May 8, 2017 - The First 72-Hours How to Approach the Initial Hours of a Security Incident

Entrance Ticket - The First 72-Hours How to Approach the Initial Hours of a Security Incident  

In 100 words, tell me:

1. What is a typical "knee-jerk reaction" and what might be your first reaction?  What could you do that might not be helpful?
2. What is the difference between incursion detection and persistence detection?
3. Which is worse?
4.  Look at the "Comparison of Attack Detection" table.  Tell me what you found most interesting about the information.
5. In the "Incursion Detection Response Activities" table, tell me about what are the things to be done in the 0-24 hours, and why each is important to do?
6. In the "Lessons Learned" section, explain what happened because a user wanted to wait to fix and patch the system on the weekly schedule, rather than do it immediately?
7. What are some different behaviors that need to be taken when  "Responding to a Persistence Detection" 

Turn in to Jupiter

• and then any outstanding Jupiter Assignments
• Also remember this free software training: http://cybersecuritysvcte-metroed-2016-2017.blogspot.com/2017/02/some-free-software-training.html
• Udemy - work on the class you picked 
• www.instructables.com/  - work on the class you picked
• RaspberryPi & Arduino

 Class Agenda:

• 12:30-1:00 - Entry Ticket -20 min read and write, 10 min to discuss (see top of Blog for today)

• 1:00 - 2:00 - Sing up and Start Cybrary lessons
• https://www.cybrary.it/
• Sign up for an account
• pick the  "Penetration Testing and Ethical Hacking"
• Start the lessons..
• Tell me what lessons you completed.  You do not have to go in order.

• 2:00 - 2:30 - Python
• build a calendar - http://steamclown-mechatronics.blogspot.com/p/building-calendar-in-class-you-saw.html

• 2:30 - 2:45 - HUB

• 2:45 - 3:30 - Raspberry PI Project