Information Security Incidents - Assignment Example

Information Security Incidents How does your organization respond to information security incidents? Do you have a formal incident response team? Is there a structured training program that helps identify incidents? Analyze the effectiveness of your organization’s approach. Response to information security incidents As and when computer security challenges arise, it is crucial for the organization to act fast and efficiently respond to the problem. The damage caused to the organization by and attack or incident depends on the speed with which the organization can identify and then effectively evaluate it and react. Cautious study of the nature of the attack or incident can lead to the accomplishment of efficient and extensive defensive procedures and the averting of analogous events. Such capability to react fast and successfully to a computer security hazard is a decisive component in offering a protected computing atmosphere. Computer security incident activity may be explained as network or host activity that having a possibility to terrorize the security of computer systems or may be thought as the act of violating an overt security strategy. For instance, attempts to illegal access to a system or denial of service, illegal use of a system for the processing of data changes to system hardware, or software without the proprietor’s awareness or consent. In order to provide a protective environment is to establish a formal incident response competence. This can be accomplished in the form of wide-ranging strategies and measures for exposure, studies, and reacting to computer security episodes. This can also be achieved in the form of a recognized or selected group that is endorsed with the task for managing computer security procedures. Such a group is usually called as Computer Security Incident Response Team (CSIRT). (Killcrece, et.al.2003). Computer Security Incident Response Team (CSIRT) The CSIRT is a service organization that is in charge for receiving, analyzing, and counteracting to computer security incident reports and events. Usually their services are availed by a distinct community that could be a parent entity such as a company, governmental, or educational organization etc. A CSIRT can be a recognized team or an informal team. The recognized team carryout incident response tasks as its most important function. Generally, the informal team is made responsible through an ongoing computer security incident or to take action to an incident whenever the need come up (CERT, 2007). In our organization we have Computer Security Incident Response Team (CSIRT). The advantage of having such a team helps to maintain incident handling activities, allows them to further improve knowledge in understanding interloper tendencies and attacks, together with gaining knowledge in incident response methods. A CSIRT offers a single point of contact for reporting computer security incidents and troubles. This makes possible the team to serve as a warehouse for incident data, a place for incident scrutiny, and a planner of incident response across an organization. This planning can extend further outside the organization to comprise cooperation with other teams, security professionals, and law implementing agencies. This interaction with other CSIRTs and security organizations can make possible, sharing of response policies and give early awareness of possible harms. Accordingly, the CSIRT can suggest plan to avoid intruder actions from growing or taking place in any way. (Killcrece, et.al.2003). Structured training program Several organizations get trained to respond to security incidents only after an attacks and its miserable aftereffect. Appropriate incident response ought to be an essential component of the general security plan and threat alleviation approach. Obviously, there are direct benefits in responding to security incidents. Before implementing an incident team there should be a level of alertness maintained. The wisdom of security plan must comprise information on how to react to diverse type of attacks. Considering all these points and to efficiently respond to security incidents our organization have a structured training program for those who newly inducted in CSIRT. Generally the training is provided regarding constituency and constituencys systems and operations, standard operating procedures and strategies, information disclosure policy, and equipment and network adequate use policy. It is necessary for the CSIRT staffs to learn clearly to set up and implement all policies and procedures. Several security incidents are unintentionally created by CSIRT workers who have not understood the operating procedures or have inappropriately set up security devices, such as firewalls and verification systems. There is a need to regularly review vulnerabilities of the setting. Appraisals should be carried out by a security expert with the proper consent to execute these procedures. CSIRT personal should be aware of the locations of backups, who can access them, and the procedures for data restoration and system revival. Therefore it is critical to have proper structured training for CSIRT personals to maintain a thorough knowledge about various procedures concerning information security incidence response and also to update their knowledge in modern technological development in information security incidence response activities. The prime vulnerability in any system is the inexperienced user (Microsoft TechNet, 2008). Effectiveness of our organization’s approach Malware, also known as malicious software, is the most critical external hazard to the majority of systems, resulting extensive harm and interruption, and demanding widespread revival efforts in most organizations. Spyware.malware planned to infringe a user’s privacy has as well cause a major anxiety to organizations. Further to that, organizations also face parallel threats such as phishing, which is using misleading computer-based system to ploy individuals into revealing sensitive data. Our organization takes efficient approach to respond to these attacks. Our organization follows the four most important phases explained in NIST Special publication 800-61, Computer Security Incident Handling Guide, that is, preparation, detection and analysis, containment/ eradication/ recovery, and post-incident activity. Under the heading of Preparation organizations must carry out procedures to make sure that they can react well to malware incidents by developing malware-specific incident management policies and events, performing malware-oriented training and exercises, delegating persons or a team like CSIRT, to be accountable for managing the organization’s information security incidence responses. Detection and Analysis must attempt to sense and confirm malware incidents quickly since virus can multiply through an organization very fast. Detection and analysis at an early stage can help lessen the number of infected systems, which will in turn reduce the extent of damage to the organization and the cost for revival attempt.  Malware incident containment comprises, preventing the spread of malware and stopping more harm to systems. All malware incident needs containment actions and it is vital for an organization to choose the methods of containment to exercise an early response. Containment approaches must help incident managers in choosing the suitable grouping of containment processes for the specific condition.  The aim of eradication is to get rid of malware from infected systems since the possible need for suppression efforts, organizations must be ready to use different grouping of suppression methods concurrently for diverse conditions. Recovery from malware incidents are reinstating the operation and data of infected systems and lifting provisional containment procedures. Organizations must think probable worst-case situations and resolve the recovery with renewal of systems from identified good backups. Post-Incident Activity is extremely vital for an organization to perform review of previous major malware incidents to avoid such episodes from happening. This will help an organization to advance its incident managing ability and malware defenses (Mell, et.al., 2005). References CERT, (2007) CSIRT FAQ Software Engineering Institute, CERT® Coordination Center Carnegie Mellon. Retrieved March 07 2008, from: http://www.cert.org/csirts/csirt_faq.html Killcrece, G., Kossakowski, K.P., Ruefle, R. Zajicek, M. (2003). Networked Systems Survivability, Organizational Models for Computer Security Incident Response Teams (CSIRTs) HandbookCMU/SEI-2003-HB-001 Mell, P., Kent. K., Nusbaum, J. (2005) Guide to Malware Incident Prevention and Handling. NIST Special Publication 800-83 Computer Security Division Information Technology Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-8930 Retrieved March 07 2008, from: http://csrc.nist.gov/publications/nistpubs/800-83/SP800-83.pdf Microsoft TechNet. (2008). Responding to IT Security Incidents Microsoft Corporation Retrieved March 07 2008, from: http://www.microsoft.com/technet/security/guidance/disasterrecovery/responding_sec_incidents.mspx Read More