Computers, in todays world they run pretty much most of the world.

Any and all businesses rely heavily on computer systems to run their everyday operations and keep intact much of their information. From databases to servers of all kinds, these all rely on computer technology to monitor, maintain, and overall keep them running from day to day. Because so much of the worlds businesses rely heavily on computers, criminals have targeted them as a means to gather information, exploit, Steal information, and several other reasons for their own financial gain. These threats can come at any time from just about anywhere and there are many reasons for these attacks to be launched. Generally these attacks are intended to cause malicious harm to computer systems or to gather vital and discrete information that is not meant to be released to the public. Actions such as these are considered crimes against or involving computer systems and are separated into different categories depending on the actions and the type of computer systems that are affected by the malicious actions. Anyone who violates one or more security polices is considered to have committed a computer crime and is deemed an attacker. No matter how it is seen, even though it is a computer crime, it is still a crime and should respectfully be treated as such. This means that all actions should be taken in accordance to policy and all proper parties should be contacted that are all on a need to know basis of the incident. Cautions should be taken as there may be a situation in which no one outside the

companys security service needs to be notified about the incident and can be written off as an internal affair. These computer crimes can be classified as one of many types of attacks and should be labeled according to the type of crime that is committed. These types of attacks are Military and intelligence attacks, Business attacks, financial attacks, Terrorist attacks, Grudge attacks, and Thrill attacks. Knowing the difference between these types of attacks is crucial and can help protect the computer systems as well as allow the organization to react and take action when an attack occurs. This paper will aim to describe four of these types of attacks and outline the incident response process for each of these four types of attacks. Military and intelligence attacks This type of attack is aimed towards military and law enforcement agencies with the attempt to gather secret and restricted information. The act of gathering this information can damage the integrity of evidence used in an investigation making all together useless. When launched against military services this can put a risk in national security or cause current strategic actions to be thrown out. The system that is most likely to be attacked depends on what the attacker or attackers have in mind. A server that contains vital military intelligence would be ideal for an enemy force looking for strategic information or intelligence that would benefit them. Within law enforcement a Database that stores all electronical evidence would be an ideal target for those trying to remove the evidence from a case. Terrorist Attacks

Unlike military attacks which are commonly used to gather information, terrorist attacks are intended to disrupt the normal functions of a business or organization. Some times terrorist attacks are intended to put fear of their actions into an organization or public interest. These attacks can be that to systems that offer services such as electric services, water distribution services, and communication services. Even some terrorist attacks are seen as something that is on the rise called hacktivism in which an organization will attack the systems of businesses and even government agencies to prevent or disrupt their services. Grudge Attacks

Now these are attacks are initiated with one purpose on mind, and that is to damage an organization or even a person. These damages can cause the loss of information, severe damage to an organizations network, the damage of a persons reputation, and sometimes the result of an individuals financial records damaged. A grudge attack is commonly carried out by an employee that is looking for justification of negative actions taken out on them like termination or mistreatment. The systems that are at risk of this attack can be a simple record of an individual or even a system wide attack that requires the network to shut down halting production of the organization. Business Attacks

A business attack is one that will focus on the gathering of a businesss confidential information that revolves around the operation of the business. This information can be strategic planning that allows the business to get a one up on the competition, information on a new product, even information that can be damaging to the

organizations credibility. Systems that can be targeted for this type of attack can range from databases, to the E-mail servers, and even individual workstation that are stationary or mobile. When one of these incidents occur there needs to be a process that is followed in accordance to the incident response policy of the organization. The first of few steps to the incident response process is to Detect and identify the incident. By monitoring the important events that meet the organizations definition for security threat you can identify any evidence that may have been left behind by the attacker. By using multiple sources of data for your investigation you can better understand and relay any of the events to the proper personnel. These sources should be Intrusion detection/prevention systems, Antivirus software, Firewall logs, System logs, Physical security systems, File integrity monitoring software. The next step to process is to choose a proper response, the idea that this incident may end up as a court case against an attacking individual should be considered and all evidence that may prove useful in the court case should be gathered and properly stored to keep the integrity of the data in accordance to the chain of evidence. Computer systems that have been compromised should be disconnected from the network to prevent the further intrusion of that system which can also act as a conduit to the entire network compromising it as a whole. Any findings you come across should be summarized and put in a written report to the management team. The information in the report should be well noted if it is fact or opinion to keeps the incrimination information from being treated as opinion resulting discrediting the evidence.

The final step in the process is to restore the organization to its operating state by repairing any damage that has occurred during the incident. Rebuilding the compromised system and patching up any security vulnerabilities that are the cause of the incident. If any data was lost during the incident a restoration of back up data should be put into effect. Any security issues should also be remedied that are identified in the incident analysis to prevent further compromise. Finally a Lessons learned session should be conducted in which the incident response team should look at their actions during the incident and consider any improvements that may need to be put forward to make the process of any future incidents go along more smoothly.

References Chapple M. Tittle E. Stewart J.M. Certified Information Systems Security Professional study guide Fifth Edition, 18, 718-731.