In Depth
Incident Response: When Bad Things Happen to Good Companies
If you don't have a clear incident response plan in place, you risk losing millions of dollars.
By Simone Kaplan
Consider making a team member the designated note-taker so that when a crisis hits, there's no confusion about who's capturing all the important information.It Ain't Over 'Til It's OverFinally, after every incident, CSOs need to lead their incident response teams in a postmortem review process that examines how well the incident team dealt with the attack. Did team members follow the response diagram? Did staff members handle the incident calmly? Did everyone on the contact list respond promptly? Should the contact information be updated or changed in any way? And, finally, do you need to add anyone to the team or adjust the procedures?
"If you don't learn from what you've just experienced, you open yourself up to more attacks," says Raymond James Financial's Fredriksen. The review is your chance to improve the plan and the team so that you can work out any kinks before the next incident strikes. Fredriksen recommends doing a risk analysis after every incident to make sure as many vulnerabilities as possible are secured.
After the review, you will find it useful to complete an incident report for your records. Among other details, the report should include all the information you've gathered about the incident, both during the response process and in the postmortem. That way, if you decide to pursue an investigation, you'll have all the evidence on hand.
Remember that the steps to a clear, planned response are not complicated. Once you are sure that an incident has actually happened, determine whether it's a major or minor event.
Decide whether your priority is to pursue an investigation and allow the incident to play out, or to shut down the problem as quickly as possible.
And finally, work to defend against further attacks. Take a look at the way in which the attack happened and determine if an application needs to be patched or a port reconfigured. Take whatever action is necessary to prevent the attack from happening again. And be sure to let everyone on the response team know that the problem is fixed.
IT threats may be coming faster and faster. But by having a clearly defined response process, you can prevent attacks from devastating your systems. "Plans are not a panacea," Reuters' Macartney says. "But if you use them strategically, you can limit your exposure to risk."
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
Maximizing Site Visitor Trust Using Extended Validation SSL
Now with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.
- The Latest Advancements in SSL Technology
- Maximizing Site Visitor Trust Using Extended Validation SSL
- How to Offer the Strongest SSL Encryption
- Solving Online Credit Fraud Using Device Reputation
- Forrester Reports 321% ROI Through Device-Based Fraud Management
- Enterprise Management Associates: Taking the Botnet Threat Seriously
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
7th Annual Digital ID World
-
September 8 - 10, 2008Hilton AnaheimRegister now »
Anaheim, California
(ISC)2 members can earn up to 20 CPE Credits
Reference priority code ONLINE and save $800 off the full registration price — attend the program for $995
