{"id":3223,"date":"2017-02-24T10:27:09","date_gmt":"2017-02-24T02:27:09","guid":{"rendered":"https:\/\/ixyzero.com\/blog\/?p=3223"},"modified":"2017-02-24T10:27:09","modified_gmt":"2017-02-24T02:27:09","slug":"%e5%ae%89%e5%85%a8%e4%ba%8b%e4%bb%b6%e5%ba%94%e6%80%a5%e5%93%8d%e5%ba%94%e5%a4%84%e7%90%86%e6%8c%87%e5%8d%97","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/3223.html","title":{"rendered":"\u5b89\u5168\u4e8b\u4ef6\u5e94\u6025\u54cd\u5e94\u5904\u7406\u6307\u5357"},"content":{"rendered":"<p>=Start=<\/p>\n<h4 id=\"id-\u5b89\u5168\u4e8b\u4ef6\u5e94\u6025\u54cd\u5e94\u5904\u7406\u6307\u5357-\u7f18\u7531\uff1a\">\u7f18\u7531\uff1a<\/h4>\n<p>study hard, improve every day<\/p>\n<h4 id=\"id-\u5b89\u5168\u4e8b\u4ef6\u5e94\u6025\u54cd\u5e94\u5904\u7406\u6307\u5357-\u6b63\u6587\uff1a\">\u6b63\u6587\uff1a<\/h4>\n<h5 id=\"id-\u5b89\u5168\u4e8b\u4ef6\u5e94\u6025\u54cd\u5e94\u5904\u7406\u6307\u5357-\u53c2\u8003\u89e3\u7b54\uff1a\">\u53c2\u8003\u89e3\u7b54\uff1a<\/h5>\n<h6 id=\"id-\u5b89\u5168\u4e8b\u4ef6\u5e94\u6025\u54cd\u5e94\u5904\u7406\u6307\u5357-\u6280\u672f\u2022\u6c9f\u901a\u2022\u64cd\u4f5c\u2022\u6cd5\u5f8b\">\u6280\u672f\u2022\u6c9f\u901a\u2022\u64cd\u4f5c\u2022\u6cd5\u5f8b<\/h6>\n<p>\u672c\u5e94\u6025\u54cd\u5e94\u6280\u5de7\u548c\u51c6\u5907\u6307\u5357\u7528\u4ee5\u51cf\u5c11\u4f24\u5bb3\u548c\u4fdd\u8bc1\u4f7f\u547d\u8fbe\u6210\u3002<\/p>\n<h6 id=\"id-\u5b89\u5168\u4e8b\u4ef6\u5e94\u6025\u54cd\u5e94\u5904\u7406\u6307\u5357-\u9996\u8981\u539f\u5219\u2014\u2014\u4e0d\u8981\u52a0\u91cd\u4f24\u5bb3\">\u9996\u8981\u539f\u5219\u2014\u2014\u4e0d\u8981\u9020\u6210\u4e8c\u6b21\u4f24\u5bb3<\/h6>\n<p>\u533b\u62a4\u7684\u5173\u952e\u539f\u5219\u540c\u6837\u9002\u7528\u4e8e\u8fd9\u91cc\u7684\u7f51\u7edc\u5b89\u5168\u5e94\u6025\u54cd\u5e94\u2014\u2014\u4e0d\u8981\u9020\u6210\u4e8c\u6b21\u4f24\u5bb3\u3002<\/p>\n<h6 id=\"id-\u5b89\u5168\u4e8b\u4ef6\u5e94\u6025\u54cd\u5e94\u5904\u7406\u6307\u5357-\u5927\u4f53\u5185\u5bb9\">\u5927\u4f53\u5185\u5bb9<\/h6>\n<p>\u4e8b\u524d\u51c6\u5907\uff08Preparation\uff09<\/p>\n<ul>\n<li>Technology\u00b7\u6280\u672f<\/li>\n<li>Operations\u00b7\u8fd0\u8425<\/li>\n<li>Legal\u00b7\u6cd5\u52a1<\/li>\n<li>Communications\u00b7\u6c9f\u901a<\/li>\n<\/ul>\n<p>\u4e8b\u4e2d\u5904\u7406\uff08During an Incident\uff09<\/p>\n<ul>\n<li>Operations\u00b7\u8fd0\u8425<\/li>\n<li>Technology\u00b7\u6280\u672f<\/li>\n<li>Legal\u00b7\u6cd5\u52a1<\/li>\n<li>Communications\u00b7\u6c9f\u901a<\/li>\n<\/ul>\n<p>\u6838\u5fc3\/\u8981\u70b9<\/p>\n<ul>\n<li>Preparation pays off \u2013 Preparing for a major incident can reduce damage to the organization, as well as reduce incident cost and management difficulty.