New PPTX mittre attack Presentation.pptx

esaabren 11 views 15 slides Mar 05, 2025
Slide 1
Slide 1 of 15
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15

About This Presentation

Mittre Attack

Size: 148.8 KB
Language: en
Added: Mar 05, 2025
Slides: 15 pages

Slide Content

6.6 Create a Data Backup Plan Objective: Outline a simple data backup plan for personal or organizational data. Tasks: Identify critical files and data that need to be backed up. Choose a backup method (e.g., cloud storage, external hard drive). Specify a backup schedule (daily, weekly, monthly). solution A data backup plan is a set of strategies and procedures defined to protect and preserve an organization’s or individual’s digital data by copying it to a physical medium or online. A Data Backup Plan is a structured strategy to ensure the safety and recoverability of critical data. Ojactive of Data backup plan Ensure data integrity and recoverability. Minimize downtime in the event of data loss. Comply with regulatory and business requirements.

1. Identification of Critical Data Categories of Data to Back Up: 1. Personal Files: Documents (e.g., resumes, contracts, financial records). Photos and videos (family memories, events). Emails and contacts. 2. Organizational Files: Customer data (databases, CRM records). Financial records (budgets, invoices). Project files (designs, reports, presentations). Business-critical applications and configuration files. Data Prioritization: Tier 1: High-priority data essential for operations (e.g., financial data, customer information). Tier 2: Medium-priority data useful for efficiency but not mission-critical (e.g., archived projects). Tier 3: Low-priority data, such as older files and redundant information.

2 . Backup Methods Cloud Storage :Cloud storage is a service that allows users to store and access data on remote servers over the internet.Backups stored in online platforms like Google Drive, Dropbox... External Hard Drive: Physical storage devices such as HDDs or SSDs Network-Attached Storage (NAS) : Centralized device on a local network for storing and accessing backups. Hybrid (Cloud + Local) :Combination of local (external drive or NAS) and cloud backup for redundancy. 3.Backup Schedule: A Backup Schedule is a structured plan that outlines how often and when data backups should occur. It ensures that critical data is backed up regularly to minimize data loss and downtime during unexpected events. backup type Daily Backups:A daily backup plan is a pre-defined schedule that specifies when and how often to back up data. Data Type:Critical files example of this cretical files are:-financial data, customer information...

Weekly Backups: A weekly backup plan is a data backup schedule that backs up files that were created or modified during the previous week. example:- Medium-priority data useful for efficiency but not mission-critical (e.g., archived projects). Monthly Backups: A monthly data backup plan is a set of strategies and procedures for protecting and preserving digital data by copying it to a physical medium or online on a monthly basis Example:- Low-priority data, such as older files and redundant information. 4.Implementation Steps Select Backup Tools: Local Stora ge: Purchase external hard drives (minimum twice the size of the data volume). Organize Data: Categorize files into folders based on priority " Medium-Priority” Set Up Backup Software: Windows Backup Schedule and Automate: weekly backups Test Recovery Process:Perform periodic recovery tests to ensure backups are functional and up to date.

END OF ASSIGNMENT 1

ASSIGNMENT 2 Questions 6.7 Scenario Role-Play Objective: Understand the basics of incident response through a role-playing exercise. Tasks: Create a simple incident scenario (e.g., a data breach or malware infection). Assign roles (e.g., incident response team, affected users) to participants. Discuss how each role would respond to the incident and the steps to take. solution Incident Response Scenario Role-Play Objective To simulate a cybersecurity incident response process and enhance understanding of roles, responsibilities, and effective measures to handle an incident

Scenario: Malware Infection in a Company Network Description: An employee unknowingly downloads a malicious email attachment, causing ransomware to encrypt files on their computer and spread to shared network drives. The attackers demand payment to decrypt the files. basice example WannaCry, ransomware, 2017 One of the worst ransomware attacks in history goes by the name of WannaCry, introduced via phishing emails in 2017. The threat exploits a vulnerability in Windows. It’s estimated that more than 200,000 people have been reached worldwide by WannaCry, including hospitals, universities and large companies, such as FedEx, Telefonica, Nissan and Renault. The losses caused by WannaCry exceed USD 4 billion

1.Assigned Roles Incident Response Team (IRT):An Incident Response Team (IRT), also known as a Cybersecurity Incident Response Team (CIRT), is a specialized group within an organization responsible for managing and responding to cybersecurity incidents and breaches. Their primary goal is to mitigate the impact of incidents, minimize downtime, and restore normal operations as quickly and safely as possible. IT Team:An (Information Technology Team) is a group of professionals within an organization responsible for managing and maintaining the technology infrastructure, ensuring the smooth operation of hardware, software, networks, and systems that support business processes. The team may be divided into subgroups based on their specialized functions. Affected Users:Reports the issue to IT, avoids further interaction with infected systems, and assists in investigations. Executive Team:Provides decision-making authority for escalation, including legal and financial considerations. Legal/ComplianceTeam: Evaluates potential regulatory obligations and legal risks. Advises on breach notifications.

Role-Play Steps and Responses flow National Institute of Standards and Technology (NIST)

2. Role-Play Steps and Responses Step 1: Detection and Reporting Affected User: Reports inability to access files due to encryption and ransom demand message to the IT team immediately. Avoids interacting with infected systems to prevent further spread. Step 2: Analysis and Identification IT Team: Confirms the presence of ransomware by examining logs and investigating the infected system. Notifies the Incident Response Team (IRT). Incident Response Team (IRT): Collects evidence (e.g., screenshots, ransom note, logs). Identifies entry points and scope of infection. Step 3: Containment

 IRT and IT Team: Isolates infected devices from the network to prevent further propagation.  Disables shared drive access temporarily. Step 4: Eradication IRT and IT Team: Removes malware using antivirus/anti-malware tools and ensures no traces remain. Closes vulnerabilities (e.g., patches unpatched systems). Step 5: Recovery IT Team: Restores files from the most recent clean backups.  Monitors systems for residual malicious activity. Affected Users: Verifies restored files and resumes operations. Step 6: Communication

Step 6: Communication Executive Team: Approves internal and external communications (if required).  Collaborates with Legal/Compliance to address regulatory requirements. Legal/Compliance Team: Determines whether breach notification laws apply and advises accordingly. Step 7: Lessons Learned IRT: Conducts a post-incident review.  Identifies gaps in security processes and recommends improvements. Executive and IT Teams: Approve updated security policies and schedule training sessions. 3. Key Takeaways from the Role-Play Key takeaways from a role-play exercise involving an IT or cybersecurity scenario can provide valuable insights into team performance, preparedness, and areas for improvement.

1. Importance of Early Detection and Reporting: Prompt action by the affected user limited the spread of the ransomware. 2. Collaboration Across Teams: Effective communication between IRT, IT, and Legal/Compliance teams ensured a swift and coordinated response. 3. Backup and Recovery Plans: The availability of clean backups was critical for recovery without paying the ransom. 4. Incident Communication: Clear and timely communication minimized confusion and maintained stakeholder trust. 5. Post-Incident Improvements: Regular training and updated security measures, such as phishing awareness campaigns and stricter access controls, were highlighted as essential steps to prevent future incidents.

Summary The role-play exercise emphasized the importance of preparation, coordination, and proactive measures in responding to cybersecurity incidents. By assigning clear roles, maintaining robust backup systems, and conducting post-incident reviews, organizations can minimize the impact of cyber threats and strengthen overall security posture.

THANK’S
Tags
mitre
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 11
  • Slides 15
  • Age 273 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
30 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views
View More in This Category