StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information Security Incidents - Assignment Example

Summary
The paper "Information Security Incidents" highlights that the aim of eradication is to get rid of malware from infected systems since the possible need for suppression efforts, organizations must be ready to use a different grouping of suppression methods concurrently for diverse conditions…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.3% of users find it useful
Information Security Incidents
Read Text Preview

Extract of sample "Information Security Incidents"

Information Security Incidents How does your organization respond to information security incidents? Do you have a formal incident response team? Is there a structured training program that helps identify incidents? Analyze the effectiveness of your organization’s approach. Response to information security incidents As and when computer security challenges arise, it is crucial for the organization to act fast and efficiently respond to the problem. The damage caused to the organization by and attack or incident depends on the speed with which the organization can identify and then effectively evaluate it and react. Cautious study of the nature of the attack or incident can lead to the accomplishment of efficient and extensive defensive procedures and the averting of analogous events. Such capability to react fast and successfully to a computer security hazard is a decisive component in offering a protected computing atmosphere. Computer security incident activity may be explained as network or host activity that having a possibility to terrorize the security of computer systems or may be thought as the act of violating an overt security strategy. For instance, attempts to illegal access to a system or denial of service, illegal use of a system for the processing of data changes to system hardware, or software without the proprietor’s awareness or consent. In order to provide a protective environment is to establish a formal incident response competence. This can be accomplished in the form of wide-ranging strategies and measures for exposure, studies, and reacting to computer security episodes. This can also be achieved in the form of a recognized or selected group that is endorsed with the task for managing computer security procedures. Such a group is usually called as Computer Security Incident Response Team (CSIRT). (Killcrece, et.al.2003). Computer Security Incident Response Team (CSIRT) The CSIRT is a service organization that is in charge for receiving, analyzing, and counteracting to computer security incident reports and events. Usually their services are availed by a distinct community that could be a parent entity such as a company, governmental, or educational organization etc. A CSIRT can be a recognized team or an informal team. The recognized team carryout incident response tasks as its most important function. Generally, the informal team is made responsible through an ongoing computer security incident or to take action to an incident whenever the need come up (CERT, 2007). In our organization we have Computer Security Incident Response Team (CSIRT). The advantage of having such a team helps to maintain incident handling activities, allows them to further improve knowledge in understanding interloper tendencies and attacks, together with gaining knowledge in incident response methods. A CSIRT offers a single point of contact for reporting computer security incidents and troubles. This makes possible the team to serve as a warehouse for incident data, a place for incident scrutiny, and a planner of incident response across an organization. This planning can extend further outside the organization to comprise cooperation with other teams, security professionals, and law implementing agencies. This interaction with other CSIRTs and security organizations can make possible, sharing of response policies and give early awareness of possible harms. Accordingly, the CSIRT can suggest plan to avoid intruder actions from growing or taking place in any way. (Killcrece, et.al.2003). Structured training program Several organizations get trained to respond to security incidents only after an attacks and its miserable aftereffect. Appropriate incident response ought to be an essential component of the general security plan and threat alleviation approach. Obviously, there are direct benefits in responding to security incidents. Before implementing an incident team there should be a level of alertness maintained. The wisdom of security plan must comprise information on how to react to diverse type of attacks. Considering all these points and to efficiently respond to security incidents our organization have a structured training program for those who newly inducted in CSIRT. Generally the training is provided regarding constituency and constituencys systems and operations, standard operating procedures and strategies, information disclosure policy, and equipment and network adequate use policy. It is necessary for the CSIRT staffs to learn clearly to set up and implement all policies and procedures. Several security incidents are unintentionally created by CSIRT workers who have not understood the operating procedures or have inappropriately set up security devices, such as firewalls and verification systems. There is a need to regularly review vulnerabilities of the setting. Appraisals should be carried out by a security expert with the proper consent to execute these procedures. CSIRT personal should be aware of the locations of backups, who can access them, and the procedures for data restoration and system revival. Therefore it is critical to have proper structured training for CSIRT personals to maintain a thorough knowledge about various procedures concerning information security incidence response and also to update their knowledge in modern technological development in information security incidence response activities. The prime vulnerability in any system is the inexperienced user (Microsoft TechNet, 2008). Effectiveness of our organization’s approach Malware, also known as malicious software, is the most critical external hazard to the majority of systems, resulting extensive harm and interruption, and demanding widespread revival efforts in most organizations. Spyware.malware planned to infringe a user’s privacy has as well cause a major anxiety to organizations. Further to that, organizations also face parallel threats such as phishing, which is using misleading computer-based system to ploy individuals into revealing sensitive data. Our organization takes efficient approach to respond to these attacks. Our organization follows the four most important phases explained in NIST Special publication 800-61, Computer Security Incident Handling Guide, that is, preparation, detection and analysis, containment/ eradication/ recovery, and post-incident activity. Under the heading of Preparation organizations must carry out procedures to make sure that they can react well to malware incidents by developing malware-specific incident management policies and events, performing malware-oriented training and exercises, delegating persons or a team like CSIRT, to be accountable for managing the organization’s information security incidence responses. Detection and Analysis must attempt to sense and confirm malware incidents quickly since virus can multiply through an organization very fast. Detection and analysis at an early stage can help lessen the number of infected systems, which will in turn reduce the extent of damage to the organization and the cost for revival attempt.  Malware incident containment comprises, preventing the spread of malware and stopping more harm to systems. All malware incident needs containment actions and it is vital for an organization to choose the methods of containment to exercise an early response. Containment approaches must help incident managers in choosing the suitable grouping of containment processes for the specific condition.  The aim of eradication is to get rid of malware from infected systems since the possible need for suppression efforts, organizations must be ready to use different grouping of suppression methods concurrently for diverse conditions. Recovery from malware incidents are reinstating the operation and data of infected systems and lifting provisional containment procedures. Organizations must think probable worst-case situations and resolve the recovery with renewal of systems from identified good backups. Post-Incident Activity is extremely vital for an organization to perform review of previous major malware incidents to avoid such episodes from happening. This will help an organization to advance its incident managing ability and malware defenses (Mell, et.al., 2005). References CERT, (2007) CSIRT FAQ Software Engineering Institute, CERT® Coordination Center Carnegie Mellon. Retrieved March 07 2008, from: http://www.cert.org/csirts/csirt_faq.html Killcrece, G., Kossakowski, K.P., Ruefle, R. Zajicek, M. (2003). Networked Systems Survivability, Organizational Models for Computer Security Incident Response Teams (CSIRTs) HandbookCMU/SEI-2003-HB-001 Mell, P., Kent. K., Nusbaum, J. (2005) Guide to Malware Incident Prevention and Handling. NIST Special Publication 800-83 Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 Retrieved March 07 2008, from: http://csrc.nist.gov/publications/nistpubs/800-83/SP800-83.pdf Microsoft TechNet. (2008). Responding to IT Security Incidents Microsoft Corporation Retrieved March 07 2008, from: http://www.microsoft.com/technet/security/guidance/disasterrecovery/responding_sec_incidents.mspx Read More

