October 26, 2016

Useful Resource: CERT Société Générale Incident Response Methodologies

CERT Société Générale handles the information security incidents and cybercrime issues relating to the French financial services company Société Générale Group. As part of its work it produces short cheat sheets summarizing the best practices for incident handling. They are a valuable resource for any IT professional doing any work or study related to information security.

The latest publication is about malicious network behavior. It is a set of guidelines on handling suspicious network behaviour and covers:

  1. Preparation
  2. Identification
  3. Containment
  4. Remediation
  5. Recovery
  6. Aftermath

For those interested in what to do during an attack, CERT Société Générale recommends that you:

  1. Disconnect the compromised area from the network.
  2. Isolate the source of the attack. Disconnect the  affected computer(s) in order to perform further investigation.
  3. Terminate unwanted connections or processes on  affected machines.
  4. Use firewall/IPS rules to block the attack.  
  5. Use IDS rules to match with this malicious behaviour  and inform technical staff on new events.

Here is the full list of IRM documents: