Best Practices for Security Incident Response

« Back to DataSecurityPolicies.com

Best Practices for Security Incident Response

Here’s a helpful white paper by Kerry Thompson that describes best practices that you should follow when responding to a security incident.

I like the part about the incident team. Here’s an exerpt:

An incident team for a small to medium enterprise is almost always two people. One will be the technical lead who will perform the bulk of the remedial work, and the other will be a backup person reporting to management and recording the actions taken. Further people may be involved depending on the size of the organisation, usually in the reporting chain rather than in direct involvement. These may include:

the IT manager

the CEO/CIO/CTO

Media relations

Legal

Law enforcement

Always get help if you feel the situation is getting out of hand. For example, in one case an incident involving malware infection dragged on for two weeks before someone was called in to diagnose the problem and resolve it within an hour. Get equipment and software tools if required.

Other areas covered include:

Forming a plan for resolution
Return to operation
Preventing reoccurance
Review the causes
Review resolution
Create a final report

Check it out!

This entry was posted on Tuesday, September 25th, 2007 at 11:01 pm and is filed under Incident Response Policy, Security Policies. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Recent Data Breaches

New format for state ID cards (Honolulu Advertiser)

Posted 5 hours ago

Official Hawaiçi state identification cards have a new look, with a green border across the top and an image of the Hawaiçi flag in the upper left corner and "USA" to right of that. [Link]

Top Scoops (Scoop.co.nz)

Posted 9 hours ago

Any hope of prosecuting the perpetrators of the stolen 2004 presidential election ended when Mike Connell died Dec 19 in a plane crash. [Link]

Biometric Access Company Unveils New Physical Access Control Solution at NRF Show (Centre Daily Times)

Posted 16 hours ago

Biometric Access Company (BAC) will exhibit its new SecureTouch® SmartLock (SmartLock) physical access control solution at the National Retail Federation’s 2009 Expo on January 12 and 13 at the Jacob K. Javits Convention Center in New York. [Link]

Media Alert: Check Point to Demo Its Full Disk Encryption for Mac OS X at Macworld 2009 (Centre Daily Times)

Posted 17 hours ago

Check Point® Software Technologies Ltd. (Nasdaq:CHKP), the worldwide leader in securing the Internet, today announced it will conduct a live demonstration of its security solutions for Apple’s Mac OS X products. The demo at Macworld will feature Full Disk Encryption for Mac, an industry-leading encryption solution that protects lost or stolen data. The demo will be held at Macworld Conference ... [Link]

Media Alert: Check Point to Demo Its Full Disk Encryption for Mac OS X at Macworld 2009 (Business Wire via Yahoo! Finance)

Posted 17 hours ago

REDWOOD CITY, Calif.----Check Point® Software Technologies Ltd. , the worldwide leader in securing the Internet, today announced it will conduct a live demonstration of its security solutions for Apple’s Mac OS X products. [Link]

MoD tops lost security pass league (The Register)

Posted 18 hours ago

But Cabinet minister goes for individual title Ministry of Defence staff are responsible for the vast majority of security passes that have gone AWOL since 2001, research by the LibDems has revealed.… [Link]

Phishing attacks on the rise, getting personal (Reno Gazette-Journal)

Posted 21 hours ago

You know to watch for phishing attacks, which use e-mail messages purporting to be from legitimate businesses to trick you into divulging private information. You're cautious and use a good spam filter, but phishing messages still get through. And these messages are more dangerous than ever. [Link]

Lock up your smartphones (telecomasia.net)

Posted 22 hours ago

Global economic meltdown or not, smartphones are expected to be a key sales driver for handsets in 2009. But as more handsets get smarter, they also become more vulnerable to security issues. [Link]

Government workers lose 50,000 security passes, find the Lib Dems (PublicTechnology.net)

Posted 22 hours ago

Government staff have lost nearly 50,000 security passes since 2001, according to research from the Liberal Democrats. The Ministry of Defence lost nearly 38,000 of the 48,000 security passes that have gone missing across all Whitehall departments since 2001. [Link]

Elections & Voting (Online Journal)

Posted 24 hours ago

Any hope of prosecuting the perpetrators of the stolen 2004 presidential election ended when Mike Connell died Dec 19 in a plane crash. [Link]

Apple's 5 biggest moments in 2008 (ARNnet)

Posted 32 hours ago

Apple was a busy company in 2008. Over the past 12 months, the number of Apple-branded products on the street has become so broad and ubiquitous that it's hard to go a day without seeing evidence of it, even if you're not a Mac, iPhone or iPod owner. [Link]

Israel's Ground Incursion Won't Be Short...? (Time Magazine)

