.

Sunday, April 14, 2019

Computer Security Incident Response Team Essay Example for Free

Computer gage possibility Response Team EssayIn the extend decade, more and more companies have started to look into e-commerce to connect them to the infinite world of global suppliers, partners, consumers and much more. This scag in techno recordy has placed multiple as nail downs be risk of exposure from a warrantor stand mention allowing hackers/crakers and anyone on the internet to gain access to these network and gain information or try to gage business to a point where it stand stills.Increase in Denial of service attacks, child pornography, virus/worms and other tools used by individuals to destroy data has lead to law enforcement and media to look into why and how these auspices corpse breaches are conducted and what new statutory laws are needed to stop this from happening. According to CSI computer crime and gage Survey 2007, the average annual loss reported by security breach has shot up to $350,424 from 168,000 the previous year. To add to this, more and more organizations are reporting computer intrusions to law enforcement which inclined to 29 percent compared to 25 percent the year before. 1 To be successful in respond to an incident, there are a few things that need to be followed 1. Minimize the number of severity of security incidents. 2. Assemble the consequence computer security Incident Response Team (CSIRT). 3. Define an incident resolution plan. 4. Contain the persecute and minimize risk. 3 How to minimize the number of severity and security incidents It is impossible to prevent all security associate incidents, tho there are things that can be done to minimize the impact of such(prenominal) incidents Establishing and enforcing security policies and procedures. Gaining support from Management in both enforcing security policies and handling incidents.Accessing vulnerabilities on the environment on secureness basis including regular audits. Checking all devices on certain metre frames to make sure that all the updates were performed. Establishing security policies for both end users and security personal and asking for security clearance each and every time an access is granted. Posting banners and reminders for responsibilities and restriction of use of applications, and other systems on the network. Implementing secure password polices thought the network. Checking put down files on regular basics and monitoring deviceing traffic. Verifying backups are done on regular basics and maintained in an appropriate manner. This would also include the new email backup policy laws. urinate Computer Security Response Team (CSIRT) 3 Security threat is the same for both large, baseborn, and government organizations and thereof it is all important(p) that regardless of what the company has for its security measures, it also has a written document that establishes guidelines for incident response. Incident respond planning is a set of guidelines that document on security incident handling and t alk efforts.This plan is activated when an incident that could impact the companys ability to function is established. Computer Security Incident Response Plan (CSIRP) should contain the following 1. Mission Things the response group exit be responsible for, including how to handle incidents as they happen and what steps are necessary to minimize the impact of such incidents. 2. Scope this would define, who is responsible for which area of security, it can include things like application, network(s), employees, communication both internally and to the universe and much more. . Information flow How information will be handled in case of an emergency and how it will be reported to the appropriate authority, pubic, media and internal employees. 4. Services forgetd This document should contain all the services that are either provided to the users or services that are used or bought from other vendors including testing, education, service provider issues to make out a few. 2 The CS IRT team must contain several members including a Team leader which will monitor changes in individuals actives and responsibility of reviewing actions.An Incident Lead, that will be dedicated as the possessor of set of incidents and will be responsible for speaking to anyone outside the team while and corresponding changes and updates. A group of individuals part of the CISRT team called members will be responsible to handle responsibility of the incident and will monitor different areas of the company. Other members of this team should include Legal help, public dealing officers, contractors and other member of management both from business and IT that can help during security breaches.If an Incident has occurred, it is important to classify this as an incident severity. Most companies use between Severity 1-5. 1 being the highest and 5 being the research phase where no system or users are affected. For to the highest degree system anything under Severity 3 is not a major impa ct of the system but if there is a system wide issue that requires immediate attention, a severity 1 or 2 would fall under the category of Incident response procedure and set up a high alert. The cost of an incident can be very high, depending on the loss of data, therefore identifying the risk and all the real threat fall under this category.Once the incident has been identified it should go into the sagaciousness phase, where it should be determined if the system can be bought back up again and how much terms is done. If the business is impacted assessment should be done. The assessment includes forensic investigation usually involving a team of expert that look into the how many computer were affected, what kind of information was stolen or changed, entry level of attacks, potentiality damage done by incident, recovery process and the best way to assess this from happening again.The near phase of this is containment, which is the assessment of damage and isolation of other sy stems that can also be compromised including network. Backup of the system in the current state should be done at this time for further forensic investigation. Analyzing of log files and uncovering systems that were used like firewalls, routers should be identified. Any modification of files including dos, exe should also be carried out in this phase. Once all this is done, the next step is Recovery. Recovery is restoring clean data back the system so it can perform is function as required.After installing last good backup, it is important to test the system before putting this in production again. Further surveillance of network and application should be set in place as intruders might try this again. Every company today, weather small or big needs an incident response unity to defend itself against predators on the web. The government agencies has set some rules and regulations on such standards and are required that company follow these standards to avoid further hoo-ha of the s ervice.This becomes even more critical for companies that play important place in the economy like quote card, health, insurance and much more. Several regional companies today can help plan CSIRP plan that provide help creating a team of individuals that can act fast in such situations. The implementation of such plan cost less in the long run, when compared to companies that dont have such response plan and loose data that is critical to their survival.

No comments:

Post a Comment