Emergency response methods and capabilities

Others 2021-02-26 14:20:02 views: null

table of Contents

Emergency response methods and capabilities

1) Data collection, storage and retrieval capabilities

2) Incident discovery ability

3) Incident analysis ability

4) Incident research and judgment ability

5) Incident handling capability

6) Attack source traceability

Emergency response methods and capabilities

Network security incidents occur from time to time, among which major and particularly serious network security incidents may also occur at any time. Therefore, we must make emergency preparations and establish a fast and effective modern emergency coordination mechanism to ensure that in the event of a network security incident, we can quickly organize and research based on relevant information, quickly command and dispatch relevant departments to implement emergency plans, and respond well. Avoid causing major impacts and major losses. Institutions and enterprises' cybersecurity emergency response should have the following capabilities.

1) Data collection, storage and retrieval capabilities

(1) Able to restore the full flow data protocol;

(2) Able to store the restored data;

(3) The stored data can be quickly retrieved.

2) Incident discovery ability

(1) Able to detect Advanced Persistent Threat (APT) attacks;

(2) Web attacks can be found;

(3) Data leakage can be found;

(4) The lost host can be found;

(5) Be able to find weak passwords and corporate passwords;

(6) Abnormal behavior of the host can be found.

3) Incident analysis ability

(1) Able to conduct multi-dimensional association analysis;

(2) It can restore the complete kill chain;

(3) Able to conduct in-depth analysis in combination with specific businesses.

4) Incident research and judgment ability

(1) Be able to determine the motive and purpose of the attacker;

(2) Able to determine the impact area and scope of the incident;

(3) The technique of the attacker can be determined.

5) Incident handling capability

(1) The normal operation of the business can be resumed in the first time;

(2) Able to deal with viruses and Trojan horses found;

(3) The vulnerabilities used by attackers can be repaired;

(4) The problematic machine can be strengthened safely.

6) Attack source traceability

(1) Have the ability to secure big data;

(2) Based on the existing clues (IP address, samples, etc.), the attacker's attack path, attack method and back organization can be restored.

Guess you like

Origin blog.csdn.net/weixin_43650289/article/details/113757428
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com