StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Security Breaches and Incident Handling in Organization - Research Proposal Example

Cite this document
Summary
This resarch proposal "Security Breaches and Incident Handling in Organization" discusses the risk management process that involves the implementation of safeguards and controls that are constantly monitored. The risk management process identifies information assets and their vulnerabilities…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER93% of users find it useful
Security Breaches and Incident Handling in Organization
Read Text Preview

Extract of sample "Security Breaches and Incident Handling in Organization"

?Introduction Incident handling procedures are not similar as they vary on different business processes of the organization. Network dictionary defines incident handling as “Incident Handling is an action plan for dealing with intrusions, cyber-theft, denial of service, fire, floods, and other security related events. It is comprised of a six-step process: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned”. Depending on the nature of business, processes can be associated with law enforcement agencies, government institutions, public information providers, information technology etc. in order to handle security incident within the organizations, teams are created that are called as incident response teams. As per network dictionary, “Incident response team refers to a group of people who are responsible for handling information security incidents when they occur”. Incident handling is an essential process as security incidents that are initiated in organizations, breach data servers containing confidential and mission critical data and disrupt business processes. The impact of these incidents provides severe losses in terms of organization reputation in the market, trust in customers and credibility. This proposal is constructed on the basis of a questionnaire and will highlight solutions for minimizing incident handling and security breaches in an organization. The effective incident management approach will minimize issues related to security breaches and other possible threats. The information provided in this proposal is handled with strict confidence. The objectives for this research proposal demonstrates: Research and studies conducted to improve incident management and security breaches Highlighting security management issues with the aid of questionnaires Literature Review In this decade, Security management has become far beyond advanced as compared to simple security techniques. (, SWBC - Thesis: Improving security incident management in multination IT service providers - Software Business Community) The factors that are increasing demands on security management are: Attacks on information systems have significantly increased Legal regulations in order to standardize audits and security functions Interest of management to gain control for the security of business functions along with cost These three factors need to be handled to provide better security. In order to tackle all three factors, Christian Fruhwirth, recommended an event based intrusion detection system in 2008. The system will support these three factors by (, SWBC - Thesis: Improving security incident management in multination IT service providers - Software Business Community): Advanced tools incorporated with IDS to detect intrusions and eliminate attacks Standardized frameworks to handle legal compliance Efficient security management application tools to handle the management. Moreover, an article was published related to compromise recovery and incident handling. The article highlighted mishaps from concerned security administrators for installing default programs from a compact disc. These stored programs on a compact disc facilitates hackers to breach security by storing porn contents, configuring an illegal server, initiating attacks on other information assets and breaching server on the network. In order to eliminate all these threats and vulnerabilities, reviewing and learning the functionality of threats is essential. This will certainly reduce the probability of security incident in organizations (Compromise Recovery and Incident Handling. 2003). One more research was conducted related to a Proposed Integrated Framework for Coordinating Computer Security Incident Response Team. Conventionally, computer security incident response teams (CSIRT) are responsive for viruses, hacking and unauthorized access of employees. The CSIRT is defined as “Computer security incident response team (CSIRT) is a term used by the CERT Coordination Center (CERT/ CC) to describe a service organization that responds to computer security incidents” (Computer Security Incident Response Team. 2007). The research transformed these teams in to efficient tools that will maintain efficiency of business operations, compliance along with new regulations and homeland security. Those organization possessing incident response teams follows a systematic approach and steps to recover the system efficiently from any security breach or incident. Moreover, the existence of teams, eliminates loss or information theft and service disruption. Furthermore, the information gained by detecting and resolving an incident, facilitates support teams to be more efficient for handling future incidents (, Central Washington University - Networks: Incident Handling).Likewise, these teams are called security incident response teams (SIRT). They are triggered when a security breach shows its existence within the network of an organization. However, these teams conduct investigation of suspect workstations and servers. For instance, if a server is responding slowly, or a workstation is broadcasting messages, are examined for any possible security incidents. After specifying the incident that is related to security, the incident recovery steps are performed accordingly to assure adequate information collection and documentation. There are cases where security incidents also involves the contribution of law enforcement agencies, concerned managers, board of directors of an organization and security professionals to resolve and recover from security incidents (, Incident Handling ). Incidents in the context of adverse events demonstrate a negative impact for organizations. Adverse events includes a system crash, flooding of network packets, unauthorized access of system privileges, viruses, malicious codes etc. incidents in the context of computer security are referred as a policy violation for computer security policies and standard security practices. Project Plan Milestone Description Date Research to demonstrate improved practices and methods related to incident management and security breaches The research that is conducted by questionnaires in order to integrate information related to the topic Literature View Includes studies, surveys and researches in order to improve incident handling and security breaches in an organization Legal Issues Laws that are abided with incident handling and security breaches in an organization Risk Management Managing different factors for securing the network environment of an organization Legal Issues The legal procedures are