Please identify a Process that is utilized within SOC Environment, and please explain why you feel that it is the most one?
Incident Response and Intrusion management has a lot to do with Information. As far as cyber security is concerned its about LOGS.
What strategy would utilize in terms Logs. Log Everything, Selectively Log, or something else. Please provide your views on this important topic!
Term Paper: Changed from 7/10 -> 7/17
Quiz 2 – Change from 7/17 -> 7/23
Short Paper 3 will change from 7/23 -> 7/30
Presentation will remain.
Modern day networks are no longer static, they are continuously morphing with a mobile workforce and presence of data everywhere. How can organizations monitor the environment for onslaught of threats and endless attack vectors. Provide some comments and insights on where you would start with your IDS implementation strategy?
When it comes to IDS, there are various things to consider: Host – IDS (HIDS) vs Network IDS (NIDS). There is also Signature Based vs Anomaly Based. And finally IDS vs IPS. How does one figure out figure out what to use and when? Provide your views on the various IDS techniques and what is the best approach to working through them?
Since Packet capture is an integral part of Intrusion Management strategy, the question remains, what factors influence an organizations Packet Capture strategy? Please provide some insight into some of these factors and why they are or are not relevant?
Yesterday’s article in the NY Times is an example of why it’s important to have legal expertise on your IRT. A settlement can be extremely costly, and you want to do everything you can to mitigate that cost from the first moment an incident is reported.
What are the similarities and differences from the following groups (Help Desk, SOC, CERT, CIRT, etc) within an enterprise?
The past week we show an intensive Ransomware attack on the global scale. Assume your organization was a victim of such attack? Would you pay the ransom, Why or Why Not?