Forgot password?
|
|
|
|
Home
We were unable to sign you in.
Please verify your user name and password and try again. If you do not have a TEC account, register now.
Printer Friendly
  • E-Mail Article
    • To: (e-mail address)
        

      From: (e-mail address)
        

      Subject:


      Message:
       

Contact Us
Articles RSS
Rate this article
     
Average Reader Rating 0.00
You may also be interested in:
The Path to Healthy Data Governance through Data Security
Waking Up to a “New Day” at Infor
Secure Mobile ERP—Is It Possible?

White Papers related to this article:
Developing a Collaborative Endpoint Security Solution: Why Perimeter Security Is Not Enough
Practical Cloud Computing Today—Private Cloud ERP in a Hybrid Cloud Deployment: An Oracle Accelerate for Midsize Companies Briefing
Sustainability through Managed Print Services

Other articles written by Catherine M. Woodbury and CISSP:
Incident Handling and Response Capability: An IT Security Safeguard Part 2: Establishing the Capability

Featured Author
Comments: 
0
Read Comments

Situation

An employee logs in at the beginning of the workday and notices the company website was defaced, who would be notified? Common sense dictates to call the IT department or perhaps the webmaster and the next course of action would probably be to take the website off-line, restore the original file, and put it back on-line. Would there be any type of investigation to determine the cause of the defacement, will anyone look for hidden programs or malicious code introduced at the time the website was defaced? If someone working inside the company caused this, how would it be handled? Without an Incident Handling process, this type of activity can and will be repeated and could damage the company's reputation.

Business operations are completely reliant on the stability of the network function. The invention of the network was to provide rapid information process and access, and did not take into account the evolution of computer crimes from internal and external sources. The Internet has few boundaries, thus each business is required to build and implement their own safeguards. Unfortunately, most IT department's requests for security technology and training are turned down, UNTIL a system security incident occurs. Then the cost to implement countermeasures in addition to the cost of manpower to repair the damage from the incident is a significant blow to the company budget. The cost of implementing the solution prior to the incident would be far less painless for the IT budget (and the staff). The most common reaction is to completely assume a security technology solution will be the holy grail. The unresolved issue for most business operations is to find a security solution that provides not only a reactive but also a proactive process as well.

Look back to the Melissa Virus, an incident which had worldwide impact and forced many businesses to shut down their e-mail for days. Look at the Government websites such as NASA, White House that have been defaced. Identify thefts are on the rise and stealing credit card information is becoming a serious issue. Why then would any business which relies on network operations to survive decide an Incident Response capability is not a wise investment. Most who have invested have done so because they experienced an attack or virus (or several) and realized the need by attrition. Perhaps an auditor has recommended an Incident Response program or it is a Federal Regulation for those in the banking and health care industry. For the majority in the commercial industry, it is a financial investment that can't provide a return on investment dollar figure.

This, Part 1 of a 2-part article on IT Security, discusses the technologies and programs an organization needs to benefit from an Incident and Response Capability.
 
Part 2 details the necessary steps to establish an Incident Handling and Response Capability.

Recognizing the Need

An Incident Response capability, modeled after the Carnegie Mellon Computer Emergency Response Team (CERT) concept, details the process of incident detection, personnel notification, incident investigation and system restoration. If there is no Incident Response process in place, the executive management of a company faced with the scenario above would not be notified of a situation that could result in disabling the network infrastructure.

Although most IT security departments grasp the concept of an Incident Response capability, few have the resources or management commitment to develop an internal capability. Even fewer have the ability to determine where to begin in implementing an Incident Response operational capability which is usually an additional project given to an already over-tasked security team. For most businesses, a "virtual" Incident Handling Capability built from existing resources is sufficient, however, designing the capability and enlisting support from the various departments to participate is often the biggest hurdle to overcome.

Responding to the Need

What are some of the technologies/programs that need to be in place for an organization to benefit from an Incident Handling and Response capability?

