Incident Handling Procedures, Essay Example

Incident Response

Incident handling procedures are not similar as they vary on different business processes of the organization. Network dictionary defines incident handling as “Incident Handling is an action plan for dealing with intrusions, cyber-theft, denial of service, fire, floods, and other security related events. It is comprised of a six-step process: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned”. Depending on the nature of business, processes can be associated with law enforcement agencies, government institutions, public information providers, information technology etc. in order to handle security incident within the organizations, teams are created that are called as incident response teams. As per network dictionary, “Incident response team refers to a group of people who are responsible for handling information security incidents when they occur”. Incident handling is an essential process as security incidents that are initiated in organizations, breach data servers containing confidential and mission critical data and disrupt business processes. The impact of these incidents provides severe losses in terms of organization reputation in the market, trust in customers and credibility.

Advantages

Intrusion detection system aligns with the business objectives by an efficient alert mechanism that indicates probable threats. An ID also enables the incident management team to monitoring the network on a 24 by 7 basis. However, in order to be updated, there is a requirement of updating the IDS with new threat profiles or signatures for detecting new threats. Whenever, an alert is generated by IDS, it is examined by IDS expert, who is the part of incident management team. Furthermore, there is no requirement for maintaining IDS from the client side, as deployment is conducted by IDS expert with minimum contribution from organization employees. Incident management team performs action on each incident as per the severity level and business impact. In addition, one more powerful feature of IDS is the detection of violation of policies. This feature reports or alerts the incident management team for any breach in policy that can be detected and rectified at the earlier stage (Above security – information risk management – managed security services – PCI DSS – intrusion test – 24/7 – security architecture – IDS/HIDS – ).

Auditing

The first step for auditing a computer network is to define the scope or boundaries of Audit i.e. constructing asset lists and a security boundary. The second step is to develop a threat list i.e. to indicate ‘what are the threats that will exploit vulnerabilities to attack critical business assets?’ The third step is associated with predictable threats. Auditors must not only indicate current threats but threats that may occur in future also. After defining the scope, identifying current and probable threats, fourth step is associated with prioritizing vulnerabilities and threats, as per business impact and value (10 steps to creating your own IT security audit – IT security, n.d ). After prioritizing, the next step includes the implementation of IDS and network access controls i.e. access control list, digital signatures, encryption, hashing etc. After implementing IDS and network access controls, access management is essential for granting role bases access to users on network services and applications (10 steps to creating your own IT security audit – IT security, n.d ). Furthermore, creating backups, email filtering and protecting information assets from physical assets are considered (10 steps to creating your own IT security audit – IT security, n.d ).

References

Incident handling. (2007). Network Dictionary, , 342-342.

Incident response team. (2007). Network Dictionary, , 242-242.

Above security – information risk management – managed security services – PCI DSS – intrusion test – 24/7 – security architecture – IDS/HIDS – Retrieved 10/24/2011, 2011, from http://www.abovesecurity.com/?lang=En

10 steps to creating your own IT security audit – IT security n.d Retrieved 10/24/2011, 2011, from http://www.itsecurity.com/features/it-security-audit-010407/