|
|
Advanced
How To Guides
eSecurity
13.
React the right way if something does happen - Incident
Response
Incident response is the ability to identify, evaluate,
raise and address negative computer related security
events. It is the procedures for reacting to your web
site being hacked with unauthorised data changes, employee
data getting into the wrong hands, viruses spreading
through you systems, or financial data posted on the
web, etc. Some companies create internal incident response
teams and others co-develop a plan with the Internet
Service Provider or Application Service Provider.
Response procedures should be documented and include
definition of roles and responsibilities. It also should
include prioritised responses based on the risk of the
incident and the automated and manual responses required.
Guidelines:
Recommendations taken from the SANS security organisation
in its publication Computer Security Incident Handling:
Step by Step:
-
Don't panic - document what happened: Who? What?
When? Where? How?
-
Continue documenting
-
Notify the right people and get help; get a company
phone book
-
Enforce a "need-to-know"; limit full briefing
to a small group o Contain the problem - keep it
from getting worse
-
Assess what damage has been done; identify the problem
-
Make a backup of the affected system(s) as soon
as is practical. Use new disks, do not use recycled
discs. Experts will be able to make a back-up which
takes copies of everything including unused computer
space etc. Basically they will re-create your computer.
-
Deal with the cause; learn from the incident
-
Get back in business. After checking your back-ups
to ensure they are not compromised, restore your
system from back-ups and monitor the system closely
to determine whether it can resume its tasks.
Sometimes,
the only way to know what would happen to your systems
were hacked would be to conduct independent 'ethical
hacking' exercises. The result of such an exercise would
inform you of your system vulnerabilities and give you
the knowledge to create an action plan to resolve. Conducting
periodic assessments ensure incident response and intrusion
detection is occurring in a timely manner and is addressed
appropriately.
Remember
information security is a continuous process and the
most important components in getting high levels of
security are the people who run your organisation and
manage its information. This booklet covers 'basics'
but does not attempt to cover everything about information
security. It raises questions you need to ask. Do not
be afraid to look elsewhere for help as organisations
such as Earnest& Young (www.ey.com)
have a wealth of security experience to draw upon. You
should also could consider subscribing to security organisations
such as System Administrator Network Security (SANS)
(www.sans.org),
CERT (www.cert.org)
or, the Irish Information Security Forum (www.iisf.ie).
and Integrated Security Form (ISF).
These
organisations have a wealth of knowledge in terms of
articles, news, practical examples or product information.
Data freely available includes:
- 0
most critical Internet security vulnerabilities
-
Top vulnerabilities that affect all systems
-
Educational programs
We
hope this guide has given you a better understanding
of what IT security entails. Remember half the battle
is to focus, know what business questions you need to
ask, document and communicate your security plan and
seek help when you need it. Investing in security is
like insurance. People don't like paying the premium,
but when something happens they are sure glad they did.
Useful Links:
The Advanced
How To Guide on eBusiness and Legal Considerations
The Advanced
How To Guide on Developing Website
Privacy Policy
The Advanced
How To Guide on Internal
IT Security Policy and Procedures
| |
