Exercise 2-2 Using a Web browser and a search engine, search the terms “CitiBank backup tapes lost.” You will find many results. Select one article and identify what that article considers a short-coming in CitiBank’s planning. What part of the contingency planning process came up short (IR, BP, or CP)? How could the shortcoming have been prevented?
Exercise 3-1 This chapter’s opening scenario illustrates a specific type of incident/disaster. Using a Web browser, search for information related to preparing an organization against terrorist attacks. Look up information on (a) anthrax or another biological attack (like smallpox), (b) sarin or another toxic gas, (c) low-level radiological contamination attacks.
Exercise 3-2 Using a Web browser, search for available commercial applications that use various forms of RAID technologies, such as RAID 0 through RAID S. What is the most common implemen-tation? What is the most expensive?
Real-World Exercises 1. Using a Web browser, identify at least five sources you would want to use when training a CSIRT.
2. Using a Web browser, visit www.mitre.org. What information is provided there, and how would it be useful?
3. Using a Web browser, visit www.securityfocus.com. What is Bugtraq, and how would it be useful? What additional information is provided under the Vulnerabilities tab?
4. Using a Web browser, visit www.cert.org. What information is provided there, and how would it be useful? What additional information is provided at www.cert.org/csirts/?
5.3. Using a Web browser, visit the site www.honeynet.org. What is this Web site, and what does it offer the information security professional? Visit the “Know your Enemy” white-paper series and select a paper based on the recommendation of your professor. Read it and prepare a short overview for your class.
2. Using a Web browser, search for “incident response template.” Look through the first five results and choose one for further investigation. Take a look at it and determine if you think it would be useful to an organization creating a CSIRT. Why or why not?
1. Using a Web browser, perform some research on a newer malware variant that has been reported by a major malware containment vendor. Using a search engine, go to the vendor’s Web site; this could be Symantec, McAfee, or any of their competitors. Visit one malware prevention software vendor. Search for the newest malware variants and pick one. Note its name and try to understand how it works. Now look for information about that same malware from at least one other vendor. Were you able to see this malware at both vendors? If so, are there any differences in how they are reported between the two vendors?