Problem
There is an existing set of procedures to deal with these two unwanted security incidents:
• A suspected DDOS attack
• A suspected phishing attack
The existing procedure is as follows. Your boss believes that these procedures need to be improved.
1) Identification of the network attack
2) Disconnect the infected computer from the network
3) Scan the computer with updated antivirus and antimalware, and remove all suspected files and software
4) Connect the computer to the network
Evaluation of Existing Procedures - (Using NIST or SANS)
Evaluate the above procedures and highlight issues with them that may result in poor handling of these incidents. Choose at least one subtask and discuss how it could be modified to improve the handling of the incidents.