User:Robbinsm1/sandbox

This is a user sandbox of Robbinsm1. You can use it for testing or practicing edits.
This is not the sandbox where you should draft your assigned article for a dashboard.wikiedu.org course.
To find the right sandbox for your assignment, visit your Dashboard course page and follow the Sandbox Draft link for your assigned article in the My Articles section.

Get Help

Topics for SOC-160 class

Evaluating an article

Information security

Content

Overall the article does a good job of presenting Infosec. There are two areas that need to be evaluated, however. The section change management has parts that have been copy pasted. Also, incident response plans need to be further explained.

Tone

The tone of the article is good. It does keep a neutral position and only offers information not opinion. Parts of the article do not have much explanation except for bullet points. It needs to have some of those parts to be expanded.

Sources

I spot checked six random sources. The links all worked and took me to the information that was cited.

Talk

Most of the talk page is appropriate conversation around sourcing and minor edits. There are parts of the conversation that have become pandering instead of informational. The article is of importance to the Wikiproject computer science.

Assignment 5

Information security

https://www.iltanet.org/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=966e76a0-5664-43b6-9f3e-fa0540055508&ssopc=1

^[1]

^ "Iltanget.org". iltanet.org. 2015.

/sandbox

Incident response plans

Incident response plans are an important part of information security. When the policies in place fail to prevent a security breach, it is important to ensure that a plan is ready to handle the repercussions. It is important to note that there can be legal implications to a data breach. Knowing local and federal laws is critical, and having a lawyer as a member of the team is a best practice. The lawyer can help guide the team around the laws that are in place that have to be followed. ^[1]

An efficient plan should Include the following^[2]:

Preparation

Good preparation includes the development of an Incident Response Team. This team should possess the skills needed to respond to threats if they occur. Some skills need would could be, penetration testing, computer forensics, network security, etc. This team should also keep track of trends in cybersecurity and modern attack strategies. A training program for end users is important as well as most modern attack strategies target users on the network. ^[2]

Identification

This part of the incident response plan identifies if there was a security event. When an end user reports information or an admin notices irregularities, an investigation is launched. An incident log is a crucial part of this step. All of the members of the team should be updating this log to ensure that information flows as fast as possible. If it has been identified that a security breach has occurred the next step should be activated.^[3]

Containment

In this phase, the IRT works to isolate the areas that the breach took place to limit the scope of the security event. During this phase it is important to preserve information forensically so it can be analyzed later in the process. Containment could be as simple as physically containing a server room or as complex as segmenting a network to not allow the spread of a virus. ^[4]

Eradication

This is where the threat that was identified is removed from the affected systems. This could include using deleting malicious files, terminating compromised accounts, or deleting other components. Some events do not require this step, however it is important to fully understand the event before moving to this step. This will help to ensure that the threat is completely removed. ^[4]

Recovery

This stage is where the systems are restored back to original operation. This stage could include the recovery of data, changing user access information, or updating firewall rules or policies to prevent a breach in the future. With out executing this step, the system could still be vulnerable to future security threats. ^[4]

Lessons Learned

In this step information that has been gathered during this process is used to make future decisions on security. This step is crucial to the ensure that future events are prevented. Using this information to further train admins is critical to the process. This step can also be used to process information that is distributed from other entities who have experienced a security event. ^[5]

References

^ Cite error: The named reference :1 was invoked but never defined (see the help page).
^ ^a ^b Leonard, Wills (2019). A Brief Guide to Handling a Cyber Incident. <http://search.ebscohost.com.rcbc.idm.oclc.org/login.aspx?direct=true&db=aph&AN=136883429&site=ehost-live>. pp. 17–18. {{cite book}}: External link in |location= (help)CS1 maint: location (link) CS1 maint: location missing publisher (link)
^ Erlanger, Leon (2002). Defensive Strategies. PC Magazine. p. 70.
^ ^a ^b ^c "Computer Security Incident Handling Guide" (PDF). Nist.gov. 2012.
^ He, Ying (December 1, 2017). "Challenges of Information Security Incident Learning: An Industrial Case Study in a Chinese Healthcare Organization". Informatics for Health and Social Care. 42 (4): 394–395. doi:10.1080/17538157.2016.1255629. PMID 28068150. S2CID 20139345 – via Ebscohost.

[:1-1] "Iltanget.org". iltanet.org. 2015.

[:1-2] Cite error: The named reference :1 was invoked but never defined (see the help page).

[:0-3] Leonard, Wills (2019). A Brief Guide to Handling a Cyber Incident. <http://search.ebscohost.com.rcbc.idm.oclc.org/login.aspx?direct=true&db=aph&AN=136883429&site=ehost-live>. pp. 17–18. {{cite book}}: External link in |location= (help)CS1 maint: location (link) CS1 maint: location missing publisher (link)

[4] Erlanger, Leon (2002). Defensive Strategies. PC Magazine. p. 70.

[:2-5] "Computer Security Incident Handling Guide" (PDF). Nist.gov. 2012.

[6] He, Ying (December 1, 2017). "Challenges of Information Security Incident Learning: An Industrial Case Study in a Chinese Healthcare Organization". Informatics for Health and Social Care. 42 (4): 394–395. doi:10.1080/17538157.2016.1255629. PMID 28068150. S2CID 20139345 – via Ebscohost.

[1]

[1]

[2]

[3]

[4]

[5]