Table of Content
- | Four-Phase Security Incident Handling |
- | Security Incident PlayBook for Typical Security Incidents |
- | Windows Security Event Monitoring Implementation |
- | Further Reading 延伸閱讀 |
Four-Phase Security Incident Handling
Security Incident PlayBook for Typical Security Incidents
Ready-to-use Incident Response Play-book for typical Security Incidents could help IT support to get ready & drilled in advance. This can make sure they know how to react when incident really occur.
Windows Security Event Monitoring Implementation
Hundreds of events occur as the Windows operating system and the applications that run on it perform their tasks. Monitoring these events provide valuable information to help administrators troubleshoot and investigate security-related activities.
Based on industry experience & some well recognized guidelines (Australian Cyber Security Centre, Microsoft, and etc.), our Windows Security Event Monitoring (SEM) Implementation focuses on those significant windows security events
· Key account(s) Logon alert (Privileged Account Usage Monitoring)
· Failed Account Logon alert (Brute force attack Monitoring)
· Large amount Files Deletion on File Server detection (Ransomware Monitoring)
· User’s Network Share Changes Detection (Users’ Own File / Folder Share Monitoring)
· Changes on Account Rights, Audit Policies alert (Suspicious Account Activity Monitoring)
· Changes of Scheduled Tasks alert
· New Device such as USB Drive alert
· Customizable monitor(s) of all Windows OS Events on Security / Application / System
You must be logged in to post a comment.