Changes between Version 10 and Version 11 of org/meetings/2014WinterDevMeeting/notes/UserStories


Ignore:
Timestamp:
Feb 28, 2014, 6:01:16 PM (5 years ago)
Author:
rdump
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • org/meetings/2014WinterDevMeeting/notes/UserStories

    v10 v11  
    5353
    5454A system administrator is on call for assisting the CIRT in incident investigations. She must avoid disclosing to the adversaries behind malware and system compromises that the organization has detected their activity, lest they retaliate, or switch tactics and break in other ways. She tests malware versions and monitors the activity of the compromised systems on a private network behind an anonymizing Tor gateway.
     55
     56Computer security staff receive reports from international peer institutions, from law enforcement, and from counter-intelligence agencies about systems visiting potentially malicious sites. Staff gathers information from the sites to help assess how deep the adversaries got, and to devise defenses. The reporters require they avoid disclosing to the adversaries what general industry was tipped off, as well as obscure the fact that there is peer or investigator notice of the adversary activities. They use Tor for the investigation to meet those goals.