Incident management in the age of compliance
The basics of doing what the laws tell you to do
Computerworld - Security incidents can wreak catastrophic results on organizations. Such incidents may involve hacking, malware outbreaks, economic espionage, intellectual property theft or loss, network access abuse, theft of IT resources, and many more problems. Recent regulatory mandates directly affect how organizations should deal with such occurrences.
The well-known security maxim "prevention-detection-response" covers three components, all crucially important for an organization’s security posture. "Prevention" seems favored by many as the primary component with "detection" following close behind. However, "response" has a unique characteristic lacking in the other two components: It is impossible to avoid. While it is not uncommon for an organization to have weak prevention and nearly nonexistent detection capabilities, response will always be necessary, since organizations are forced into response mode when they are attacked.
In light of this, being prepared for incidents via an incident response plan is likely to be one of the most cost-effective security measures an organization takes. Timely and effective incident response is directly responsible for decreasing the incident-induced losses. It can also help to prevent expensive and hard-to-repair reputation damage, which often occurs following a publicly disclosed security incident.
Incident response is fraught with many possible pitfalls, and organizations are known to commit glaring mistakes while trying to set up and execute their security incident response (IR), as I discussed in an April 2005 Computerworld article on the five mistakes of incident response. The SANS Institute, which offers research and information security training and certification, has put forth a basic methodology to help give structure to the otherwise chaotic incident response workflow. The six steps of the SANS methodology are clearly defined, easy to follow, and most important, work in the high-stress post-incident environments for which they were designed. More broadly, Mary K. Pratt has a discussion of basic areas of concern to address when putting a response plan together.
However, some recent government regulations and standards put forth by industry groups have explicitly highlighted the importance of having a repeatable incident response plan to guarantee security of key data; they even mandate specific details on how incident response should be performed. Thus, some aspects of IR planning and procedures have, as a direct result of these regulations, moved from the "should" category to the "must" category. Examples of such laws and standards include the Federal Information Security Management Act, the Payment Card Industry Data Security Standard, and Health Insurance Portability and Accountability Act (HIPAA). Let’s review how these mandates affect incident response.
The Federal Information Security Management Act, which was created to strengthen government computer and network security, requires federal agencies to set up incident response capabilities in keeping with the guidelines put forth by the National Institute of Standards and Technology.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!