CHECK THESE SAMPLES OF Information Security Incidents

Security Breaches and Incident Handling in Organization

As per network dictionary, “Incident response team refers to a group of people who are responsible for handling Information Security Incidents when they occur”.... Incident handling is an essential process as security incidents that are initiated in organizations, breach data servers containing confidential and mission critical data and disrupt business processes.... The CSIRT is defined as “Computer security incident response team (CSIRT) is a term used by the CERT Coordination Center (CERT/ CC) to describe a service organization that responds to computer security incidents” (Computer Security Incident Response Team....
7 Pages (1750 words) Research Proposal

The Information Security Officer in a Well-Defined Process

The paper "The information security Officer in a Well-Defined Process" gives detailed information about a reference for the management, administration, and other technical operational staff.... Security incident management facilitates the development of security incident handling and planning including preparation for detection and reply to information security issues.... information security Successful information security management involves an amalgamation of prevention, detection and response in order to deploy a strong security defense....
6 Pages (1500 words) Assignment

The Adoption of Intrusion Detection System

75% of participants in the study indicated they had experienced financial losses as a result of Information Security Incidents (Richardson, 2003).... The paper "The Adoption of Intrusion Detection System" highlights that information security is a major concern of organizations today.... information security is a major concern of organizations today.... The 2003 survey on information security experiences and practices conducted by the Computer Security Institute (CSI) and U....
4 Pages (1000 words) Essay

Establishing a Business Continuity Plan

As per network dictionary, “Incident response team refers to a group of people who are responsible for handling Information Security Incidents when they occur”.... Incident handling is an essential process to address security incidents that are initiated in organizations, breach data servers containing confidential and mission critical data and disrupt business processes.... The CSIRT is defined as “Computer security incident response team (CSIRT) is a term used by the CERT Coordination Center (CERT/ CC) to describe a service organization that responds to computer security incidents” (Dong, n....
7 Pages (1750 words) Essay

Successful Information Security Management and Computer Security

Incident response teams consist of groups of professional responsible for eliminating Information Security Incidents when they take place (Anon.... The current staff will not be able to handle security incidents due to insufficient skills.... The reporter underlines that uccessful information security management involves an amalgamation of prevention, detection and response in order to deploy a strong security defense.... A system should also be able to counter incidents and raise proper procedures in case an information security incident occurs....
8 Pages (2000 words) Assignment

Developing the Corporate Strategy for Information Security

he CIO also possess the function of designing as well as executing policies, processes and standards among others that are required in order to ensure significant compliance with applicable laws and regulations with respect to reporting and notification of Information Security Incidents.... This report "Developing the Corporate Strategy for information security" discusses a chief information security officer that is often assigned to perform vital functions within an organization....
5 Pages (1250 words) Report

Managing a Computer Security Incident Response Team

defines a set of tables of information security incident challenges, including the importance of specific categories of incident and all the most likely computer Information Security Incidents that an enterprise will encounter on a daily basis. ... Kabay, PhD, CISSP-ISSMP, September 18, 2007], who emphasizes that the medical principle of triage applies equally well to computer Information Security Incidents.... abay[2007] considers that the triage principle is most appropriate to computer Information Security Incidents, and works well for most types of emergency response....
13 Pages (3250 words) Research Paper

Information Security Policy for ABCD University

esponse to Information Security Incidents ...  This policy outlines the protection of information and data in relation to security of third party access, asset classification and control, data or information classification, user training, response to security incidents and malfunctions, physical and environmental security, access control, cryptographic controls, compliance and system audit controls. ... This paper "information security Policy for ABCD University0 " outlines the institution's plans and strategies to be used in safeguarding its information and physical technology facilities....
7 Pages (1750 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us