Latest reports from across the internet about a bad update from McAfee. We have seen this kind of mess-up happening every now and then. No AntiVirus is 100% foolproof. There might be updates that cause performance issues, some delete files due to an odd signature. One reason why I always suggest clients to invest in a testbed environment so that what ever the updates are be it OS Patches, Policy changes or AV Updates. All changes go through this environment which makes it easy to spot problems and it later helps when your machines are still working fine and your competitors are not.
Below are some points I would like to mention about the deploying updates or changes of any kind.
1) When to updates: Every company has to take a call as to when they want to deploy patches or updates. They should not just go ahead and deploy updates just because the vendor has published them. A thorough testing needs to be done and the update has to pass internet audit checks. Companies are apply these patches after 8-24hours after they have been published because during this time many of them would have already installed and tested it and if it is going to open a Pandora's box you still have the lead. Some of you might disagree as too 24hrs is a long time for somebody to hack into the systems and steal data but friends. Every company has to take a decision based on CIA what is acceptable and what is not.
2) A Backup Plan: Another very important point is to always be ready with a backup plan. What if you have deployed it and something went wrong, you need to know what to do if the latest change fails and you should be able to revert back to a working condition as fast as possible.
3) Workaround Solution: Good to know a workaround solution if any for the updates being pushed to clients. This helps because sometimes workarounds are easier than deploying patches. For eq. closing a port on a firewall or a change in Group Policy.
4) Testbed Environment: A company should invest in keeping up a testbed environment which is used to deploy and test updates, patches and changes of any kind. This environment should be kept up and should be stable as to replicate the current company systems to ensure any issue with the changes are caught before they are pushed to thousands of clients.
Every company needs to take this decision, there are costs and extra processes involved but no company can afford a downtime so careful planning has to be done.
Abhishek
Showing posts with label incident. Show all posts
Showing posts with label incident. Show all posts
Sunday, April 25, 2010
Monday, November 23, 2009
Microsoft report says more worms, vista better, file formats security
Microsoft has released their latest Security Intelligence Report (SIR).
Some of the Top Highlights of the report are :
1. Large increase in Worm Infection.
2. Vista was less compromised than Windows XP machines.
3. Phishing and Automated SQL Injection Attempts are on rise.
4. Browser Based Exploits are increasing.
You can get the report @ MS Threat Center
Some of the Top Highlights of the report are :
1. Large increase in Worm Infection.
2. Vista was less compromised than Windows XP machines.
3. Phishing and Automated SQL Injection Attempts are on rise.
4. Browser Based Exploits are increasing.
You can get the report @ MS Threat Center
Microsoft COFEE Leaked Download Toolkit
had earlier written about Microsoft's COFEE. COFEE utilities are a set of computer forensics and auditing tools that Microsoft had put on a USB drive and provides it to law enforcement for use in trying to extract info from a computer. There was some fear that it was a "back door," but people insisted it was no such thing, but just a collection of basic tools. Still, the fact that the system was promoted as being useful for decrypting passwords and analyzing a computer's data and internet activity seemed troubling. We noted that if Microsoft was giving it out to law enforcement, it seemed likely that others would have access to it as well.
This is one of the best thing that has happened for Forensics Community, To be frank we all wanted it. We wanted to see whats up with this tool from Microsoft. Now I am happy that we have access to it. To see what MS has done in this Incident Response and Data Collection toolkit. I have downloaded and currently reviewing the toolkit. Things look good as for now. Well incase you guys too wanna download Microsoft's COFEE Forensics Toolkit
One thing, I would like to say thanks to Microsoft for making and thanks to the folks leaking it online..
Cheers to All of you
This is one of the best thing that has happened for Forensics Community, To be frank we all wanted it. We wanted to see whats up with this tool from Microsoft. Now I am happy that we have access to it. To see what MS has done in this Incident Response and Data Collection toolkit. I have downloaded and currently reviewing the toolkit. Things look good as for now. Well incase you guys too wanna download Microsoft's COFEE Forensics Toolkit
One thing, I would like to say thanks to Microsoft for making and thanks to the folks leaking it online..
Cheers to All of you
Friday, October 23, 2009
Latest email phishing scam and the pattern of users passwords
A list of 10,000 users was posted online from a phishing scam to pastebin.com website. Initally it was thought that only microsoft's hotmail was compromised but later more details emerged and the results are more shocking there was a lot more than hotmail accounts, the compromised accounts in the second list were from various email providers including Yahoo, Gmail, Comcast and AOL.
One thing is sure, both the leaked lists were not just a small kiddie trick it looks like an organized phishing scam against the major eMail providers. Whatever it was the fault is of the users, they use easy to guess passwords and don't pay attention where they are entering their data and on what websites.
Some of the trends were drawn by accunetix from the leaked email lists is intresting.