Posted 43 hours ago

Get ready for the standoff surrounding Roland Burris to get even weirder, as Senate Democrats map out their options for dealing with disgraced Illinois Governor Rod Blagojevich's pick to replace Barack Obama. Suffice it to say that none of them is pretty. [Link]

Be careful: Phishing attacks get personal (Courier-Post)

Posted 46 hours ago

EXTRA: EU threatens to bypass Russia, Ukraine for gas (EARTHtimes.org)

Posted 3 days ago

Prague - The European Union Saturday threatened to bypass Russia and Ukraine for the bloc's gas needs if irregularities in Russian gas supplies via Ukraine persist in the future, Czech officials said. Czech Vice-Premier for European Affairs Alexandr ... [Link]

Product News: The latest notebooks from HP, Fujitsu, Acer, Asus, Toshiba & Lenovo (ARNnet)

Posted 3 days ago

This notebook is aimed at business users on the move. The 2230s is the smallest notebook before moving to a netbook. It has a 12.1-inch widescreen display and weighs 1.73kg. [Link]

Product News: The latest notebooks from HP, Fujitsu, Acer, Asus, Toshiba & Lenovo (ARNnet)

Posted 3 days ago

This notebook is aimed at business users on the move. The 2230s is the smallest notebook before moving to a netbook. It has a 12.1-inch widescreen display and weighs 1.73kg. [Link]

Phishing attacks get personal (The Shreveport Times)

Posted 3 days ago

Most computer users can spot phishing messages. Unfortunately, cybercriminals have become more sophisticated, too. Targeted phishing attacks account for 0.4 percent of spam. That may seem minor, but it's 800 million messages a day. [Link]

Seeking Data Security on the Web (Law.com)

Posted 3 days ago

Your data can be stolen by hackers, lost in a system failure or exposed through metadata. What are you doing about it? Larger firms have IT specialists to protect and back up data, but for data security "do-it-yourselfers," attorney Robert J. Ambrogi identifies Web sites that can help. [Link]

Flexilis for Windows Mobile offers security that no-one needs (MS Mobiles)

Posted 3 days ago

January 03, 2009 [General] | By Edward J. R. Windows Mobile is secure and needs no security software but some companies want to capitalize on fears of users... [Link]

Fraudulent Checks Too Profitable for Criminals (Blogcritics.org)

Posted 3 days ago

With all the emphasis on more electronic types of fraud, bad checks are not going away. In fact, technology is helping fuel a new check fraud boom! Fraudulent checks, bank drafts, money orders, travelers cheques and gift cheques seem to be showing up all over the place. While a portion of these are passed by professional criminals -- who sometimes ... [Link]

About the RSS Aggregator

Security News Feed

China gives jail time to Windows counterfeiters

Posted 10 hours ago

China has cracked down on a global software-counterfeiting syndicate, with 11 'ringleaders' each facing up to six-and-a-half years in jail. Eleven counterfeiters have been given jail sentences of between one-and-a-half and six-and-a-half years by a Chinese court after being found guilty of producing fake Microsoft software. ... [Link]

Microsoft files pay-per-use PC patent

Posted 8 days ago

A Microsoft patent application details a business model whereby the user gets a free or heavily subsidized PC but is charged for usage time, application and performance. Microsoft has applied for a patent on metered, pay-as-you-go computing. US patent application number 20080319910, published on Christmas Day... [Link]

Huawei denies 'ludicrous' espionage claims

Posted 19 days ago

Chinese networking vendor Huawei has slammed as "ludicrous and inaccurate" claims that it had links to the Chinese military and government that could cause security problems for the National Broadband Network. Chinese networking vendor Huawei has slammed as "ludicrous and inaccurate" claims that it had links to the Chinese... [Link]

Downturn may turn techies to crime, say reports

Posted 4 weeks ago

PricewaterhouseCoopers and security vendor Finjan expect insider fraud and cybercrime to rise as IT jobs are lost. Desperate IT workers who have been laid off will go rogue in 2009, selling corporate data and using crimeware, reports have predicted. The credit crunch will drive some IT... [Link]

Top virtualization trends for 2009

Posted 4 weeks ago

Virtualization became a buzz word last year - and since then some things have grown beyond our wildest dreams while others have fallen short. Here's what to expect in 2009. Commentary--At VMWorld 2007, it felt like the dawn of a new era. Virtualization was taking... [Link]

Virtualization to put consumer tech in the workplace

Posted 4 weeks ago

Industry observers say virtualization will enable staff to use their own devices at work, while keeping corporate data safe. Virtualization promises to usher in a new era of consumer technology in the workplace potentially satisfying the demands of new workers from the Facebook generation who want to use... [Link]

CIOs vote on Vista for '09

Posted 5 weeks ago

Silicon.com's CIO jury ruled unanimously on the question of whether to implement Microsoft Windows Vista in 2009. The latest silicon.com CIO Jury has unanimously voted that they are not ready to invest in Microsoft's latest OS Vista. When asked if they had any plans to implement Vista,... [Link]

Who gains from Microsoft's free Morro antivirus?

