StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Computer Incident Response Teams Are Needed for Controlling the Impact of a Security Breach - Research Paper Example

Cite this document
Summary
From the paper "Computer Incident Response Teams Are Needed for Controlling the Impact of a Security Breach" it is clear that the CIRT would inspect to check where the intrusion was initiated. The network connections would be temporarily disconnected to stop the problem from spreading…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER92.2% of users find it useful
Computer Incident Response Teams Are Needed for Controlling the Impact of a Security Breach
Read Text Preview

Extract of sample "Computer Incident Response Teams Are Needed for Controlling the Impact of a Security Breach"

1. Introduction It is always beneficial for organizations to be predictive rather than reactive in conducting its business. To remain competitive in the industry, an organization must foresee what will come ahead and in turn plan for it. A reactive organization on the other hand responds to the situation as it arises. When we talk about security, a predictive setting and plan must already be in place for a security breach. Even if one is prepared, a quick response is necessary before any damage can be done. "Since more than the money on the line, companies that fail to react quickly to security incidents stand to suffer damage to their reputations and lose customers". (Vijayan, 2002) 2. CIRT CIRT or Computer Incident Response Teams are specially those kinds of teams that are formed for the purpose of minimizing and controlling the impact of a security breach or other emergency (Brussin, Cobb, & Miora, 2003). They are also known as CERT (Computer Emergency Response Teams) and CSIRT (Computer Security Incident Response Teams), but they basically attempt to do the same in case of a computer security threat. 3. Do we need a CIRT This question can only be truly answered by predicting the trends in intrusion and the level of threats expected. Usually, the answer is yes to the above question since an organization rather be safe than sorry! With the increasing number of viruses, spywares, backdoors in the systems being detected, having a CIRT is a must for any organization having informational data on the computers. 4. The CIRT Plan Before assigning the team and its task, the management needs to make a proper business plan in case of an incident. The plan includes all the details about the CIRT and all the information that the CIRT need to know. Furthermore, for the plan to be successful, the strategy must be feasible, approved and legally reviewed. "It is critical that practice emergencies are staged and response times measured. This would require financial and executive/upper management support and commitment to the CIRT need". (RHE, 2004) 4.1 Policies Policies regarding the computer system must be in place before hand. The breach would usually occur when that policy is not obeyed, thus it is imperative to have policies so that the root cause of the problems can be found. These policies need to be documented and provided to every member of the organization so that everyone is aware of security guidelines and the procedures for emergency situations. (Lucas & Moeller, 2003) 4.2 Human Resource An emergency is never planned so the people in the CIRT must accept the responsibility that is required of them to respond to an emergency at any hour. In selecting the human resources to assign the responsibility of computer security, only trust worth people should be selected. The people on the team must have a desire to rescue their company from the danger. "The technical expertise is of no use if a person who is supposed to do his job, ignores the emergency signal. Also sometimes due to time or financial constraints, the human resource includes logistics such as location and availability of technical workers". (RHE, 2004) On the CIRT teams, usually system and network administrators are used as well as information security experts. "System administrators provide the knowledge and expertise of system resources, including data backups, backup hardware available for use, and more. Network administrators provide their knowledge of network protocols and the ability to re-route network traffic dynamically. Information security personnel are useful for thoroughly tracking and tracing security issues as well as performing a post-mortem (after the attack) analysis of compromised systems" (RHE, 2004). To be sure of the human capability, additional personnel should be kept for backup in case some member doesn't show up. Although this option may not always be feasible, an organization should at least try to then cross-train their workers so that they can substitute a place if someone is absent in the need of the hour. (RHE, 2004) 4.3 Department The CIRT should ideally be an independent division of the organization that although independent, works homogeneously with all other departments. However due to management difficulties and financial restrictions, many companies put the team within the IT group or to the security or audit group (Vijayan, 2002). Whichever department they may be situated in, it is imperative that they work as a team and respond quickly to situations. 4.4 Response to an Emergency The basic purpose of the CIRT is done in this part of the plan. It includes 4.4.1 Immediate Action: The CIRT must be put on active monitoring so that as soon as an emergency comes up, the response it immediate (Brussin, Cobb, & Miora, 2003). The team members would be contacted and required to appear on the scene to inspect and minimize the loss. (RHE, 2004) 4.4.2 Intrusion Detection and Digital Forensics: The CIRT would inspect to check where the intrusion was initiated. The network connections and all other affected systems would be temporarily disconnected to stop the problem from spreading. The specialist digital forensics people will thoroughly validate the clues provided by the initial investigators and then determine the full extent of the system penetration and give ideas as to what can be done to solve it (Chapin & Maciag, 2004). 4.4.3 Restoration of affected resources: While the investigation is in progress, some of the team members should start to recover data and system information. This is where the backups and data storage come in use. When the problem has been caught, the team members would start patching the affected network/system to restore it for use. (RHE, 2004) 4.4.4 Reporting the incident to the proper channels. The system shupdown and breach would have caused some problem for the orgnizatoin and its customers (RHE, 2004). From the notes about the response taken by the team, a full report on the loss should be given. This would help in informing the relevant authortis especially the insurance companies and law enforcement agencies. (Himma & Dittrich, 2005) 5. Putting the Strategy Inplace Finally the policies, people and the plan must be in place so that incase a security breach occurs, CIRT would be prepared to deal with it. The secret of the quickness of response lies in the active monitoring of the system at all times. Works Cited 1. Brussin, D., Cobb, S., & Miora, M. (2003). Generic Computer Incident Response Team Plan. 2. Chapin, S. J., & Maciag, C. J. (2004). Forensic Analysis of Windows Systems. 3. Himma, K. E., & David Dittrich. (2005). Active Response to Computer Intrusions. 4. Lucas, J., & Moeller, B. (2003). The Effective Incident Response Team: Chapter 8, The Puzzle in Action. Addison-Wesley. 5. RHE. (2004). Creating an Incident Response Plan. Retrieved January 16, 2008, from Red Hat Enterprise Linux: http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/s1-response-plan.htmlhttp://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/security-guide/s1-response-plan.html 6. Vijayan, J. (2002). Build a Computer Incident Response Team. Retrieved January 16, 2008, from Computer World: http://www.computerworld.com/securitytopics/security/story/0,10801,72637,00.html Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Computer Incident Response Teams Are Needed for Controlling the Impact Research Paper”, n.d.)
Computer Incident Response Teams Are Needed for Controlling the Impact Research Paper. Retrieved from https://studentshare.org/information-technology/1508552-computer-incident-response-teams-essay
(Computer Incident Response Teams Are Needed for Controlling the Impact Research Paper)
Computer Incident Response Teams Are Needed for Controlling the Impact Research Paper. https://studentshare.org/information-technology/1508552-computer-incident-response-teams-essay.
“Computer Incident Response Teams Are Needed for Controlling the Impact Research Paper”, n.d. https://studentshare.org/information-technology/1508552-computer-incident-response-teams-essay.
  • Cited: 0 times

