Download as PDF
Blog Article
Incident Response Triage - Eradication, Recovery and Lessons Learned
This is part two of a two-part blog set covering an overview of the Incident Response life-cycle. In response to an incident, the next life-cycle steps that follow the containment stage are the remediation steps; eradication of the threat, recovery of systems and lessons learned. This second article focuses on each of these stages, highlighting the important areas to consider within the remaining life-cycle steps.
Blog Article
Incident Response Triage – identifying, scoping and containing an incident
Blog Article
Running traditional flat networks is now an ageing model and it is an outdated assumption that everything on the inside of an organization’s network should be trusted.[1] By segmenting a network and applying appropriate controls, we can break a network into a multi-layer structure that hinders threat agents or actions from reaching hardened systems and restricts their movement across the network.
Blog Article
These statistics only relate to information collated by Janet CSIRT and do not provide an accurate sample of security activity across the research and education sectors. The figures are frequently more closely correlated to the activity of CSIRT and our detection of events rather than their actual rates of incidence.
For example: a successful investigation by researchers into a botnet will cause that month's malware figures to rise even though the malware may have been active in previous months.
Blog Article
The environment that Janet CSIRT works in is changing. Almost a decade ago, most of the incidents we dealt with would start with a complaint emailed to us by a human; this would result in a team member having five or ten open incidents, maybe even twenty on a busy day. Nowadays the majority of information we receive is sent to us from automated systems run by third parties; this means that much of our current work is relaying this information and chasing acknowledgements to and from customers.
Blog Article
Janet CSIRT are a member of a global non-profit organisation called the Forum of Incident Response and Security Teams, or FIRST. There are a number of FIRST member events throughout the year including an annual conference.
Blog Article
Andrew's recent post on the legal issues of cleaning up after botnet infections has prompted me to write something about how the way that Janet CSIRT operates helps with these issues in our community.
Blog Article
These statistics only relate to information collated by Janet CSIRT and do not provide an accurate sample of security activity across the research and education sectors. The figures are frequently more closely correlated to the activity of CSIRT and our detection of events rather than their actual rates of incidence.
For example: a successful investigation by researchers into a botnet will cause that month's malware figures to rise even though the malware may have been active in previous months.
Blog Article
These statistics only relate to information collated by Janet CSIRT and do not provide an accurate sample of security activity across the research and education sectors. The figures are frequently more closely correlated to the activity of CSIRT and our detection of events rather than their actual rates of incidence.
For example: a successful investigation by researchers into a botnet will cause that month's malware figures to rise even though the malware may have been active in previous months.
Blog Article
Thanks to the generosity of my host, AusCERT, I’ve been able to spend this week in Queensland at AusCERT’s annual conference. Whilst not part of the Australian NREN AARNet, AusCERT fulfils a similar role to Janet CSIRT and provides incident response services to the Higher Education sector in Australia.
Prev | Next