Monday, December 13, 2010

1.Why has there been a dramatic increases in the number of computer security indents in recent   years? 

ans:There has been a dramatical increase of the number of computer security indents in recent years because there is also a increasing of population now. And  also because of lot of workers want to done their works  faster because fast done of work fast money increase...


2.What are some characteristics of common computer criminals?

ans.:The common characteristic of common computer criminals  are Amateurs 
  Crackers or malicious ,Hackers, Criminals Terrorists    

  

 3.What actions must be taken in response to a security indent?

ans.:A great deal of damage has been done to organizational reputations and a great deal of information has been lost in organizations that do not have fully effective incident response programs in place.  Without an incident response plan, an organization may not discover an attack in the first place, or, if the attack is detected, the organization may not follow proper procedures to contain damage, eradicate the attacker’s presence, and recover in a secure fashion.  Thus, the attacker may have far higher impact on the target organization, causing more damage, infecting more systems, and possibly exfiltrating more sensitive data than would otherwise be possible with an effective incident response plan.
If there is an incident and it’s identified as an attack, there are several things that can be done. The worst of course is the “lets close our eyes and maybe it will go away.” This happens more often than not.  So with that said there are two ways to approach incident response: Reactive and Proactive. Either is better then nothing, but if you can set your organization up to incorporate both you have a plan that will carry you through the worst situations.
A good reactive plan involves policies and training to identify what requires response, what should be done when an incident is identified, and the best course of action to take.  A good proactive plan puts in place all of the necessary components towards identifying or stopping  potential attacks before they are able to be completed.
Incident response is key when safeguarding data once an incident has occurred. If an incident is identified and personnel identifying it are able to respond appropriately, the ability to safeguard data and recover back to an operational state has increased.  In some cases a properly developed incident response plan can prevent a small incident from becoming a catastrophe.  Incident response is more than a group of people responding to an incident.  A good response team is developed with a strong set of procedures in place to ensure each member knows their role and that the individual who identified the incident also knows the proper reporting procedures.
For any good process to work, management must see the value of having the policies and process. This is a key element towards developing a working response plan.  There are numerous guides and standards that outline response procedures and methods. It is important to know which guidelines your organization falls under and incorporate your own standards that meet or exceed government minimum standards.  A good baseline is the NIST Guidelines.
Once the standards have been identified, ensure that all team members are aware of their roles and responsibilities.  Conduct training to reinforce the policies and incident response roles for both team members and managers. Executive management should be involved in various aspects of the incident response plan to ensure buy-in and support.
Before an incident response can be initiated there must be set policies that identify what actions must be taken for the different types of incidents. Policies and training will ensure that the proper methodology is followed to ensure a successful outcome to the incident.  Policies should be clear and not left for interpretation by members of the organization or contractors.
When an incident occurs, all aspects of training and policy must be followed. This will ensure a positive outcome.   All reports should be based on an organization-wide template to ensure uniformity.
The key element of this process is the reporting and documentation of the incident. The documentation can be useful in identifying shortfalls and high points. Documentation will allow for good audit reviews and process improvements as well as protection from legal repercussions due to an incident.
All reports should be clear and concise, they should contain only factual observations and information. A report should not contain information based on conjecture.

 source:
http://blogs.sans.org/security-leadership/2009/08/18/critical-control-18-incident-response-capability/

No comments:

Post a Comment