Respond to the following in a minimum of 175 words:
Research different types of malware, looking at specific examples and how they affected an organization. List examples of malware that pose threats to individuals or companies and their attack vectors.
Discuss how companies or individuals can protect themselves from these malware examples
In 100 words reply to one of the classmates post below
7/9/19, 6:03 PM
As large organizations attempt to tackle greater security and compliance challenges, they have begun to rely upon security playbooks to create operative alert systems. These playbooks play a crucial role in reducing organizational reaction time in the case of security breaches or data outages, and even empower employees to act proactively, and in some cases, circumvent the occurrence of incidents. Proper playbooks have an almost limitless range of customization. Playbooks, sometimes called “runbooks” are now a vital part of the enterprise work tools for security technicians and managers. When alerts come in, employees can take immediate action, given that the playbook is reliable and precise in the protocols established and the information passed along.
There are now, many different companies that cater specifically to the enterprise community. These companies, create playbooks for a variety of incidents that could impact their clients’ resilience to security events if they are not equipped. The purposes of the security playbooks are to provide all members of their clients’ organization with a strong understanding of their individual responsibilities. After creation of these tailored and custom cybersecurity standards enterprise clients can now accept best-practices before, during, and after a security incident.
7/9/19, 1:11 PM
A Runbook is an archive of processes relating to the operations and maintenance of a system. It also contains instructions for handling security contingency plans and special requests. By having a set of standards in place that anyone with the correct prerequisite knowledge can access the system can be run smoothly and predictably. Doing so helps the network security environment run without incident and provides privacy to the network users. Such routine steps and policies enforce a secure environment by making sure all operating users are aware of each step needed to keep the network up and running. This is important if there is ever an incident that may compromise network security, by following the guidelines set in the Playbook security can be enforced and prevent any user from compromising the system any further. Such policies may seem silly sounding but they can be very important for enforcing operations, such as not downloading any unapproved files, regularly cleaning email inboxes, or even a simple password change every few months or so. These are the RUnbook rules that help keep a network safe and secure.
7/13/19, 8:08 PM
From what I read and understood, a Playbook is a checklist of required steps and actions responding to a specific incident type and threat successfully, while a Run-book is a series of conditional steps to perform actions, such as data enrichment, threat containment and sending notifications automatically as part of the incident response or security operations process. Together, they provide users with adjustable ways to coordinate even the hardest security workflows. A combination of both may be used to document different security processes depending on the best fit solutions for each process or procedure that is being documented. Policies are important for enforcing security, since they ensure the proper flow of a process and procedure as well as organization. Policies are put in place as a way to organize companies and build structure; although they are managed by mostly IT personnel, they work best when the entire workforce, not just IT, manages and adheres to it 100% of the time.
7/12/19, 1:38 AM
Great answers all around! My understanding of a Cybersecurity Playbook/Runbook is that it is a universal plan used by all members of an organization that provides information on how to prepare for a threat attack, how to mitigate one, and how to deal with the aftermath. This is similar to any emergency procedure for a disaster or attack (e.g., fire, earthquake, mass shooting), in which employees are routinely prepped through training and practice. A Playbook is critical for keeping all members “on board” with protocol, ensuring a fast and organized reaction in a time of crisis.
A Playbook will include security policies that highlight the what, when, where, why, and how regarding protection against employees and company assets (data and information). Enforcing policies and disseminating them to members of an organization will help everyone understand the company’s mission, as well as repercussions for policy violation.
Overall, a security Playbook is administered by security personnel (IT and Risk Management), but is most effective when all employees are included and cooperative with the implementation. Employee education is undoubtedly a worthy investment that can save an organization massive money and time from data breaches, simply by building an understanding around cyber security.
7/12/19, 1:15 AM
The Playbook/Runbook are standardized documents on procedures for Information Technology issues. For clarity, the name Playbook is sometimes called Runbook but they mean the same thing. Playbooks usually provide step by step instructions on resolving and fixing issues based on policy. There is no clear strategy or defined topic on the importance of what a playbook contains. The order of importance is left to the organization’s needs. There are two types of playbooks: Specialized and generalized. Generalized playbooks tend to be used for continuous tasks, like monitoring logs and performing backups. Most specialized playbooks contain an incident and a response. For security environment purposes, the playbook includes a description, systems affected, tools to remediate, instructions, and resolution. The playbook follows policy and gives detailed instructions on mitigating issues enforcing security.
For example, unauthorized intent to gain access to a domain is a security breach. The playbook incident starts with the detection. Once the intrusion is noticed, an analysis of data is required. The response is a containment and recovery. So the playbook provides Detection, Analysis, Containment, and Recovery.
7/11/19, 11:53 PM
A playbook or runbooks are used to establish a bond between published knowledge based articles and Security response incident reports. They are used to strengthen the policies and workflow of how a company responds to a security incident. The playbook is key to having a procedure of when an incident happens. Once a playbook is established, the company will then train the employees so they know what to do when an incident happens within their area of work. This also helps reduce the amount of time the incident is open, the proper training and response time is essential to help with the reduction of incidents. The playbook allows each employee to know what their responsibilities are within the company and how to handle certain situations.