\uff08\u63d0\u524d\u51c6\u5907\uff1a\u5bf9\u91cd\u5927\u4e8b\u4ef6\u7684\u51c6\u5907\u53ef\u4ee5\u6709\u6548\u51cf\u5c11\u5bf9\u516c\u53f8\u7684\u635f\u5bb3\uff0c\u4ee5\u53ca\u964d\u4f4e\u4e8b\u6545\u6210\u672c\u548c\u7ba1\u7406\u96be\u5ea6\u3002\uff09<\/li>\n<li>Operationalize your incident management processes \u2013 Managing major cybersecurity incidents must be part of standard business risk management processes.\uff08\u4e8b\u4ef6\u5904\u7406\u6d41\u7a0b\u5316\uff1a\u5904\u7406\u4e3b\u8981\u7684\u7f51\u7edc\u5b89\u5168\u4e8b\u4ef6\u5fc5\u987b\u662f\u6807\u51c6\u4e1a\u52a1\u98ce\u9669\u7ba1\u7406\u6d41\u7a0b\u7684\u4e00\u90e8\u5206\u3002\uff09<\/li>\n<li>Coordination is critical \u2013 Effective cybersecurity incident management requires collaboration and coordination of technical, operations, communications, legal, and governance functions.\uff08\u534f\u8c03\u81f3\u5173\u91cd\u8981\uff1a\u6709\u6548\u7684\u7f51\u7edc\u5b89\u5168\u4e8b\u4ef6\u5904\u7406\u9700\u8981\u6280\u672f\uff0c\u8fd0\u8425\uff0c\u6c9f\u901a\uff0c\u6cd5\u5f8b\u548c\u6cbb\u7406\u529f\u80fd\u7684\u534f\u4f5c\u548c\u534f\u8c03\u3002\uff09<\/li>\n<li>Stay calm and do no harm in an incident \u2013 Overreacting can be as damaging as underreacting.\uff08\u4fdd\u6301\u51b7\u9759\uff0c\u5728\u5904\u7406\u8fc7\u7a0b\u4e2d\u4e0d\u8981\u9020\u6210\u989d\u5916\u4f24\u5bb3\uff1a\u53cd\u5e94\u8fc7\u5ea6\u53ef\u80fd\u548c\u53cd\u5e94\u4e0d\u8db3\u4e00\u6837\u6709\u5bb3\u3002\uff09<\/li>\n<\/ul>\n<h6 id=\"id-\u5b89\u5168\u4e8b\u4ef6\u5e94\u6025\u54cd\u5e94\u5904\u7406\u6307\u5357-\u5177\u4f53\u5185\u5bb9\">\u5177\u4f53\u5185\u5bb9<\/h6>\n<p>\u4e8b\u524d\u51c6\u5907<\/p>\n<ul>\n<li>Technology\u00b7\u6280\u672f\n<ul>\n<li>protect<\/li>\n<li>detect<\/li>\n<li>respond\n<ul>\n<li>general preparations\uff08\u5927\u4f53\u51c6\u5907\uff09<\/li>\n<li>investigation preparations\uff08\u8c03\u67e5\u51c6\u5907\uff09<\/li>\n<li>recovery preparations\uff08\u6062\u590d\u51c6\u5907\uff09<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Operations\u00b7\u8fd0\u8425\n<ul>\n<li>critical preparations\uff08\u5173\u952e\u51c6\u5907\uff09<\/li>\n<li>hallmarks