Question

This scenario is about a small, family-owned investment firm. The organization has only one location and less than 100 employees. On a Monday morning, a new worm is released; it spreads itself through removable media, and it can copy itself to open Windows shares. When the worm infects a host, it installs a DDoS agent.

It was several hours after the worm started to spread before antivirus signatures became available. The organization had already incurred widespread infections.
The investment firm has hired you as security expert who often use the security models of security incident handling.

Answer 1

The investment firm should follow security incident handling models to handle the worm attack. These models provide a systematic approach to detecting, analyzing, and mitigating security incidents.

Step-by-step explanation:

This scenario is about a small, family-owned investment firm that is facing a worm attack. The worm spreads through removable media and open Windows shares, infecting hosts and installing a DDoS agent. Antivirus signatures become available several hours after the worm starts spreading, leading to widespread infections in the organization.

To handle this security incident, the investment firm should follow security incident handling models. These models provide a systematic approach to detecting, analyzing, and mitigating security incidents. Some common models include the NIST Incident Response Life Cycle, SANS Incident Handler's Handbook, and ISO/IEC 27035 Incident Management.

By following these models, the investment firm can effectively respond to the worm attack, identify the infected hosts, isolate and remediate them, and implement preventive measures to avoid future attacks.