The Importance of Risk Analysis in Incident Response

Previous page
Table of content
Next page
‚  < ‚  Free Open Study ‚  > ‚  

Why has the majority of this chapter been devoted to risk analysis when this book is supposed to cover incident response? Let's put together everything that has been covered so far. Chapter 1 already introduced the major types of incidents. These included breaches of confidentiality, compromised integrity, disrupted availability, repudiation , harassment attempts, extortion attempts, pornography trafficking , computer misuse that involves organized crime, subversion, and hoaxes .We also have presented data showing that cyberattacks and system misuse are causing substantial financial loss for companies and organizations. Now, most recently, we have gone over major categories of risk and their potential impact.

Knowing about the major types of incidents that occur (or that are likely to occur) in greater frequency and their associated risks is important in helping those who are part of an incident response effort to prepare for the types of incidents that occur. A critical requirement in responding to incidents is being prepared to respond before each incident occurs. (Chapter 3 covers this topic in considerably more detail.) Knowing the incidents that are most likely to result in the greatest amount of loss and/or destruction or other undesirable outcomes in your organization so that you can devote more attention and resources to such incidents should they occur is essential. To say this another way, certain kinds of incidents are potentially much more catastrophic than others and thus merit considerably more advance planning and preparation for incident response. This is where at least some level of risk analysis can greatly help incident response efforts.

A Few Caveats About Risk Analysis

The term "risk analysis" is well ingrained in the minds of most information security professionals. If you work at a bank, stock brokerage, or government agency, your organization probably devotes a disproportionate amount of time and resources to risk analysis. The risk analysis performed by these organizations, however, is not exactly the type of risk analysis that has been advocated and discussed in this chapter. What we are referring to in this chapter is a kind of risk analysis that identifies the areas in which incident response is most likely to be needed. This requires a level of effort that is usually considerably lower than in a more formal risk analysis. It is important, too, to understand that risk analysis has some extremely significant inherent limitations, as follows :

  • Although risk analysis can help information security professionals better understand and deal with major risks, risk analysis is still a very subjective , imprecise art. For this reason, some professionals reject risk analysis altogether.

  • Even the best risk analysis estimates risk at only a particular point in time. New risks emerge perpetually, and what was a major risk yesterday might be a relatively minor one several days later.

  • Security controls (for example, third-party authentication devices) can reduce risk, but they never eliminate it. Even if security controls reduce risk substantially, a determined attacker will sooner or later be able to compromise the security of any system or network device. What controls really provide, therefore, is time ‚ a delay in an attacker's efforts.

Given these important caveats, a reasonable strategy within the entire information security arena would be to rely less on risk analysis and rely more on threat assessment and intrusion detection. A significant vigilance component should be present within operational environments. Chapter 3 builds on this theme.

Consider this example. Suppose a petroleum company's greatest assets are its data regarding where crude oil deposits are located. Suppose also that this data is located in databases on servers dispersed throughout various subnets throughout the company's network. Perhaps, too, measures that fix vulnerabilities in these systems are in effect, but in reality, patching systems is a slow and disjointed process. To make matters worse , assume that several of these vulnerabilities are being frequently exploited in systems connected to the Internet. A good incident response strategy is to first learn as much as possible about the systems in question, including ways in which their security could be compromised. Determining how any incidents that might occur in these systems could be dealt with in a manner that minimizes the possibility of information loss or integrity compromise would then be a good next step.

Risk is dynamic. New threats constantly emerge, and older ones often diminish in magnitude and potential impact. Risk analysis, if done correctly, is dynamic. Keeping up with new threats and new developments is thus imperative in a successful incident response effort.

‚  < ‚  Free Open Study ‚  > ‚  

Previous page
Table of content
Next page
Incident Response. A Strategic Guide to Handling System and Network Security Breaches
Incident Response: A Strategic Guide to Handling System and Network Security Breaches
ISBN: 1578702569
EAN: 2147483647
Year: 2002
Pages: 103
Authors: E. Eugene Schultz, Russell Shumway
BUY ON AMAZON
Mapping Hacks: Tips & Tools for Electronic Cartography
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
Special Edition Using Crystal Reports 10
Web Systems Design and Online Consumer Behavior
Junos Cookbook (Cookbooks (OReilly))
What is Lean Six Sigma
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy