Week 9 Blog: How to Respond to Incidents and Use Digital Forensics

In System Hardening and Network Resilience this week, I learned how important it is to respond to incidents quickly to limit the damage caused by cyberattacks. I knew that breaches happen, but I didn't fully understand how structured and organized the response process needs to be before this week. When something bad happens, incident response isn't just about reacting to it. It's also about having a plan in place before anything happens. I really liked the idea that being ready is just as important as finding things. The incident response lifecycle, which includes preparation, detection and analysis, containment, eradication, recovery, and lessons learned, was one of the most important things I learned. The containment phase had a big effect on me. This is when teams move quickly to stop the threat from spreading, like by isolating infected systems or shutting down accounts that have been hacked. I learned how important it is to find a balance between speed and strategy at this point. If you act too slowly, you can do more damage, but if you act too quickly, you can mess up business operations or destroy evidence. I also learned how important it is to give each member of a Computer Security Incident Response Team (CSIRT) a clear role. Not only IT staff are involved; depending on the situation, legal, HR, and public relations staff may also be involved. During high-stress situations, it's important to have clear authority and communication. Things can get worse if there isn't a clear chain of command. Another important thing to remember is how to spot indicators of compromise (IOCs) and some basic digital forensics techniques. Security teams can use IOCs to spot signs that an attack has happened, like strange network traffic, account activity that isn't allowed, or changes to the system that weren't expected. Digital forensics helps keep evidence safe and figure out how the attack happened, which helps stop it from happening again. This week made it clear that cybersecurity isn't just about stopping attacks; it's also about getting ready, working together, and always getting better. Planning, working together, technical skill, and clear communication are all important for incident response. A well-thought-out incident response plan can help you avoid downtime, lost money, and damage to your reputation. This week helped me learn more about how companies stay strong even after a breach.

Comments

Post a Comment

Popular posts from this blog

Week 1 Posting -

This first week of BSIT380: System Hardening and Network has really changed how I think about cybersecurity. The class started by comparing it to a big sporting event, where both teams study their opponent before the big day. That comparison helped me see why threat data and intelligence are so important: you can't protect a network if you don't know who the attackers are, what they want, and how they work. We talked about today's threat actors, such as nation-states, cybercriminal groups, insiders, and hacktivists. Each one has its own reasons for doing what they do and ways of doing it. I also learned that threat intelligence is more than just reading about attacks in the news. It means getting information from a lot of different places, looking for patterns, and using that information to make the organization's security better. The readings talked about the frameworks and threat research sources that analysts use, as well as different ways to model threats that hel...
Read more

Week 8 Blog: Ideas and Tools for Automating

This week really drove home how important automation is in today's cybersecurity work. One of the most important things I learned is that attackers are already using automation to launch network-speed attacks on a large scale. If defenders only use manual processes, they will automatically fall behind. Security Operations Centers (SOCs) use tools like SIEM and SOAR to find, connect, and respond to threats much faster than a person could do it alone. Automation doesn't take the place of analysts, but it does make them better at responding quickly and effectively. I also learned that playbooks and orchestration are very important for making sure that responses are always the same. Instead of responding to each alert in a different way, businesses can set up structured workflows that automatically collect logs, add information, isolate endpoints, or let the right teams know. This cuts down on alert fatigue and makes responding to incidents more consistent. It's important to t...
Read more

Week 5 Blog — Software and Hardware Assurance Best Practices

This week made me realize that security isn't just about making the operating system stronger; it's also about protecting everything from the code to the firmware and hardware. My biggest lesson about software was that security needs to be built in from the start, not added on later. That's why it's important to have a good SDLC and follow safe coding practices, like checking input, using the least amount of privilege, and testing early. It also made sense why third-party libraries and tight deadlines can be a problem: one weak spot can become a real vulnerability. I learned why firmware is so important on the hardware side: it controls low-level functions and is found in almost every device, such as servers, embedded systems, and IoT. If firmware isn't kept up to date and managed properly, it can break everything else. I also learned how hardware can help with a "root of trust," which is useful for things like secure boot and checking the system's in...
Read more