videos, and software • Other illegal file downloads • Any violations of the law
  • 8. How to Identify an Incident • Suspicious log entries • System alarms from the IDS • Presence of unexplained user accounts on the network • Presence of suspicious files or unknown file extensions on the system • Modified files or folders • Unusual services running or ports opened • Unusual system behavior • Changed drive icons • Drives not accessible • More packets received than expected
  • 9. How to Prevent an Incident • Scanning • Auditing • Detecting intrusions • Establishing defense-in-depth • Securing clients for remote users
  • 10. Incident Management - Threat Analysis and Assessment - Vulnerability Analysis - Estimating the Cost of an Incident - Change Control
  • 11. Incident Reporting - Computer Incident Reporting - Where to Report an Incident - Report a Privacy or Security Violation - Preliminary Information Security Incident Reporting Form - Why Organizations Do Not Report Computer Crimes
  • 12. Incident Response - Identification of Affected Resources - Incident Assessment - Assignment of Event Identity and Severity Level - Assignment of Incident Task Force Members - Containing Threats - Evidence Collection - Forensic Analysis - Security Incident Response - Incident Response Policy - Computer Security Incident Response Team (CSIRT) - Incident Response Checklist - Response Handling Roles - Contingency Planning - Budget/Resource Allocation
  • 13. Incident Handling Procedure for Incident Handling: 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Follow-up
  • 14. CSIRT A computer security incident response team (CSIRT) is trained in dealing with security matters related to intrusions and incidents. The team secures networks from foreign attacks.
  • 15. Types of Incidents and Levels of Support • Type and severity of the incident or issue • Type of client • Size of the user community affected • Available resources
  • 16. Incident-Specific Procedures Virus and Worm Incidents 1. Isolate the system. 2. Notify the appropriate authorities. 3. Identify the problem. 4. Contain the virus or worm. 5. Inoculate the systems. 6. Return to a normal operating mode. 7. Perform a follow-up analysis.
  • 17. Incident-Specific Procedures Hacker Incidents 1. Identify the problem. 2. Notify the appropriate authorities. 3. Identify the hacker. 4. Notify CERT. 5. Perform a follow-up analysis.
  • 18. Steps for Creating a CSIRT 1. Obtain Management’s Support and Buy-In 2. Determine the CSIRT Development Strategic Plan 3. Gather Relevant Information 4. Design the CSIRT Vision 5. Communicate the CSIRT Vision 6. Begin CSIRT Implementation 7. Announce the CSIRT
  • 19. World CERTs - APCERT (Asia Pacific Computer Emergency Response Team) - AusCERT (Australia Computer Emergency Response Team) - HKCERT (Hong Kong Computer Emergency Response Team Coordination Center) - JPCERT/CC (Japan Computer Emergency Response Team/Coordination Center) - MyCERT (Malaysian Computer Emergency Response Team - PakCERT (Pakistan Computer Emergency Response Team) - SingCERT (Singapore Computer Emergency Response Team - TWCERT/CC (Taiwan Computer Emergency Response Team/Coordination Center) - CNCERT/CC (China Computer Emergency Response Team/Coordination Center)