The top 20 most common passwords from the list
1. 123456 - 64
2. 123456789 - 18
3. alejandra - 11
4. 111111 - 10
5. alberto - 9
6. tequiero - 9
7. alejandro - 9
8. 12345678 - 9
9. 1234567 - 8
10. estrella - 7
11. iloveyou - 7
12. daniel - 7
13. 000000 - 7
14. roberto - 7
15. 654321 - 6
16. bonita - 6
17. sebastian - 6
18. beatriz - 6
19. mariposa - 5
20. america - 5
Password length distribution
1 chars – 2 – 0%
2 chars – 4 – 0%
3 chars – 4 – 0%
4 chars – 31 – 0%
5 chars – 49 – 1%
6 chars – 1946 – 22%
7 chars – 1254 – 14%
8 chars – 1838 – 21%
9 chars – 1091 – 12%
10 chars – 772 – 9%
11 chars – 527 – 6%
12 chars – 431 – 5%
13 chars – 290 – 3%
14 chars – 219 – 2%
15 chars – 157 – 2%
16 chars – 190 – 2%
17 chars – 56 – 1%
18 chars – 17 – 0%
19 chars – 7 – 0%
20 chars – 14 – 0%
The pattern does tell us that Alexander is one of the most famous password in spanish language.
Read more...
One thing is sure, both the leaked lists were not just a small kiddie trick it looks like an organized phishing scam against the major eMail providers. Whatever it was the fault is of the users, they use easy to guess passwords and don't pay attention where they are entering their data and on what websites.
Some of the trends were drawn by accunetix from the leaked email lists is intresting.
The top 20 most common passwords from the list
1. 123456 - 64
2. 123456789 - 18
3. alejandra - 11
4. 111111 - 10
5. alberto - 9
6. tequiero - 9
7. alejandro - 9
8. 12345678 - 9
9. 1234567 - 8
10. estrella - 7
11. iloveyou - 7
12. daniel - 7
13. 000000 - 7
14. roberto - 7
15. 654321 - 6
16. bonita - 6
17. sebastian - 6
18. beatriz - 6
19. mariposa - 5
20. america - 5
Password length distribution
1 chars – 2 – 0%
2 chars – 4 – 0%
3 chars – 4 – 0%
4 chars – 31 – 0%
5 chars – 49 – 1%
6 chars – 1946 – 22%
7 chars – 1254 – 14%
8 chars – 1838 – 21%
9 chars – 1091 – 12%
10 chars – 772 – 9%
11 chars – 527 – 6%
12 chars – 431 – 5%
13 chars – 290 – 3%
14 chars – 219 – 2%
15 chars – 157 – 2%
16 chars – 190 – 2%
17 chars – 56 – 1%
18 chars – 17 – 0%
19 chars – 7 – 0%
20 chars – 14 – 0%
The pattern does tell us that Alexander is one of the most famous password in spanish language.
Read more...
Tuesday, September 8, 2009
X-Force Threat Insight Report Q2 2009
This edition of the X-Force Threat Insight Report provides an exhaustive list of security alerts, breaches and the most commonly seen threats in Q2 2009. It also delivers two new and insightful articles by IBM ISS researchers. The first article assesses one of the more serious threats of 2009, Conficker. The Conficker worm family has evolved into a massive sophisticated malicious botnet arsenal and infrastructure of millions of compromised hosts. Learn what actions your organization can take to mitigate this threat.
The second article discusses Internet fraud schemes, specifically, Advance Fee schemes and Romance scams. These schemes, which are costing victims billions of dollars, exploit human emotions and use social engineering to lead people to make decisions based on their feelings rather than on the facts or logic of the situation. Report
-Abhishek
The second article discusses Internet fraud schemes, specifically, Advance Fee schemes and Romance scams. These schemes, which are costing victims billions of dollars, exploit human emotions and use social engineering to lead people to make decisions based on their feelings rather than on the facts or logic of the situation. Report
-Abhishek
IT Sector Baseline Risk Assessment Report
A report from the U.S. Department of Homeland Security presents several scenarios in which well chosen attacks against key IT infrastructure elements could cause disruptions on a national scale. But the document also offers a surprisingly sunny assessment of the resilience and redundancies within the IT sector to mitigate the risk of such disruptions.
The 114-page report, released Tuesday, titled the "IT Sector Baseline Risk Assessment," was a joint effort between the DHS and the Information Technology Sector Coordinating Council (IT SCC). It is designed to give planners in the IT sector and in government a way to identify high-consequence risks and strategies for addressing them.
The report examines risks to six critical areas in the IT sector: IT supply chain, domain-name resolution services, identity management and trust support services, Internet-based content and communications services, Internet service and routing providers, and providers of incident response services. Read the Report.
-Abhishek
The 114-page report, released Tuesday, titled the "IT Sector Baseline Risk Assessment," was a joint effort between the DHS and the Information Technology Sector Coordinating Council (IT SCC). It is designed to give planners in the IT sector and in government a way to identify high-consequence risks and strategies for addressing them.
The report examines risks to six critical areas in the IT sector: IT supply chain, domain-name resolution services, identity management and trust support services, Internet-based content and communications services, Internet service and routing providers, and providers of incident response services. Read the Report.
-Abhishek
Monday, September 15, 2008
Security Incident Analysis Report
You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
Security Incident Analysis Report
You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
Security Incident Analysis Report
You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
Security Incident Analysis Report
You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
Security Incident Analysis Report
You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
Security Incident Analysis Report
You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
Security Incident Analysis Report
You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
Security Incident Analysis Report
You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
Security Incident Analysis Report
You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
Security Incident Analysis Report
You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
Security Incident Analysis Report
You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
Security Incident Analysis Report
You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
What matters the most to CXO's when dealing with Incidents:
1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.
The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.
There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.
So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz
Subscribe to:
Posts (Atom)