Corporate Security Policies

Internal security infractions have become the largest threat in most organizations. Corporate policy needs to define what is an acceptable and unacceptable use of corporate IT resources. Even better, HR can explain this policy as part of new employee in-processing. Should a computer security infraction occur, employers have more legal power to take action against employees who knowingly and willingly put the company at risk by violating well-understood security policies and procedures. This prevention action, which alerts employees there are consequences to such violations, in itself is often a deterrent. It is quite disappointing to respond to an incident, quickly analyze the evidence, identify the source of the attack and find nothing can be done to get retribution for the damage because a policy was not made known.

Critical Assets

Identify which systems are the most critical to the business operations. Incident Handling requires prioritizing the responses based on which system/systems the incident has affected. Prioritization also influences how events/incidents are escalated up the organization management chain. For most, the critical asset study has been completed when choosing the system security technology.

Intrusion Detection Technology

For those organizations who monitor their own Intrusion Detection System the Incident Handling Team may be one in the same. Choosing the technology influences how effective the team will be able to react to alerts and its ability to change detection profiles based on threat trends. Without the appropriate IDS technology in place, the Incident Handling capability cannot react to a timely system security alerting mechanism. What about a Managed Security Service Provider? A growing number of businesses (and even the government) are looking at this option as a viable solution. It is certainly a great benefit to enlist a vendor who has security experts to monitor the tools and inform their clients of certain events on the wire. Realistically, an organization needs to determine how to handle the events/incidents for itself based on its unique business needs. The details of how an incident occurred and how it was handled is proprietary information and should be protected accordingly.

Security Awareness and Training

Educating employees on system security practices and providing direction on how they report breaches expands the organization's level of effort to prevent such infractions. There are certain practices, which require action from the Incident Handlers, that cannot be detected through security software. Be sure to include in the training a method for employees to report such infractions to the Incident Handlers. Provide recurring training to alert employees of changes to the company security practices and to inform them of current threats.

This concludes Part 1 of a 2-part article on IT Security, discusses the technologies and programs an organization needs to benefit from an Incident and Response Capability.
 
Part 2 details the necessary steps to establish an Incident Handling and Response Capability.


About the Author

Catherine Woodbury has more than five years' experience in network security consulting and almost 20 years total in the security field. Her experience includes working at the Air Force Intelligence Agency, where she was responsible for data analysis, critical reporting and dissemination of events related to military intelligence operations. She conducted job proficiency evaluations for personnel assigned to a 24-hour operations facility.

Woodbury has also worked as a contractor for the Defense Information Systems Agency as a member of the Regional CERT Implementation Team. The team was responsible for establishing the five Regional CERTs around the world for DISA. Since June 2000, she has been responsible for the Incident Handling and Response consulting service for AXENT Technologies and Symantec Corporation. She provides proposal development, project costing, project planning and client service delivery for the Incident Handling and Response service. Ms Woodbury can be reached at cwoodbury@symantec.com.

For more information consult the Symantec web site: www.symantec.com.
 

Comments:

