Best practices for cyber incident response issued by Five Eyes countries - Canada News
Best practices for cyber incident response issued by Five Eyes countries - Canada News
A week after the Canadian intelligence aide issued a joint advisory to organizations on the response to the cyber incident, the Great White North has not yet published the document on its website.
Canada, Australia, New Zealand, United States and U.K. Kee's Five Eyes Intelligence Co-operative last week announced Technical Approaches to Unovering and Remodeling Malicious Activities, a lengthy playbook for the network and insicure professionals to investigate the incident.
However, despite the document being available online on cyber information websites of other countries, it cannot be found on the site of the Canadian Center for Cyber Security.
"We are currently a translated consultant in French and hope to post it on our website by the middle of the week," the center's media spokesperson, Ivan Koronsky, said in an email to IT World Canada this morning. According to a news release, the Joint Advisor highlights technical approaches to uncover malicious activity and includes mitigation steps as per best practices.
These are long-standing challenges when we have seen organizations responding to cyber incidents, and we are pleased to join with our partners in raising awareness about these important measures," Scott Jones, the head of the center, said in the press.
Skip Here is a link to the English version of the site's advisor to the US Cyber Security and Infrastructure Security Agency (CISA). One of the most interesting parts of the advisory is on common mistakes in reaction to the incident. "After determining that a system or multiple systems can be compromised, system administrators and / or system owners are often tempted to take immediate action," the consultant says.
"While the agreement was well-intentioned to limit losses, some of those actions have the adverse effect of modifying volatile data that may give a sense of what has been done; And teasing the threatening actor that the victim organization knows of the agreement and forces the actor to either hide their tracks or perform more harmful acts (such as blasting ransomware). "
No comments