Flux rss
Reviews

Reaction to Security Incidents

 
It is essential to identify an organisation's security needs in order to roll out measures that will enable the organisation to avoid a disaster such as an intrusion, equipment failure or even water damage. Nevertheless, it is impossible to totally avoid all risks and every company must expect to experience a disaster.

In this type of scenario, reaction speed is vital because a compromise means that the company's entire information system is in danger. Moreover, when the compromise causes service to not function properly, a lengthy interruption can be synonymous with financial losses. Finally, in the case of a website being defaced (modification of pages), the company's entire reputation is at stake.

Reaction Phase

The reaction phase is generally the most overlooked phase in IT security projects. This phase consists in anticipating events and planning the measures to be taken in case of a problem.

In the case of an intrusion, for example, the systems administrator could react in one of the following ways:

  • Obtain the hacker's address and counterattack
  • Turn off the machine's electrical supply
  • Remove the machine from the network
  • Reinstall the system

The problem is that each one of these actions can be potentially more damaging (notably in terms of costs) than the intrusion itself. If the operation of the compromised machine is vital to the working order of the information system or in the case of an online sales website, a lengthy service interruption can be catastrophic.

Moreover, in this type of case it is important to establish proof in case there is a judicial enquiry. Otherwise, if the compromised machine was used as a rebound for another attack, the company runs the risk of being held responsible.

Implementing a disaster recovery plan can enable an organisation to keep the disaster from worsening and ensure that all the measures devised to establish proof are correctly applied.

In addition, a correctly developed disaster plan defines the responsabilities of every individual and avoids orders and counter orders, which waste precious time.

Restoring

Returning the compromised system to working order must be described in detail in the recovery plan and must take the following elements into account:

  • Dating the intrusion: knowing the approximate date the machine was compromised allows the organisation to evaluate the level of intrusion risk for the rest of the network and the degree to which the machine was compromised
  • Confining the compromise: taking the necessary measures so that the compromise does not spread
  • Backup strategy: if the company has a backup strategy, it is recommended to verify the changes made to the compromised system's data against data that is supposed to be reliable. If the data are infected with a virus or a Trojan horse, restoring them may contribute to spreading the damage further
  • Establishing proof: for legal reasons it is necessary to save the corrupted system's log files in order to be able to use them in a judicial enquiry
  • Setting up a replacement site: instead of reinstating the compromised system, it is wiser to develop and activate when necessary a replacement site that allows service to continue

Practising the Disaster Plan

In the same way the fire drills are essential for verifying a fire escape plan, practising the disaster plan allows an organisation to confirm that the plan works and make sure that all players know what to do.

Last update on Thursday October 16, 2008 02:43:14 PM.

This document entitled « Reaction to Security Incidents » from Kioskea (en.kioskea.net) is made available under the Creative Commons license. You can copy, modify copies of this page, under the conditions stipulated by the licence, as this note appears clearly.

Results for Reaction to Security Incidents

Security - Detecting Incidents In order to be comletely reliable, a secure information system must have measures that allow it to detect incidents. Thus, there are intrusion detection systems (or IDS) that monitor the network and are able to set off an alert when a request is... en.kioskea.net/secu/securite-detection.php3
Download Windows XP SP2 Windows XP SP2 Pack services constitute a practical means, everything in one, to reach the last drivers, the tools and the improvement in security as well as the other critical updates. Windows XP SP2 (Pack 2 service), the last Pack service for... en.kioskea.net/telecharger/telecharger-1205-windows-xp-sp2
Reactivating Windows Task Manager under Windows Vista Reactivating Windows Task Manager under Windows Vista It appears that when you try to access Windows Task Manager , below image appear on your screen :- To repair this setting, follow below instructions: Select menu "Start" and... en.kioskea.net/faq/sujet-622-reactivating-windows-task-manager-under-windows-vista

