A Five-Step Plan to Help You Stay Ahead of Computer Security Attacks, Risks, and Threats, Part Three
Step No. 3: Implement An Incident Response Plan at Home and at WorkWhen a security incident occurs, it's the information technology security group's job to respond. Among the group's first assignments: Determine whether an alert represents a serious incident or a false alarm. Security managers may call upon internal experts or external help from antivirus vendors and various intelligence services, which provide reports on computer security threats. UPS subscribes to a number of such services and maintains a strategic relationship with an antivirus vendor. The relationships help UPS stay on top of the threat environment, which puts the company in a position to react ahead of time.
But the knowledge flows in both directions. When UPS discovered a variant of the Zotob worm, the company notified its antivirus vendor. Zotob achieved notoriety in August 2005 when it hit CNN and The New York Times, among others. An alert that reaches full-blown incident status triggers an organization's response plan-assuming it has one. Security experts say large enterprises typically do maintain some type of formal response plan, though incident response varies widely. Some response plans, governed by extensive steps and checklists, become so choreographed that they are almost restrictive. The other extreme is no choreography, which results in a "mad dance." The best fit? Follow a middle path. The University of Georgia follows established incident-handling protocols, based on documentation from the National Institute of Standards and Technology (NIST) and the SANS Institute. NIST's Computer Security Resource Center publishes a range of security policy guidelines, some of which touch on incident response. The SANS Institute, in conjunction with the Center for Internet Security, offers the Security Consensus Operational Readiness Evaluation, which seeks to provide a minimum standard for information security procedures and checklists. ISO 17799, which provides guidelines for security management, also covers incident management. At some organizations, a computer incident response team (CIRT) puts the response plan into action. The corporate security chief generally heads the CIRT, but some companies prefer to tap an experienced outsider to manage response activity, so that one person doesn't wear two hats in a crisis. The CIRT team consists of I.T. security specialists, either internal or external, and people with other areas of expertise. Miracle says CIRT usually includes desktop gurus, server managers, and help-desk representatives. The CIRT members' responsibilities are determined in advance. "In real time, you can't have people arguing ... that you can't shut that server down," Miracle explains. He adds that some companies hire consultants to help establish roles and get different groups across the organization to buy into the plan. While the CIRT team may have broad influence, its physical reach may be limited. To address this issue, the University of Georgia's security group has deputized security liaisons in each of the institution's 14 colleges. Each college has a different security parameter, but through the use of institutional policies, standards and processes, the university has been able to set a security baseline. A security liaison also represents the university's administrative users.
For malware cleanup, an organization may choose to reload a fresh software image rather than delete the offending code. More companies choose such "brute-force methods" because they find it less arduous than potentially spending hours cleaning infected files from a system.
Brute force or not, cleanup comes to a halt when an incident calls for a forensics examination. During an ongoing network attack, the organization must decide whether to let the incursion continue to aid its investigation or cut it off to minimize damage. Technology and business leaders must weigh whether the investigative process outweighs the risk to the network.
Sometimes it's strictly a business decision, but criminal cases may involve external authorities such as the FBI, or state authorities.
Because organizations may lack the specialized staff to investigate computer crime, forensics is frequently outsourced. Banks, for example, handle most response tasks internally, but may call in a forensics specialist if an incident looks like something that might lead to litigation. An event such as theft of service could spark a forensics investigation, but could also be treated as an employee matter if the theft occurs internally. Some banks have a retainer-like contract with a forensics services firm that gathers evidence and maintains the chain of custody. While investigation and remediation activities continue, incident responders, ideally, keep lines of communication open with key constituencies. The CIRT team, for instance, notifies line-of-business managers of a problem so they can inform their customers.
Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to your personal security and privacy. Your money, your computer, your family, and your business are all at risk.
These cybercriminals leave you with three choices:
1. Do nothing and hope their attacks, risks, and threats don't occur on your computer.
2. Do research and get training to protect yourself, your family, and your business.
3. Get professional help to lockdown your system from all their attacks, risks, and threats.
Remember: When you say "No!" to hackers and spyware, everyone wins! When you don't, we all lose!
© MMVII, Etienne A. Gibbs, MSW, The Internet Safety Advocate and Educator
Source: Free Articles from ArticlesFactory.com
Related Tags: help, computer, to, you, security, risks, plan, a, and, of, attacks, three, part, stay, threats, five-step, ahead
Etienne A. Gibbs, Independent Internet Security Advocate and Educator, consults with individuals, small business owners, and home-business entrepreneurs regarding online protection against spyware, viruses, malware, hackers, and other cybercrimes and pc-disabling issues. For more information, visit www.SayNotoHackersandSpyware.com/.
Your Article Search Directory : Find in ArticlesRecent articles in this category:
- Using Keywords Effectively For an SEO Campaign
Keyword research is one of the most crucial parts of an SEO campaign. If you end up choosing the wro - Search Engine Optimization Copywriting Tips
SEO copywriting is not as technical as it sounds but is different from traditional copywriting for t - 3 Tips to Make Money Using Videos
For the last five years video has been a real success in the internet. Now you can find video in alm - Is Social Media Networking Your Next Strategy For Your Online Marketing?
When you try to work on online promotion and online marketing, social media especially social media - Submitting a URL of Your Website
People who make a website usually do research on how to improve not only the quality of their websit - 5 Bad Habits of Article Marketing
There are many ways to advertise your company but having a highly ranked website is the best. Most p - Facts About SEO Services Company
SEO services companies are becoming very popular in the internet marketing world but there are some - 4 Ways Search Engine Optimization Can Be So Powerful
Whether you are an affiliate marketer, small businessman or a large organization, your first step wh - A List of 3 Options For Internet Business
The trend of making money through online business has become trendy now a day. People are shifting t - Getting the Best Affiliate Products For Your Site
Making money online was never so difficult before. There are numerous ways through which you can mak
Most viewed articles in this category:
- The Revolutionized Ebay Etailsolution Software
With the help of eBay, the auction business has received a new meaning. With the help of the many eB - Internet Millions - by Ryan Orrell - Honest Review
REVIEW: "Internet Millions", by Ryan Orrell, is a refreshing new kind of internet marketing e-bo - A Google Adsense Addiction
54% of all Google Adsense publishers admit addiction to click income. A recent online study conducte - Lead Generation for Top Residual Income
At the heart of any good residual income business is a person who knows how to generate leads. Lead - Make Money With Information Ebook Products: The Other End
I don't like thinking of myself as the kind of person that has made it rich on the internet, but in - Repeat Business Equals a Residual Income Stream
Residual income comes from other people reacting to a single action by the business owner. What bet - The NFL & United Way
There are many ways that NFL players help with the United Way. First of all, they donate a lot of th - Seo - Making Money Writing Seo Reviews
If you are a reviewer or critic you are likely to find work writing reviews of products and services - Understanding Perfume Types
Understanding the various varieties of perfume can help to cut through the difficulty in selecting a - Ecommerce Basics: Three Things To Avoid
When you decide to put your ecommerce website together there are a few mistakes that are easy to mak