Demystifying SAP Solution Manager | Cloud Assets: A Guide for SMBs—Part 3 | I Want My Private Cloud | The Sum of All Malware Fears: Siemens on Stuxnet | Managing the Overflow of E-mails | Security Risk Assessment and Management in Web Application Security | Are You Adequately Protecting Your IT Infrastructure Components Inside the Firewall? | Enterprise Resource Planning Giants Eye the Shop Floor | Who Else is Using Your Wireless Network? | Information Security Firewalls Market Report Part Two: Current Market Trends and User Recommendations | Information Security Firewalls Market Report Part One: Market Overview and Technology Background | Automated Enterprise: Many High-ROI Opportunities | Secure Transfers of Large Files Over the Internet Using YouSendIt | Fed Warms Up to ERP Spending, but Will Contractors and Their ERP Vendors Comply? Part Two: Challenges and User Recommendations | Feds Warms Up to ERP Spending, but Will Contractors and Their ERP Vendors Comply? Part One: Event Summary and Market Impact |
+
Product Review: GFI's LANguard Network Security Scanner | The Best ACT! Is Still to Come | HIPAA-Watch for Security Speeds Up Compliance Part Two: Phase III and IV, and Product and User Recommendations | HIPAA-Watch for Security Speeds Up Compliance Part One: Vendor and Product Information | EAM Versus CMMS: What's Right for Your Company? Part One | Using PKI to Protect Your Business Information | The CyberAngel: Laptop Recovery and File Encryption All-in-One | Evaluating Enterprise Software-Business Process or Feature/Function-Based Approach? All the above, Perhaps? Part Three: Knowledge Bases and User Recommendations | InsideOut Firewall Reporter Unravels the Mysteries of Your Firewall Logs | The Future of Secure Remote Password (SRP) Part Two: Overcoming Obstacles to Success | The Future of Secure Remote Password (SRP) | Integrated Security: A New Network Approach Part Two: The Shift Toward Integration | Integrated Security: A New Network Approach | Vendor Analysis: Kaspersky Anti-Virus Products Examined | 6 Immediate Business Improvements Offered by an Online SRM System: Part 3: Other Points to Consider | Legacy Single Sign-On: Novell, Evidian, IBM, PassGo, or Computer Associates? | Fourth Shift's evolution Within SoftBrands' DemandStream | OKENA Brews Up a StormSystem that Secures All Applications | Incident Handling and Response Capability: An IT Security Safeguard Part 2: Establishing the Capability | Outsourcing Security Part 3: Selecting a Managed Security Services Provider | Outsourcing Security Part 2: Measuring the Cost | Outsourcing Security Part 1: Noting the Benefits | Vendor Review: SecureWave Protects Microsoft Operating System Platforms | Thanks to a Smart Little Company called Lexias, CIOs Can Now Empower their Users to Assist in eBusiness Security | Feds Buckle Down on Customer Information Security | Identix Leads Biometric Authentication | Bootcamp for the Pros; Why Ernst & Young Will Lead Security Auditing Standards | Vendor Analysis: Interliant's Security Vulnerability Assessment | OKENA Pioneers Next-Generation Intrusion Prevention | Social Engineering Can Thwart the Best Laid Security Plans | Application Single-Sign On: Netegrity, Securant, or Evidian? | Lost Your Laptop? The CyberAngel® Brings It Back | InsideOut Makes Firewall Reporting Useful | The SOAP Opera Progresses - Helping XML to Rule the World | Talarian and NextSet Team for B2B Solutions | Tempest Creates a Secure Teapot | E*Trade Ignores Private Security Warning, But Public Hullaballoo Gets Response | My Network Engineers are Talking about Implementing Split DNS. What Does that Mean? | Human-Machine Interaction Company Ramps Up Firewall Product Line | Security Information Market Heading for Growth | Alibris Charged with Intercepting Email | Cart32 in Need of Duct Tape | Deutsche Telekom to Acquire VoiceStream Wireless | Study Shows: FBI Alienates Industry Security Experts | Firewall Cowboyz Set the Stage to Free Innocent Convict | Symantec Swallows AXENT; Takes on Network Associates | Novatel Wireless and Diversinet Team Up to Provide Security for Wireless Modems | Windows 2000 Bug Fixes Posted | Baltimore Technologies Doubles Revenues, Offers World-Class PKI Hosting | The Whys and Hows of a Security Vulnerability Assessment | Earthlink Leads the Way in DSL Security | PKI and Biometrics Ready for Take-Off | Secure Transport of EDI and XML for Trading Exchanges | Can You Trust Entrust? | Standard & Poor's Announces Security Certification | Check Point Leads Firewall Market | Fighting Cybercrime on the