of a strong response program\uff08\u5f3a\u53cd\u5e94\u8ba1\u5212\u7684\u6807\u8bb0\uff09<\/li>\n<li>key lessons learned\uff08\u5173\u952e\u7ecf\u9a8c\u6559\u8bad\uff09<\/li>\n<li>organizational preparedness self-assessment\uff08\u7ec4\u7ec7\u51c6\u5907\u81ea\u6211\u8bc4\u4f30\uff09<\/li>\n<li>core strategy and alignment\uff08\u6838\u5fc3\u6218\u7565\u548c\u8c03\u6574\uff09<\/li>\n<li>security operations\uff08\u5b89\u5168\u64cd\u4f5c\uff09<\/li>\n<\/ul>\n<\/li>\n<li>Legal\u00b7\u6cd5\u52a1\n<ul>\n<li>\u6307\u5b9a\u6cd5\u5f8b\u4e0a\u7684\u7f51\u7edc\u9886\u5bfc\uff1b<\/li>\n<li>\u5ba1\u67e5\u653f\u7b56\u548c\u516c\u5171\u58f0\u660e\uff1b<\/li>\n<li>\u5236\u5b9a\u5b89\u5168\u4e8b\u6545\u54cd\u5e94\u8ba1\u5212\uff1b<\/li>\n<li>\u5728\u6cd5\u5f8b\u6307\u5bfc\u4e0b\u8fdb\u884c\u7f51\u7edc\u5b89\u5168\u8bc4\u4f30\u548c\u6d4b\u8bd5\uff1b<\/li>\n<li>\u5b9a\u671f\u53ec\u5f00\u8463\u4e8b\u4f1a\u7b80\u62a5\u4f1a\uff1b<\/li>\n<li>\u7ba1\u7406\u7b2c\u4e09\u65b9\u4f9b\u5e94\u5546\uff1b<\/li>\n<\/ul>\n<\/li>\n<li>Communications\u00b7\u6c9f\u901a<\/li>\n<li>\u5728\u4e0e\u5904\u7406\u5b89\u5168\u4e8b\u4ef6\u76f8\u5173\u7684\u6240\u6709\u4e3b\u8981\u6210\u672c\u548c\u98ce\u9669\u4e2d\uff0c\u5bf9\u54c1\u724c\u548c\u58f0\u8a89\u7684\u6f5c\u5728\u6253\u51fb\u4ee5\u53ca\u5ba2\u6237\u4fe1\u4efb\u7684\u4e27\u5931\u53ef\u80fd\u662f\u6700\u5177\u7834\u574f\u6027\u7684\u3002\u9664\u4e86\u5f71\u54cd\u58f0\u8a89\uff0c\u7ba1\u7406\u4e0d\u5584\u548c\u5b89\u5168\u4e8b\u4ef6\u4f20\u8fbe\u4e0d\u5f53\u53ef\u80fd\u4f1a\u5f71\u54cd\u5458\u5de5\u7684\u58eb\u6c14\uff0c\u5e76\u5bfc\u81f4\u76d1\u7ba1\u538b\u529b\u548c\u8bc9\u8bbc\u3002<\/li>\n<li>\u660e\u786e\u6c9f\u901a\u8d1f\u8d23\u4eba\uff0c\u5e76\u786e\u4fdd\u4ed6\u4e86\u89e3\u54cd\u5e94\u8fc7\u7a0b\u548c\u7f51\u7edc\u5b89\u5168\uff1b<\/li>\n<li>\u5236\u5b9a\u5b89\u5168\u4e8b\u6545\u54cd\u5e94\u8ba1\u5212\u7684\u6c9f\u901a\u90e8\u5206\uff0c\u5305\u62ec\u660e\u786e\u7684\u8d23\u4efb\u4eba\u548c\u6279\u51c6\u7a0b\u5e8f\uff1b<\/li>\n<li>\u6620\u5c04\u53ef\u80fd\u9700\u8981\u63a5\u6536\u5173\u4e8e\u4e8b\u4ef6\u7684\u901a\u4fe1\u7684\u5229\u76ca\u76f8\u5173\u8005\uff0c\u5305\u62ec\u5ba2\u6237\uff0c\u5a92\u4f53\uff0c\u5408\u4f5c\u4f19\u4f34\uff0c\u76d1\u7ba1\u673a\u6784\uff0c\u5458\u5de5\u548c\u4f9b\u5e94\u5546\uff1b<\/li>\n<li>\u4e3a\u516c\u53f8\u6700\u5173\u5fc3\u7684\u4e3b\u8981\u7c7b\u578b\u7684\u4e8b\u4ef6\u64b0\u5199\u