Posted 5 weeks ago

Microsoft is dropping its subscription-based antivirus software in favor of a free package, code-named 'Morro'. ScanSafe Internet-security expert Mary Landesman investigates Microsoft's motives. Commentary--Microsoft is to replace its paid-for antivirus product with a free one, citing an altruistic desire to spread protection around the world. But many are less... [Link]

Mac OS X targeted by Trojan and backdoor tool

Posted 7 weeks ago

Two new pieces of malware affecting Mac OS X appeared this week, a Trojan horse and a hacker tool for creating backdoors. Two pieces of malicious software affecting Apple's Mac OS X appeared this week: a Trojan horse with the ability to download and install malicious code of an... [Link]

Mozilla to end support for Firefox 2

Posted 7 weeks ago

Stability and security releases for the browser will end next month, despite ongoing problems with Firefox 3 The Mozilla Foundation is planning to end support for the Firefox 2 browser in mid-December, despite the persistence of significant flaws in the most-recent version of the popular browser. ... [Link]

Net bombarded by heaviest ever attacks this year

Posted 8 weeks ago

Online networks suffered their heaviest brute force attacks to date this year, with more sites than ever coming under sustained assault. Online networks suffered their heaviest brute force attacks to date this year, with more sites than ever coming under sustained assault. IP networks were... [Link]

Schneier slams US border biometrics

Posted 9 weeks ago

The Department of Homeland Security has disputed Bruce Schneier's claim that the US-Visit program has had no impact on reducing criminal and terrorist threats. Security expert and BT chief security-technology officer Bruce Schneier has attacked the US-Visit border-biometrics program, saying it has had "zero benefit" in terms of security.... [Link]

Cloud-computing zombies for $299 per month

Posted 9 weeks ago

RSA says cloud-computing crimeware means networks of zombie machines can be hired to steal online-banking details for as little as $299 a month. Cloud-computing crimeware means networks of zombie machines can be hired to steal online-banking details for as little as $299 (£185) per month.... [Link]

How hackers were thwarted at the Beijing Olympics

Posted 10 weeks ago

Atos Origin explains how risk-management tech helped to prioritize the real risks hidden within. The security team behind the Beijing 2008 Olympic Games has revealed how it found the real risks hidden within the millions of alerts received every day. Faced with 12 million alerts per... [Link]

Cyberattacks target UK national infrastructure

Posted 10 weeks ago

Companies that play a key role in the Britain's national infrastructure are facing sustained cyber-espionage attacks, says a UK cyber-defense chief. Sustained cyber-espionage attacks are being waged on companies that play a key role in the Britain's national infrastructure, a UK cyber-defense chief has warned.... [Link]

Microsoft warns of financial crisis email scams

Posted 10 weeks ago

A Microsoft security expert warns that scammers will try to exploit the global financial crisis with e-mails that promise money but deliver fraud. LONDON--Internet fraudsters will try to exploit the global financial crisis by sending fraudulent emails purporting to offer cash-strapped consumers new mortgages, loans or money from failed... [Link]

The 'real' cost of application outages

Posted 10 weeks ago

Application downtime, whether you're measuring intermittent availability or fully downed systems, is too costly to ignore. The best way to avoid trouble is to view the infrastructure through the eyes of your transactions says OpTier's Motti Tal. Application downtime, whether you're measuring intermittent... [Link]

Symantec to identify safe software by 'reputation'

Posted 11 weeks ago

The company's tech will judge whether an app is unsafe by looking at where it can be found across the database of Symantec users and categorizing those machines as safe or otherwise. Symantec will soon introduce a "reputation-based" software-rating technology that it has claimed can accurately differentiate malicious malware... [Link]

EU concerned by airport full-body scanners

Posted 11 weeks ago

European lawmakers called Airport full-body scanners that show people's private parts a virtual strip search and voted for a detailed study of the technology. STRASBOURG, France--Airport full-body scanners that show people's private parts are a virtual strip search, European Union lawmakers said Thursday, calling for detailed study of the... [Link]

Red Hat CEO: Vista marks end of 'planned software'

Posted 11 weeks ago

Jim Whitehurst has claimed the proprietary software-development model is coming to an end, as open source better meets customer needs Big software releases like Windows Vista mark the end of "planned software" for the industry, according to Red Hat chief executive Jim Whitehurst. Speaking at a... [Link]

About the RSS Aggregator


First Name:
Email:

Leave a Reply

Get the BEST security policies reference book!

Recent Data Breaches

Archives

Categories

Information Security

Links

Security Policies

Security News Feed