All Articles

Checklist: Skillset required for an Incident Management Person

Posted by pritha on June 26, 2015 at 12:30am

Technical Skills:

Major Areas Of Focus:

  • Incident Response
  • Computer Forensics
  • Network Security
  • Secure Architecture

( Read More: CISO Platform Top IT Security Influencers (Part 1) )

Conceptual (Understand How-It-Works):

  • Fundamental security concepts- CIA Triad(Confidentiality,Integrity,Availability),Authentication vs Authorization vs Access control, Non-Repudiation etc.
  • Working Principles & Protocols of Internet- TCP/IP, IPV4, IPV6 etc.
  • Security Domains- MDM, IDS/IPS, Database, DLP etc.
  • Transport Layer- SMTP, MIME etc.
  • Social Engineering tactics
  • **Network security (Protocols, Configurations, Infrastructure, Vulnerabilities)- MIM, Spoofing, Firewall, Routers, Public Data networks etc.
  • **Coding Practices- Secure coding, Malicious code, Buffer Overflows,Cross-site scripting etc.
  • ** Coding Languages- C, Java, Perl, Shell, Awk etc.
  • **Encryption (Processes & Algorithms)- Digital Signature & Certificate, Hash Algorithms & Encrypted Hash, AES, DH Key Exchange, PGP, DES & Triple DES, Blowfish, Twofish, Serpent

** - Preferably expertise level understanding and HandsOn in these areas, however basics must be tested first.

Expertise & handsOn:

  • Internet protocols - DNS, TLS, IPSEC, HTTP, TCP, UDP etc.
  • OS - Windows,UNIX/Linux etc.
  • File system - Zfs, NTFS, FAT etc.
  • Encryption - PGP, symmetric/asymmetric, ECB/CBC operations, AES etc.
  • DLP - network vs endpoint DLP, Vontu, Websense, Verdasys etc.
  • eDiscovery & Digital Forensics Concepts/Technologies - Encase, FTK etc.
  • Threat or Risk Modelling - STRIDE, DREAD, FAIR etc.
  • Pentesting Fundamentals
  • Technical expertise - Windows, Linux, Solaris, AIX, OS400, Apple, Databases, Routers/Firewalls

Computer Forensics:

  • Process- Data Extraction, Data Imaging, Data Preservation & Data Handling
    - Methodology for proper copy of storage devices that can be used as evidence
    - Tools like FTK, AccessData
  • Popular tools- FTK, Access Data,Caine,EnCase etc.
  • Techniques- Cross Drive Analysis(CDA), File Carving or Carving, Live Analysis, Steganalysis or Steganography Tools, Volatile Data Analysis

( Read More: Pre-launch Preview: State of Security Technology Adoption in Enterprises - Annual Report 2015 )

Added Certification

  • CISSP
  • ENCE(Encase Certified Examiner),
  • CCE, GCFE(GIAC Certified Forensic Examiner ),
  • GCFA(GIAC Certified Forensic Analyst),
  • GREM(GIAC Reverse Engineering Malware),
  • GCIA(GIAC Certified Intrusion Analyst),
  • GCIH(GIAC Certified Incident Handler),
  • CHFI, QSA, EnCE,
  • CCE(Certified Computer Examiner),
  • ACE(AccessData Certified Examiner),
  • CISM

Personal Skills:

  1. Good Management abilities
  2. Stress Handling Capability
  3. Impromptu action taker
  4. Good Reasoning abilities
  5. Process defining abilities
  6. Good Communication skills
  7. Team worker 

Notes

1. Test scenarios.Hand over test scenarios to the recruit, the process of resolving the problem will demonstrate - logical thinking, spontaneity, knowledge, forensic basics. This can be also done in idle teams as an exercise.

2. Learner.Since information security changes every day, the personnel should be open to learning and eager to demonstrate them. Educational courses made can also be useful for other members outside CIRT.

3. Think of hiring a hacker. Big companies are hiring hackers full-time to hack their systems, this enables faster resolving the easiest hackable points, moreover the hacker thinks like a hacker!

4. Domain experts of certain fields can be a good choice like- applications, network, mail and database.

5. Consider outsourcing this effort to a consultancy which results in lower costs as you don't need a team waiting for incidents to take place, rather treat only when affected. However, this must be preceded by references and study.

6. A Legal Advisor can be of umpteen help, in assisting of gathering information, recommendations and remediation when an incident/breech takes places

(Read more: CISO Guide for Denial-of-Service (DoS) Security)

Reference:

https://en.wikipedia.org/wiki/Computer_forensics

https://en.wikipedia.org/wiki/Information_security

http://ptgmedia.pearsoncmg.com/images/1578702569/samplechapter/1578702569.pdf

https://msisac.cisecurity.org/resources/guides/documents/Incident-Response-Guide.pdf

http://www.cert.org/incident-management/csirt-development/csirt-staffing.cfm

http://www.bankinfosecurity.in/incident-response-5-critical-skills-a-4214/op-1

8669801067?profile=original

Views: 464
Tags: Incident, Response, checklist, cyber, forensic, incident, infosec, management, network, security, set, skill, skills, team, technical
E-mail me when people leave their comments –
Follow
Posted by pritha

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)