essential to be addresses. Organizations should maintain a record of all the incidents that took place in the past. There should be an incident response plan that will be supervised by the legal advisor for the regulation of the legal affair. This also includes availability of the systems, legal trial, and incident recovery team who will deal for the training purpose of the employees and incident response tests. For eliminating the incidents, some security measures needs to be operational. Security patch updates are essential on regular basis in order to protect the mission critical system of the organization. The servers providing services is mandatory to be protected at all times. Antivirus updates are required to be updated on daily basis, in order to update the systems for any upcoming threats. Monitoring is also required for Network and system security. For updating the antivirus and patches, training is required for the employees enabling them to protect their systems. To address legal and ethical issues, several stages are followed, including identification stage, containment stage, eradication stage, recovery stage and follow up stage. The incident identification stage includes alerts types. What kind of alerts are generated before the incident took place and to justify whether the source of the incident is ‘internal’ or ‘external.’ The prioritization is essential and is based on two factors. The present and prospect effect of the incident The impact and resources In the containment process, damages must be minimized and stopped. A strategy must be adopted for each incident type according to its impact in order to stop the damages. It should consider the probable damages and the requirement of evidence preservation, service availability and the time required for solving the incidents. This approach will be obliging if the attackers have used the organization’s system as a carrier to attack other networks, resulting in a possible legal action against them (Kruse et al.,2001). The evidences are recorded for legal matters in the future after a forensic report, the process of storing these evidences has to be accepted by the law. The organization should be well aware of the compliance and legal rights. Standards must be considered to preserve privacy, for instance Data protection act (1998). The threats from the network are eliminated in the eradication stage. It is possible by conducting forensic analysis and identifying the vulnerability that created the incident initially. In the recovery stage, the system should be normalized and all the services will be restored after removing any backdoors, Trojans, viruses and hacking tools. After the removal, security patches update the software. In the follow up stage, the mistakes and flaws due to which the incident happened in the first place need to be controlled and eliminated in future. The meeting should be called for brain storming the issues, and for improving the incident-handling plan. Recommendations from the meetings modify the policies, procedures and plans for managing the incident in a better way in future. In the end the modified policies are implemented after approval to keep the organization competitive for future threats (, UB Computer Security ). Risk Management Before conducting risk management, core factors are considered. The identification of information assets is vital. Information assets are defined as the entities that hold organization data. A good definition is available on ‘www.ibm.com’ which states it as, “information assets are specific to your business functions and business strategies, they may be contained within broad categories such as contractual and legislative compliance, those needing virus prevention, those critical to business recovery following security compromises, etc.” The information assets for an organization will be the technology assets, data asset, service asset and people asset. In a typical scenario of an organization’s network, the owners for server hardware will be the server administration group. The owners for the applications running on the servers will be the application support group and the owners for the data, which is stored on the server, will be system development group. Moreover, the risk management process involves the implementation of safeguards and controls that are constantly monitored. Risk Management process identify information assets and their vulnerabilities for ranking them as per the need for protection. Moreover, risk identification consisting of self-examination. Managers identify the critical information assets at this stage. The important assets may include people, data, network components, software components, and hardware components. Furthermore, Risk Classification & Prioritization includes the classification of the assets are allocated, in to useful groups with priorities depending on the business impact of each asset. The organization should answer these questions: Which information asset is the most critical to the success of the organization? Which information asset generates the most revenue? Which information asset generates the highest profitability? Which information asset is the most expensive to replace? Which information asset is the most expensive to protect? Which information asset’s loss or compromise would be the most embarrassing or cause the greatest liability? References , Incident Handling . Available: http://www.ucop.edu/irc/itsec/uc/incident_handling.html [5/2/2011, 2011]. , Central Washington University - Networks: Incident Handling . Available: http://www.cwu.edu/~networks/intrusion_detection1.html [5/2/2011, 2011]. Incident Response Team. 2007. Network Dictionary, , pp. 242-242. Incident Handling. 2007. Network Dictionary, , pp. 342-342. , SWBC - Thesis: Improving security incident management in multination IT service providers - Software Business Community . Available: http://www.swbcommunity.org/swbc/index.php/Thesis:_Improving_security_incident_management_in_multination_IT_service_providers [5/2/2011, 2011]. Compromise Recovery and Incident Handling. 2003. Data Security Management, 26(5), pp. 1-9. Computer Security Incident Response Team. 2007. Network Dictionary, , pp. 116-116. KRUSE,W.G and J.G. HEISER, (2001), Computer Forensics: Incident Response Essentials.Addison-Wesley , IBM - Security policy definition - Hong Kong . Available: http://www-935.ibm.com/services/hk/index.wss/offering/its/b1329378 [3/17/2011, 2011]. , UB Computer Security . Available: http://computersecurity.buffalo.edu/presentations-07/shinil-UB_InfoSec_Workshop_Incident_Handling_part1.pdf [5/4/2011, 2011]. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Security breaches and incident handling in organization Research Proposal”, n.d.)
Retrieved from https://studentshare.org/gender-sexual-studies/1417037-security-breaches-and-incident-handling-in-organization
(Security Breaches and Incident Handling in Organization Research Proposal)
https://studentshare.org/gender-sexual-studies/1417037-security-breaches-and-incident-handling-in-organization.
“Security Breaches and Incident Handling in Organization Research Proposal”, n.d. https://studentshare.org/gender-sexual-studies/1417037-security-breaches-and-incident-handling-in-organization.
  • Cited: 0 times