4e00\u4e9b\u5a92\u4f53\u6750\u6599\uff1b<\/li>\n<li>\u5bf9\u6240\u6709\u5e94\u6025\u54cd\u5e94\u4e8b\u6545\u5904\u7406\u7684\u76f8\u5173\u4eba\u5458\u8fdb\u884c\u4e00\u6b21\u5b9e\u6218\u6f14\u7ec3\uff0c\u4ee5\u6d4b\u8bd5\u4ed6\u4eec\u5c06\u4f1a\u5728\u4e8b\u4ef6\u53d1\u751f\u65f6\u505a\u51fa\u7684\u53cd\u5e94\u3002<\/li>\n<\/ul>\n<p>\u4e8b\u4e2d\u5904\u7406<\/p>\n<p>\u6838\u5fc3\/\u5173\u952e<\/p>\n<ul>\n<li>\n<ul>\n<li>\u4fdd\u6301\u9547\u5b9a\uff08\u4e13\u6ce8\u4e8e\u4f18\u5148\u8003\u8651\u6700\u6709\u6548\u7684\u884c\u52a8\uff09<\/li>\n<li>\u4e0d\u8981\u4ea7\u751f\u4e8c\u6b21\u4f24\u5bb3\uff08\u786e\u8ba4\u4f60\u7684\u64cd\u4f5c\u662f\u4e8b\u5148\u8bbe\u8ba1\u597d\u7684\uff0c\u4e0d\u4f1a\u5bfc\u81f4\u6570\u636e\u4e22\u5931\u3001\u4e1a\u52a1\u5173\u952e\u529f\u80fd\u4e22\u5931\u3001\u8bc1\u636e\u4e22\u5931\u7b49\u66f4\u4e25\u91cd\u7684\u95ee\u9898\uff09<\/li>\n<li>\u51c6\u786e\uff08\u786e\u8ba4\u4f60\u5411\u516c\u4f17\u548c\u5ba2\u6237\u5206\u4eab\u7684\u4efb\u4f55\u5185\u5bb9\u662f\u6b63\u786e\u548c\u771f\u5b9e\u7684\uff09<\/li>\n<li>\u5728\u5fc5\u8981\u65f6\u7533\u8bf7\u5e2e\u52a9<\/li>\n<\/ul>\n<\/li>\n<li>Operations\u00b7\u8fd0\u8425\n<ul>\n<li>\u8c03\u67e5\u9636\u6bb5\n<ul>\n<li>\u6210\u529f\u7684\u5173\u952e\u56e0\u7d20<\/li>\n<li>\u63d0\u793a\/\u6280\u5de7<\/li>\n<\/ul>\n<\/li>\n<li>\u6062\u590d\u9636\u6bb5\n<ul>\n<li>\u6210\u529f\u7684\u5173\u952e\u56e0\u7d20<\/li>\n<li>\u63d0\u793a\/\u6280\u5de7<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Technology\u00b7\u6280\u672f\n<ul>\n<li>\u8c03\u67e5\u9636\u6bb5\n<ul>\n<li>\u6210\u529f\u7684\u5173\u952e\u56e0\u7d20<\/li>\n<li>\u63d0\u793a\/\u6280\u5de7<\/li>\n<\/ul>\n<\/li>\n<li>\u6062\u590d\u9636\u6bb5\n<ul>\n<li>\u6210\u529f\u7684\u5173\u952e\u56e0\u7d20<\/li>\n<li>\u63d0\u793a\/\u6280\u5de7<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Legal\u00b7\u6cd5\u52a1\n<ul>\n<li>\u7f51\u7edc\u5b89\u5168\u4e8b\u4ef6\u5728\u6cd5\u89c4\u9075\u4ece\u6027\uff0c\u6cd5\u5b9a\u548c\u5408\u540c\u901a\u77e5\u4e49\u52a1\u4ee5\u53ca\u7ba1\u7406\u968f\u540e\u7684\u8bc9\u8bbc\u548c\u76d1\u7ba1\u6267\u6cd5\u7a0b\u5e8f\u548c\u8c03\u67e5\u7684\u98ce\u9669\u65b9\u9762\u5b58\u5728\u5404\u79cd\u6311\u6218\u3002\u56e0\u6b64\uff0c\u6cd5\u5f8b\u987e\u95ee\u5728\u4e8b\u4ef6\u54cd\u5e94\uff0c\u4ee5\u53ca\u4e3b\u52a8\u7684\u7f51\u7edc\u5b89\u5168\u7a0b\u5e8f\u5f00\u53d1\uff0c\u90e8\u7f72\u548c\u6267\u884c\u65b9\u9762\u8d8a\u6765\u8d8a\u91cd\u8981\u3002\u65e9\u671f\u8058\u8bf7\u6cd5\u5f8b\u987e\u95ee\u6307\u5bfc\u8c03\u67e5\u53ef\u4ee5\u5927\u5927\u5e2e\u52a9\u786e\u5b9a\u8fd9\u4e9b\u4e49\u52a1\u548c\u7ba1\u7406\u76d1\u7ba1\u673a\u6784\uff0c\u539f\u544a\uff0c\u80a1\u4e1c\u548c\u884c\u4e1a\u56e2\u4f53\u7684\u6cd5\u5f8b\u98ce\u9669\u3002<\/li>\n<li>Maintain