Incident management in the age of compliance
The basics of doing what the laws tell you to do
Computerworld - Security incidents can wreak catastrophic results on organizations. Such incidents may involve hacking, malware outbreaks, economic espionage, intellectual property theft or loss, network access abuse, theft of IT resources, and many more problems. Recent regulatory mandates directly affect how organizations should deal with such occurrences.
The well-known security maxim "prevention-detection-response" covers three components, all crucially important for an organization’s security posture. "Prevention" seems favored by many as the primary component with "detection" following close behind. However, "response" has a unique characteristic lacking in the other two components: It is impossible to avoid. While it is not uncommon for an organization to have weak prevention and nearly nonexistent detection capabilities, response will always be necessary, since organizations are forced into response mode when they are attacked.
In light of this, being prepared for incidents via an incident response plan is likely to be one of the most cost-effective security measures an organization takes. Timely and effective incident response is directly responsible for decreasing the incident-induced losses. It can also help to prevent expensive and hard-to-repair reputation damage, which often occurs following a publicly disclosed security incident.
Incident response is fraught with many possible pitfalls, and organizations are known to commit glaring mistakes while trying to set up and execute their security incident response (IR), as I discussed in an April 2005 Computerworld article on the five mistakes of incident response. The SANS Institute, which offers research and information security training and certification, has put forth a basic methodology to help give structure to the otherwise chaotic incident response workflow. The six steps of the SANS methodology are clearly defined, easy to follow, and most important, work in the high-stress post-incident environments for which they were designed. More broadly, Mary K. Pratt has a discussion of basic areas of concern to address when putting a response plan together.
However, some recent government regulations and standards put forth by industry groups have explicitly highlighted the importance of having a repeatable incident response plan to guarantee security of key data; they even mandate specific details on how incident response should be performed. Thus, some aspects of IR planning and procedures have, as a direct result of these regulations, moved from the "should" category to the "must" category. Examples of such laws and standards include the Federal Information Security Management Act, the Payment Card Industry Data Security Standard, and Health Insurance Portability and Accountability Act (HIPAA). Let’s review how these mandates affect incident response.
The Federal Information Security Management Act, which was created to strengthen government computer and network security, requires federal agencies to set up incident response capabilities in keeping with the guidelines put forth by the National Institute of Standards and Technology.
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- 10 Things Your Next Firewall Must do Next-Generation Firewalls Defined
- Getting Started With a Zero Trust Approach to Network Security The Traditional Approach to Network Security is Failing. View Now>>
- What are the desktop virtualization market trends and how can you successfully deploy your solution? You've probably heard about desktop virtualization -- and some of its benefits -- things like tighter security, streamlined management and lower costs. But...
- The Value of Symantec NetBackup Appliances In this video, Symantec's Shelley Schmokel, Principal Product Manager for NetBackup Appliances, talks about the NetBackup Integrated Appliances and how they deliver enterprise-class... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!