Security Knowledge

Incident Response

• Honey pots to attract

• employee should know whereabout of the vital information
  Mutual trust between employee

• Some strange thing happened

  • Preparation - Trained response team
  • Identification - Awareness of what incidence may happen
  • Containment - System removed from production
  • Eradication - Restore from back-up, forensic analysis
  • Recovery - Test the fixes, get the system to run again
  • Lesson Learnt

CISSP - Incident Response Plan

Threat Modelling

• base on architectures - such as email server, interval server...
• base on asset - important asset for the firm, such as user data
• attacker - whether from internal or external source

IOC - Indicator of compromise
IOA - Indicator of attack - before or during attack