Chapter 1. Responding to Attacks

Being able to detect, contain and eradicate incidents is in many respects equivalent to defusing explosives the sooner and better you do it, the less impact a security-related incident is likely to have.

Gene Schultz, Principal Engineer

It's Saturday night. Your network is well designed, well run, and well supported. Your security team is well trained and your policies and procedures are committed to paper. But in the rush to get the policies and procedures out the door on time (so you could get that manager's fat bonus check), you forgot to include incident-response procedures. And while you're congratulating yourself on a job well done, a hacker breaks into your most critical system.

Now what? How quickly (and whether) you can answer that question could determine the fate of your data. Employees need to know what to do, how, and when. They also need to know to whom to report the break-in. Otherwise, the situation can get out of hand quickly. Proper escalation is especially important if the scale of the break-in goes beyond your support team's knowledge base.

When a break-in occurs, every move you make can mean the difference between saving or losing your company secrets. Just imagine what would happen if all the essential information on your computer system were stolen or destroyed. Unlikely? Sounds unlikely to most people until it hits their systems!

Remember, the data on your network is important! So, be prepared. Make sure everyone (from the top down) in your company knows what to do in the event of a break-in to save your data from theft, modification, or destruction. Just consider …



IT Security. Risking the Corporation
IT Security: Risking the Corporation
ISBN: 013101112X
EAN: 2147483647
Year: 2003
Pages: 73

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net