Confidentiality and Protect Privilege.<\/li>\n<li>Identify Legal Statutory, Contractual, and Other Obligations.<\/li>\n<li>Take Care Regarding Post-Breach Actions\/Statements.<\/li>\n<li>Engage Law Enforcement.<\/li>\n<li>Keep Executives\/Board Members Adequately Informed.<\/li>\n<\/ul>\n<\/li>\n<li>Communications\u00b7\u6c9f\u901a\n<ul>\n<li>\u6210\u529f\u7684\u5173\u952e\u56e0\u7d20<\/li>\n<li>\u5176\u5b83\u7684\u6c9f\u901a\u884c\u4e3a<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h5 id=\"id-\u5b89\u5168\u4e8b\u4ef6\u5e94\u6025\u54cd\u5e94\u5904\u7406\u6307\u5357-\u53c2\u8003\u94fe\u63a5\uff1a\">\u53c2\u8003\u94fe\u63a5\uff1a<\/h5>\n<ul>\n<li><a class=\"external-link\" href=\"https:\/\/info.microsoft.com\/INCIDENT-RESPONSE-REFERENCE-GUIDE.html\" target=\"_blank\" rel=\"nofollow\">https:\/\/info.microsoft.com\/INCIDENT-RESPONSE-REFERENCE-GUIDE.html<\/a><\/li>\n<li>Guide for Cybersecurity Event Recovery<br \/>\n<a class=\"external-link\" href=\"http:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-184.pdf\" target=\"_blank\" rel=\"nofollow\">http:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-184.pdf<\/a><\/li>\n<li>PDCERF\u6a21\u578b<br \/>\n<a class=\"external-link\" href=\"http:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-61r2.pdf\" target=\"_blank\" rel=\"nofollow\">http:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-61r2.pdf<\/a><\/li>\n<li>\u4e8b\u4ef6\u6307\u6325\u7cfb\u7edf<br \/>\n<a class=\"external-link\" href=\"https:\/\/en.wikipedia.org\/wiki\/Incident_Command_System\" target=\"_blank\" rel=\"nofollow\">https:\/\/en.wikipedia.org\/wiki\/Incident_Command_System<\/a><\/li>\n<li>National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1 January, 2017<br \/>\n<a class=\"external-link\" href=\"https:\/\/www.nist.gov\/cyberframework\" target=\"_blank\" rel=\"nofollow\">https:\/\/www.nist.gov\/cyberframework<\/a><\/li>\n<li>National Institute of Standards and Technology Guide for Cybersecurity Event Recovery<br \/>\n<a