Your Incident Response Plan
Another layer of defence in depth is being prepared when intruders strike. "The IT model for dealing with a disruption is to get that server back online as fast as possible," says Boni. But before that happens, he adds, ask yourself how important the contents of the system are, whether intruders saw any critical data and whether the attack might be meant to distract you from the real target.
Boni does a first-level analysis. If triage determines that the incident could have a high impact, or if it appears deliberate, it may warrant a more significant response than the vast majority of intrusions that can be addressed through analysis of log files and systems profiling (for instance, he may call law enforcement, and secure affected systems and servers for evidence). "Prudent incident response means planning ahead," says Yoran of NetWitness. "People need to know how to receive and interpret various clues and deduce [what] may have occurred or may be occurring."
Communication is also critical. "Incident response is still very siloed and technology focused," says Khalid Kark, a senior analyst with Forrester Research. For serious breaches, Boni brings in a cross-functional team that includes, among others, crisis managers, internal auditors, lawyers and HR to assess the incident and determine who needs to be involved in the response. Yoran suggests interacting with public relations advisers, user communities and vendors, where necessary.
When the problem is global, the challenge escalates. "It may require interface with the local or regional staff, [which], given language, time zones and differences in operating practices, may be more difficult to coordinate, even inside an organization," says Boni. "Establishing working relationships with federal law enforcement ahead of time also helps," says Yoran. "They regularly work these issues with foreign parties."
When it's time to pick up the pieces, Alan Paller, research director with the SANS Institute, pushes for root-cause analysis to determine which exploits the hacker used and what can be learned from that. That's what Bailey, the government contractor, did once he discovered his problem. After contacting law enforcement, making a full disclosure to affected customers and partners, and completing a forensic analysis, he moved to cover the holes in his data protection strategy. These included better procedures for installing patches. He also recruited a manager of information security, expanded her department and set up a computer incident response team. Among its activities, the team lurks on hacker boards to keep up with the latest exploits and conducts intrusion detection exercises.
Today, most important, Bailey fully appreciates the risks. That's the key for CIOs who must manage the growing threat to corporate knowledge, says Borg: "Simply appreciat[ing] the stakes.
"There's some very sophisticated hacking taking place — some of it state-sponsored-and they're going after IP," says Bailey. "We can never be 100 percent secure, but we've redoubled our efforts. It taught us a big lesson."
Read up on the latest ideas and technologies from companies that sell hardware, software and services. The state of Middleware
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Everything you need to know about email and web security (but were afraid to ask)
Wireless LANs: Is my enterprise at risk?
Achieving the impossible: Unlimited application scalability
Making the Business Case for IT Consolidation
Email Archiving 101—Customer Case Study
CRM your salespeople will love
- White PaperView this webcast and discover the drivers for changing network design practices, why many organisations are changing their approach to network architecture and how enterprises should be moving forward with open architecture multi-vendor network solutions. Register now and learn how your business can maximize the business value of the enterprise network.
- White PaperJoin industry expert Martin Tuip to discover best practice strategy for the archival and removal of .PST files using email archiving. Learn how to ensure long-term email records are there when needed, and reduce the risk to your business and clients.
- White PaperDiscover how the integration of disparate technologies in your company can lead to greater user productivity, improved management, lower costs, higher efficiency, and easier risk mitigation.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
SOA What? Why You Need SOA Governance Framework 04 December, 2008 08:32:00
Adopting services oriented architecture (SOA) in your enterprise without thinking through IT governance can cause something like the Gold Rush in the 1800s; extreme rates of growth and minimal law and order which produce unexpected outcomes. - +
The Myth of Cloud Computing 04 December, 2008 08:25:00
Why the rapid spread of virtual technology is becoming a security riskWhy the rapid spread of virtual technology is becoming a security risk. - +
Who Pushed Vendors Toward Better Security? 04 December, 2008 09:38:00
Hint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann DavidsonHint: It had something to do with pressure from customers and government agencies, writes Oracle CSO Mary Ann Davidson. - +
CPO & CISO: A Comprehensive Approach to Information 04 December, 2008 08:42:00
GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets.GE CPO Nuala O'Connor Kelly advocates greater CPO/CISO cooperation to place the right value on information assets. - +
Virtually every Windows PC at risk, says Secunia 04 December, 2008 08:00:00
Almost all PCs scanned by patch tool have an unpatched app; 46% have 11-plus.More than 98% of Windows computers harbor at least one unpatched application, and nearly half contain 11 or more programs at risk from attack, a Danish security company said Wednesday.
F-Secure: Growth In Internet Crime Calls For Growth In Punishment 05 December, 2008 13:00:00
International researchers gather in Sydney to preview the clever web 05 December, 2008 09:48:00
Borderless corporate networks to shift focus to secure content management in Australia in 2009 04 December, 2008 16:06:00
IDC Says Asia/Pacific Excluding Japan IT Market Will Remain The Bright Spot... 04 December, 2008 15:04:00
MySpot SOS "Panic Button" Smartphone Application could save lone worker lives 04 December, 2008 13:34:00
|
||
|
||
|
|
||
|
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Hyperion surveyed 163 companies to understand BI and EPM requirements, evaluation processes, and extent of adoption. Top areas of current and future investment for emerging businesses include budgeting and planning as well as management reporting solutions. Read on to discover more.
Buying Guides
