Artificial Intelligence: A Force for Good

  Artificial intelligence (AI) is a rapidly developing technology with the potential to revolutionize many aspects of our lives. While there are some concerns about the potential negative impacts of AI, there are also many ways that it can be used for good. Here are some examples of how AI is being used for good: Healthcare: AI is being used to develop new drugs and treatments, improve diagnosis and treatment of diseases, and provide personalized healthcare. For example, AI-powered systems are being used to analyze medical images and data to detect cancer and other diseases earlier and more accurately than ever before. Education: AI is being used to personalize learning, provide real-time feedback, and help students learn at their own pace. For example, AI-powered tutors can provide personalized feedback to students on their homework and help them identify areas where they need additional help. Environment: AI is being used to monitor and protect the environment. For exampl

Phases of Incident Response and How They Impact a Company.

Hello, and Welcome to my blog!

 This week we will be looking at the phases of Incident Response and how they may impact a company.

 What is an Incident Response?

An incident response plan is well a documented, written plan with six distinct phases that help IT professionals and staff identify and deal with a cybersecurity incident, such as a data breach or cyberattack. Properly create and manage an incident response plan that involves regular updates and training. 

 The plan contains six phases: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned.

 Preparation 

This phase will be the main workhorse of the Incident Response plan and the most crucial phase to protect your business. The response plan should be well documented and thoroughly explains everyone’s roles and responsibilities. It is best to test the said plan as practice makes perfect and prepared if something was to occur.

 Identification

This is where a determination will be made whether you have been breached. As a breach or incident, could happen from different areas, it is best to address some questions to determine best the next course of action, such as When did the event happen? How was it discovered? Who discovered it? How will it affect the operation? Have any areas been impacted? And Has the source of the event been found?

 Containment

 When a breach is first discovered, your initial instinct may be to delete everything to get rid of it securely. However, that will likely hurt you in the long run since you’ll be destroying valuable evidence that you need to determine where the breach started and devise a plan to prevent it from happening again.

 Instead, contain the breach, so it does not spread and cause further damage to your business. If you can, disconnect affected devices from the Internet. Have short-term and long-term containment strategies ready. It is also good to have a redundant system back-up to help restore business operations. That way, any compromised data is not lost forever.

 This is also an excellent time to update and patch your systems, review your remote access protocols, change all user and administrative access credentials, and harden all passwords.

 

Eradication

 Once the issue has been contained, the next step is to eliminate the breach's root cause. This involves removing any malware found, system hardened and patched, and updates should be applied. If any malware traces or any security issues still linger, the odds of losing valuable data and liability could increase.

 

Recovery

This is the process of restoring and returning affected systems and devices into your business environment. During this time, it is essential to get your systems and business operations up and running again without the fear of another breach.

 

Lessons Learned

Once the investigation is complete, hold an after-action meeting with all Incident Response Team members and discuss what you have learned from the data breach. This is where you will analyze and document everything about the breach. Determine what worked well in your response plan, and where there were some holes. Lessons learned from both mock and real events will help strengthen your systems against future attacks.

 As you can see, there is a lot that goes into creating the incident response plan. It is essential to see that these types of plans are there to help guide you and your team to respond appropriately in the event of a security breach. These plans have their weight in gold, as being prepared is only part of the battle.

 If you would like to know more about the subject, please see the links below to learn more. Also, was there anything I may have left out? If so, please feel free to leave a comment below. I would love to hear from you!

  What is an incident response?

 6 Phases in the incident response plan

Reference

DAVID ELLIS. (n.d.). 6 phases in the incident response plan. SecurityMetrics. https://www.securitymetrics.com/blog/6-phases-incident-response-plan

Margaret Rouse. (2019, June 28). What is incident response? Definition from WhatIs.com. SearchSecurity. https://searchsecurity.techtarget.com/definition/incident-response

Updated: 8/26/2020

Comments

Popular posts from this blog

What Makes a Security Plan?

Public vs. Private Clouds: A quick look at the Pros and Cons

The Differences between Hubs, Bridges, and Switches, and which one I would recommend using in your home or office