CHECK THESE SAMPLES OF Computer Incident Response Teams Are Needed for Controlling the Impact of a Security Breach

Cyber Terrorists: Shutdown the Internet

The major security forces of the world have strengthened their operation and have manipulated every possible measures to encounter the brutal acts of terrorist, but not very often they did managed to escape from the parasitism of terror.... The concept of ethical hacking has lead to the upgradation of many soft wares and has even strengthened the security of the internet.... In case of most cyber attacks the attackers search for the vulnerability of security in the system and try to gain access....
15 Pages (3750 words) Essay

The Proliferation of Electronic Patient Records

The objective of this study is to gain a better understanding of the impact of information security policy and its effect on the number and seriousness of computer abuse incidents that involve the security of personal medical information maintained at hospitals.... In order to affect the behavior of individuals, in this study we hypothesize that security of personal information necessitates the creation of information security policy at a level significant enough to influence the conduct of human behavior in the daily work environment....
30 Pages (7500 words) Essay

Small Group and Team Communication

Within this process, ethics becomes a crucial part guarding and controlling decision-making process.... teams have accountable membership, often work in unpredictable ambiguous environments, and process information (or enact various functions) for variable lengths of time....
5 Pages (1250 words) Essay

Relation between Domestic Terrorism and the US Armed Forces in the Mid-90s

Recent incidents, particularly the Weaver family incident at Ruby Ridge, Idaho, and the incident at the Branch Davidian compound near Waco, Texas, have brought into question the extent to which government interdiction of armed citizens groups is actually legitimate before it violates their Constitutional civil rights....
10 Pages (2500 words) Case Study

Critical Incident Response Analysis

This paper, Critical incident response Analysis, highlights that critical incidents occur in situations of crisis and disaster and are caused by a naturally occurring phenomenon like cyclones, earthquakes or man-made ones like terrorist activities, transportation disasters etc.... hellip; As the discussion stresses, crisis management and preparing and delivering a Critical incident response comprise of some of the most essential tasks that governments, law and order agencies and other crime-fighting agencies have to be well equipped to undertake....
12 Pages (3000 words) Term Paper

Cyber Terrorists: Shutdown the Internet

The author concludes that the threats by the possible cyber attacks can be critical enough to drive the attention of the security agents of the developed and the developing countries.... nbsp;… There is also the presence of the United States Computer emergency readiness team (CERT) which works under the domain of the National Cyber security division.... The concept of ethical hacking has to lead to the upgradation of many soft wares and has even strengthened the security of the internet....
10 Pages (2500 words) Term Paper

Distribution Enterprise Rent-A-Car

his, however, does leave out the exception or possibility that additional premises for training might be needed.... This project plan's purpose is to document all the managerial aspects of a training project by the name Organization of national training, which is to be executed by Enterprise Rent-A-Car, an international company created in the year 1957 and offers a range of car leasing, vanpooling etc....
10 Pages (2500 words) Assignment

Amazon's Recovery Procedures in Case of Disaster - Response, Resumption, and Restoration

The hub offers a crucial acumen platform for resolution architects and recovery persons in collecting vital data manage recovery undertakings and controlling employees as the disaster state decrees (Gustin, 2010).... The paper "Amazon's Recovery Procedures in Case of Disaster - response, Resumption, and Restoration" concern plan of activation procedures, rollback guidelines to ensure the affected operations return to the standard operating state, recovery and technical response flow, recommended personnel, etc....
12 Pages (3000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us