class=\"external-link\" href=\"https:\/\/doi.org\/10.6028\/NIST.SP.800-184\" target=\"_blank\" rel=\"nofollow\">https:\/\/doi.org\/10.6028\/NIST.SP.800-184<\/a><\/li>\n<li>Microsoft Securing Privileged Access Roadmap<br \/>\n<a class=\"external-link\" href=\"http:\/\/aka.ms\/SPAroadmap\" target=\"_blank\" rel=\"nofollow\">http:\/\/aka.ms\/SPAroadmap<\/a><\/li>\n<li>Microsoft Security Intelligence Report<br \/>\n<a class=\"external-link\" href=\"http:\/\/www.microsoft.com\/sir\" target=\"_blank\" rel=\"nofollow\">http:\/\/www.microsoft.com\/sir<\/a><\/li>\n<li>EY Global Information Security Survey 2016-2017<br \/>\n<a class=\"external-link\" href=\"http:\/\/www.ey.com\/gl\/en\/services\/advisory\/ey-global-information-security-survey-2016\" target=\"_blank\" rel=\"nofollow\">http:\/\/www.ey.com\/gl\/en\/services\/advisory\/ey-global-information-security-survey-2016<\/a><\/li>\n<li>Edelman Privacy Risk Index<br \/>\n<a class=\"external-link\" href=\"http:\/\/www.edelman.com\/insights\/intellectual-property\/exploring-consumer-attitudes-actions-key-tech-policy-issues-2014\/\" target=\"_blank\" rel=\"nofollow\">http:\/\/www.edelman.com\/insights\/intellectual-property\/exploring-consumer-attitudes-actions-key-tech-policy-issues-2014\/<\/a><\/li>\n<\/ul>\n<p>=END=<\/p>\n","protected":false},"excerpt":{"rendered":"<p>=Start= \u7f18\u7531\uff1a study hard, improve every day \u6b63\u6587\uff1a \u53c2\u8003\u89e3\u7b54\uff1a \u6280\u672f\u2022 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,25],"tags":[757,750,756],"class_list":["post-3223","post","type-post","status-publish","format-standard","hentry","category-knowledgebase-2","category-security","tag-pdcerf","tag-750","tag-756"],"views":13657,"_links":{"self":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/3223","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/comments?post=3223"}],"version-history":[{"count":2,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/3223\/revisions"}],"predecessor-version":[{"id":3227,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/posts\/3223\/revisions\/3227"}],"wp:attachment":[{"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/media?parent=3223"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/categories?post=3223"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ixyzero.com\/blog\/wp-json\/wp\/v2\/tags?post=3223"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}