IT Incident Response

www.bestitdocuments.com

The goals

How to achieve this

Po

licie

s

Sta

nd

ard

s

Architecture

People

Process &

Technology

What can we really do

Management by in Standards Guidelines & Procedures

System Safeguard

Security & Internet

architecture

What we really need

The goalsP

olic

ies

Sta

nd

ard

s

Management by in

Security Policies sets the stage for standards, guidelines and

procedures

Define what behavior is not allowed

Communicates consensus amongst governance

stakeholders

Facilitates the “Good neighborly” philosophy for networking

What we really need

The goals

Po

licie

s

Sta

nd

ard

s

Management by in

Security Policies must be:Implementable and enforceable

Concise and ambiguous

Balance protection & productivity

Balance protection & productivity

Security Policies should:

State reasons why policy is needed

Describe the coverage – who, what where and how

Define contacts & responsibilities

Define how violations will be handled

What we really need

Policy Definitions

Program Policy• Used to create IT security program• Sometime referred to as departmental or company security policy

Issue-Specific Policy• Addresses issues of concern (what-ever)

System-Specific Policy• Focuses on decisions to protect a particular system• Procedures, standards, Guidelines are used to describe how policies are implemented

Tools to implement policy

Operational Standard• Specify uniform use of specific technologies organization wide ID

badges

Guidelines• Recognize that IT systems vary and that safeguards may be

implemented in many ways

Procedures• Detailed steps to be followed (set-up user accounts)

Strategies• Broad direction on implementation

Directions• Focused implementation Instructions

Enforceability

Policies• In some jurisdictions, adherence to “policy” may be the only legal enforceable document

• Guidelines, standards, procedures should probably have a very specific tractability reference to policy – check with legal department

IP Service Categories

Business process integration

Security Coordination

Education & Training

Prevent

Assess

Respond Detect

IRT Security Cycle

SysAdmin

NetAdmin PolicyIPC Legal/Policy

Technical Collaboration

Incident Handling – Forensic Analysis

Criminal Investigation

Incident Handling

(Technical)

UserIncident

Activity

Hostile

Benign

Illegal

Enterprise Wide Collaboration on Incidents

Operation Collaboration

Incident Handling

(Operational)Incident Response Options