Internet | NetWare for Small Business – NetWhy? | Let Your Hard Drives Tell You Where they Are! | E&Y Spins-Off eSecurity Online and Unveils Security Vulnerability Assessment Services | With Record Revenues, AXENT Puts Down a Solid Fist | NAI Will Pay Trend $12.5 Million Resulting from Law Suit | Sub7 Tells Chat Rooms All Your Stuff; F-Secure Leads the Battle | E-Cash Rollout Replaces Amex | GSA Schedule Partnership Gets Network-1 in the Door | Los Alamos Loses Top-Secret Information, Again! | Standard & Poor's Exposes Customers' Security | The AS/400 Takes You Securely Where You Want to Go | Trend Micro Steps into PDA/Wireless AntiVirus Information Market | CryptoSwift Takes Rainbow Revenues Up 620% | Smart Shoppers Go Abroad for Affordable Information Security Programs | Anti-Virus Advisories: Rating Them | The 7 Habits of Highly Effective Security | Fischer’s Prio! SecureSync ~ A Solution to Enterprise Directory Chaos | Abandon All Insecurity, Ye Who Enter Here | Top 10 Excuses For Not Securing Your Website or Network | Ernst & Young Leads Big 5 in Security | 6 Days After Advisory Posted, AboveNet Gets Hit | A Firewall is Cheaper Than a Lawyer | Fixing Security Backdoors:
Red Hat 1, Microsoft 0 | WAP Forum Specifies RSA’s RC5 Encryption For Wireless | Netpliance Responds Quickly to Hardware Hack | Security Stocks Burn Rubber | DSL Provider Scoops up Netscreen Firewall Goldmine | Cyclone Untangles Digital Partnerships | Security Begins on Your Desktop | Network Associates Hopes to Rekindle the Flame | Hacker Publication Gets Top Defense Attorney | Saudi Arabian Network Security Provokes Local Considerations | Gosh, There’s a Bug in Windows 98 | Robust Systems are Built from the Bottom Up | DOJ Keeps Low Profile on Curador; Protect Your IIS Server Today! | Security Breach: Now What? | Sendmail, Inc. and Disappearing, Inc. Team Up to Add Enhanced Security | Is Your Financial Transaction Secure? | Compaq, HP, IBM, Intel and Microsoft Create New PC Security Alliance | Expect Boom in Electronic Signatures | Secure Your Search Engine | President Proposes Security of Medical Records | Sendmail Takes Security to the Next Level with Version 3.0 for NT | CheckPoint & Nokia Team Up to Unleash a Rockin' Security Appliance | Trend Micro Anti-Virus Server for Microsoft Exchange ~ A Secure Choice For Enterprise Wide Anti Virus Protection. | Security Snafu at NetBank | Freeware Vendor's Web Tracking Draws Curses | The "S" in SAP Doesn't Stand for Security (that goes for PeopleSoft too) | Content Technologies releases MIMEsweeper PolicyPlus | Hackers Will Be Out in Full Force On New Year's Eve | Analysis of Virgin Net's Hacker Scare | Network Associates RePositions Itself as a Security E-Village | Lexiguard™: The Coming "Adobe Acrobat" of Encryption | CyberPeepers from Korean Sites Peek at U.S. Networks | Would You Hire a Hacker? What Would Your Mother Say? | @Home Scans Own Customers | CIOs Need to Be Held Accountable for Security | New Market for Security Insurance | At Least Your Boss Can't Read Your Home E-mail, Right? Wrong! | PrettyPark Virus Litters Cyberspace | Packard Bell / NEC Leads Secure Etoken Deployment | Congress Acknowledges Outdated Banking Laws | How Secure is Your E-Mail? | Trend Virus Control System - A Centralized Approach to Protection | VPNs Are Hot, but What Are They? | ATM Machines Hacked in Moscow | How To Mitigate Holiday Cybercrime | Surf's Up at Akamai |


Recent Searches
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Others
A: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
B: 1 2 3 4 5 6 7 8 9 10 11 12 13 14
C: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
D: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
E: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
F: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
G: 1 2 3 4 5
H: 1 2 3 4 5 6 7 8 9 10 11 12 13 14
I: 1 2 3 4 5 6 7 8 9 10 11
J: 1 2 3 4
K: 1 2 3
L: 1 2 3 4 5 6 7 8 9
M: 1 2 3 4 5 6 7 8 9 10 11
N: 1 2 3 4 5
O: 1 2 3 4 5 6 7 8
P: 1 2 3 4 5 6 7 8
Q: 1
R: 1 2 3 4 5 6 7
S: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
T: 1 2 3 4 5
U: 1
V: 1 2
W: 1 2 3 4 5
X: 1
Y: 1
Z: 1
Others: 1

Use this index to search for white papers related to commonly used search terms A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Others 
Home  |   Careers  |   Contact Us  |   Glossary  |   Special Offers  |   Software Features & Functions  |   Software Selection Shortcuts  |   Feedback  |   Terms of Use  |   Privacy Policy

©2012 Technology Evaluation Centers Inc. All rights reserved. Search powered by Google