Incident Handling and Response Capability: An IT Security Safeguard
Part 1: Are You Ready to Support an Incident Response Capability?
Catherine M. Woodbury, CISSP - May 7, 2002

Situation

An employee logs in at the beginning of the workday and notices the company website was defaced, who would be notified? Common sense dictates to call the IT department or perhaps the webmaster and the next course of action would probably be to take the website off-line, restore the original file, and put it back on-line. Would there be any type of investigation to determine the cause of the defacement, will anyone look for hidden programs or malicious code introduced at the time the website was defaced? If someone working inside the company caused this, how would it be handled? Without an Incident Handling process, this type of activity can and will be repeated and could damage the company's reputation.<br>&nbsp; <br> <font color="#336699">This, <b>Part 1</b> of a 2-part article on IT Security, discusses the technologies and programs an organization needs to benefit from an Incident and Response Capability.<br>&nbsp; <br> <a href="/Research/ResearchHighlights/Security/2002/05/research_notes/MI_ST_XCW_05_08_02_1.asp" target="_blank"><b>Part 2</b></a> details the necessary steps to establish an Incident Handling and Response Capability.</font>..