CHECK THESE SAMPLES OF Security Breaches and Incident Handling in Organization

Incident Response, Business Continuity and Disaster Recovery Plans

However, business continuity planning is not limited to disaster recovery and incident management.... In order to achieve the primary objective of online service delivery, the organization must address and establish business continuity planning.... The BCP increases the image of an organization among the employees, shareholders and consumers through representing a positive approach.... Therefore, generating BCP ensures any organization is able to resolve any of the above crises....
21 Pages (5250 words) Case Study

The issues, procedures, and techniques involved in IT resource contingency planning

As per the hypothetical case study, currently there is no business continuity, disaster recovery and incident response plans.... In this regard, a study of a sampled organization which has implemented a range of technologies is to be accomplished.... A secondary purpose of the investigation is to develop a set of the effective measures to ensure that the organization achieves business continuity after incidences with minimum incurrence of costs....
10 Pages (2500 words) Research Paper

The Information Security Officer in a Well-Defined Process

Security incident management facilitates the development of security incident handling and planning including preparation for detection and reply to information security issues.... Security incident management facilitates the development of security incident handling and planning including preparation for detection and reply to information security issues.... The security incident of different computing systems will have dissimilar effects and escort to different consequences, bureau, departments the organization needs to tailor the security incident handling plan according to specific operational requirements....
6 Pages (1500 words) Assignment

Data Loss Prevention

According to Mary Monahan, a senior analyst at Javelin Strategy & Research, a Pleasanton research organization, 312 security breaches occurred in 2006 in the United States, giving away 20 million records, while in 2007, 446 security breaches occurred resulting in the exposure of 128 million records.... (Javelin, 2008)Even though the number of security breaches grew by more than a hundred in the United States from 2006 to 2007, ironically, there was a slight decrease in the losses incurred due to these infiltrations....
8 Pages (2000 words) Essay

Evidence Management In My Organization

o cater for the increasing number of attack incidents, an approach must be formulated to respond to such unpleasant events so that the effect of such attacks on the organization is minimized.... Also, the methodology must be efficient emphasizing low resource utilization because finance in an organization is another contingent controlling variable.... Methodologies are being developed and improved to combat, investigate and prevent such breaches into system boundaries1....
4 Pages (1000 words) Essay

Establishing a Business Continuity Plan

In the paper 'Establishing a Business Continuity Plan' the author analyzes establishing BCP/DR planning and incident response teams/planning.... Classifying Business Impacts for Interruptions or IncidentsThe disruption impact on significant services or the products helps in the verification of how long functions of an organization can work without services or products.... The internal dependencies comprise of availability of staff, information, equipment, applications, transport, human resource, security and information technology (IT) support services....
7 Pages (1750 words) Essay

Successful Information Security Management and Computer Security

Information security incident handling takes a stride forward in the information security management procedure.... ecurity incident management facilitates the development of security incident handling and planning including preparation for detection and reply to information security issues.... The security incident of different computing systems will have dissimilar effects and escort to different consequences, bureau, departments the organization needs to tailor the security incident handling plan according to specific operational requirements....
8 Pages (2000 words) Assignment

An Analysis of Security Breaches and Incident Handling

This report has presented a deep analysis of some of the main aspects of security breaches and incident handling.... This research paper presents a comprehensive analysis of some of the main aspects of incident handling in case of some security breaches.... This paper will assess and analyze some of the main aspects of incident handling methods along with the ways to manage and corroborate the business continuity.... In this scenario, the author outlined some of the main aspects regarding prime ways along with types of security breaches those can happen in some business framework....
20 Pages (5000 words) Assignment
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us