By Michael Desrosiers
This month's topic is incident response in regards to a security or privacy breach or compromise.
The first thing that an organization needs to understand is exactly what constitutes an incident, what incidents are reportable and what actions you need to take when an incident occurs. The purpose of an incident response plan is to respond, investigate and report any abnormal activities that deviate from approved or expected practices on your organization's information system resources. A solid business plan should include a description of a security violation, a security incident and an example of when a technical vulnerability causes or could cause one or the other.
There are two types of security violations:
Compliance laws and regulations(HIPAA, SOX, GLBA);
Organizational policies and procedures.
Security incidents may reveal the need for increased computer security efforts, possibly including a security training and awareness program. Technical vulnerabilities can be found in hardware, firmware or software and can be caused by design or implementation characteristics or flaws that leave an information system open to potential exploitation and escalation of risk to a business. Should you shut down the systems, alerting the potential hacker or should you try to gain more information about the attacker for prosecution or study? Your decision will depend on what sort of activity has already been discovered and what the likelihood is of loss of life or market edge. Timely reporting is paramount and should be consistent with the incident's severity. Efficient incident handling also will minimize the potential for negative public relations exposure. When an attack is in progress, spontaneous decisions can thwart efforts to determine the source of the incident, collect evidence or prepare for recovering the system and protect system data. Be aware that if you report a potential crime, authorities may seize all of your equipment and remove it from your premises for an unknown amount of time.
Planning & preparation:
Classification & identification:
Handling the incident;
There you have it. The premise behind developing a sound and workable incident response mechanism, is to think it through before it is needed. This is one aspect of information security that cannot be reactive.
To respond to this or previous newsletters or to inquire about an on-site presentation, please feel free to call us at 508-995-4933 or email us at firstname.lastname@example.org.
We Manage Risk So You Can Manage Business
Got something to add? Send me email.
More Articles by Michael Desrosiers © 2011-06-27 Michael Desrosiers