PANIC: HOW TO RESPOND TO INCIDENT

  • We encourage our users to use Real Names to build a real community, friendships and networking opportunities.

    [more information]

Nurul

New Member
Oct 27, 2017
9
0
#1
Hello!

The organization should know the tips or procedure to responding to the incident related with cyber-crime or cyber-attack that may attack their sensitive and confidential information.

My question is, what is the action should be taken by the individual or organization to respond on incident that related with cyber-crime or cyber-attack?

Your concern benefit to other. Thank you :eek:.
 

prof

New Member
Feb 14, 2005
18
0
#2
Hi Nurul,

first and almost - don't panic! Panic is not your friend if you have been compromised.

It is impossible to give an answer in general. It depends on the special case.

Where are you from? Can you give an example - an anonymous one of cause. :wink:

Greetings

prof
 

Nurul

New Member
Oct 27, 2017
9
0
#3
Thank Prof,

What if, one of the internet provider has been attacked by the unknown attacker. That causes the interference of the customer’s internet of that provider. There are several techniques used by attacker to disturb the network. As a result, the attacker target the critical infrastructure after organization provides additional information about attacker. From this situation, the DNS provider should aware on this threat and know on how to respond to the incident.

What the organization should do to response to incident like this case? :roll:
 

prof

New Member
Feb 14, 2005
18
0
#4
Hi Nurul,

in general - it is correct that the provider has to be secured against such incidents.

But . . .

It depends on the exact words in the contract with the provider. Some national rights are also concerned. This was the reason of my question about where are you from. I'm located in Germany. So I can only give an exact answer about the rights in our country - except the GDPR. But these articles are "hot" at Mai 25th in 2018.

As you can see I only can give you an answer in detail with an information about your location.

By the way the affected company should have a closer look into the contract with the provider. If available the administrator can grep through the log files on the server.

I hope this will help you a bit. If you need a detailed answer use the pm please.

Greetings prof
 

prof

New Member
Feb 14, 2005
18
0
#6
You are welcome.

I'm sorry, if you are located in the EU or USA maybe I could help you. But in this case . . .

Greetings

prof
 

About us

  • Our community began in 2004. Since this time, we have grown to have over 29,000+ members within the DFIR & Cyber Security community.

    We are happy to announce that this forum is now under new ownership with the goal to once again become the main Digital Forensics Forum on the internet for DFIR, OSINT and Cyber Security.

    If you can think of ways to help us improve, please let us know.

    We pride ourselves on offering unbiased, critical discussion among people of all different backgrounds.

    We are working every day to make sure our community is one of the best.

Quick Navigation

User Menu