Results for Reaction to Security Incidents

How to disable the security Center under windows XP?How to disable the security Center under windows XP? Intruduction Disable Alerts Turn off Windows Security Center Intruduction Windows security Center is a component that works under Windows XP service pack 2 for providing... en.kioskea.net/faq/sujet-617-how-to-disable-the-security-center-under-windows-xp
Reactivating Autorun under windows 2000Reactivating Autorun under windows 2000 Below is a small tips for reactivation of the application Autorun under Windows 2000: First of all, go to the registry of your computer by selecting menu start followed by run and type... en.kioskea.net/faq/sujet-992-reactivating-autorun-under-windows-2000
Securing your wireless networkSecuring your wireless network What is Wi-Fi? Ad-hoc mode Infrastructure mode connection Security and protection What is Wi-Fi? Wi-Fi regroups various IEEE802.11 standards and technologies, using radio waves to provide reliable... en.kioskea.net/faq/sujet-431-securing-your-wireless-network
More answers

Results for Reaction to Security Incidents

Password Expiration n security ? (Solved)Hello, Don't complex rules and password expiration cause people to write down their passwords? Doesn't that defeat the security? en.kioskea.net/forum/affich-1553-password-expiration-n-security
Sharing n security plz?? (Solved)Hello, How do I enable Windows 2000-like file sharing and security in Windows XP workgroups? en.kioskea.net/forum/affich-1476-sharing-n-security-plz
Windows security warning downloading spywareHello, I am new here. I would like to stop windows security warning in popping up always and telling i need to download anti-spyware because everytime i cick it, eset nod32 will have a warning that i am downloaidng a trojan file. it repeats again and... en.kioskea.net/forum/affich-20833-windows-security-warning-downloading-spyware
More answers

Results for Reaction to Security Incidents

Download Quick Word to PDFTo transfer your documents most in possible security, there is not better than format PDF. Then, to convert your documents Word into PDF, adopt the quick program Word to PDF. Quick Word to PDF is a tool which integrates with the interface of... en.kioskea.net/telecharger/telecharger-609-quick-word-to-pdf
Download Avira AntiVir PremiumAntivir Premium is free for 6 months, you are of benefit taken! That to say about Antivir, that it is an antivirus competitive, not very fond of good food in means, powerful, reactive having an analysis heuristic and having an anti-rootkit motor,... en.kioskea.net/telecharger/telecharger-381-avira-antivir-premium
Download PDF CreatorPDFCreator is a free tool to create PDF files from almost any application that can print. It also possesses options of security allowing to code the PDF to protect their reading. PDF Creator also allows to create images in PNG, JPG, TIFF, BMP, PCX,... en.kioskea.net/telecharger/telecharger-40-pdf-creator
More answers

Results for Reaction to Security Incidents

India says no security threat from BlackBerry: reportA woman sends text messages on her Blackberry phone. BlackBerry mobile devices do not pose a security threat and no permission is needed from the Indian government to make the service available, an official said Wednesday, according to media reports.... en.kioskea.net/actualites/india-says-no-security-threat-from-blackberry-report-10505-actualite.php3
Hitachi, GE to develop smaller nuclear reactorsA worker adjusting a logo of Japanese electronics giant Hitachi at a trade fair in Berlin. Japan's Hitachi and US giant General Electric will jointly develop midsize nuclear reactors to meet growing demand for power facilities in Southeast Asia,... en.kioskea.net/actualites/hitachi-ge-to-develop-smaller-nuclear-reactors-10559-actualite.php3
French reporters booted from US computer security conferenceMembers of the media, seen August 1, 2008, go online at the main press center on the Olympic Green in Beijing. Reporters from an online French magazine were booted from the world's premier computer security conference Thursday after reportedly... en.kioskea.net/actualites/french-reporters-booted-from-us-computer-security-conference-10598-actualite.php3
More answers

Results for Reaction to Security Incidents

Security - Definition of Needs The definition phase for security needs is the first step towards implementing a security policy. The goal consists in determining the organisation's needs by taking an inventory of the information system and then studying the different risks and... en.kioskea.net/secu/securite-besoins.php3
Security - Implementation The implementation stage consists in rolling out the methods and mechanisms designed to make the information system secure as well as applying the rules defined in the security policy. The main mechanisms used to secure a network against intrusions... en.kioskea.net/secu/securite-mise-en-oeuvre.php3
Windows NT - Security Policies Security policy is the set of all security rules that are to be implemented in an organisation, and the ways in which they are implemented. The user manager located in the Start Menu (Programs/Administration tools) contains the Policy tag, which... en.kioskea.net/winnt/ntstrat.php3
More answers