|< Day Day Up >|| |
Many organizations have been very hesitant to participate in the activities of the IS security community, including becoming a member of InfraGard as well as professional organizations that support security efforts. There are several reasons for a lack of participation, including the following:
Organizations have policies or practices that prohibit sharing information.
Management, legal counsel, and public-relations staff are concerned that revealing information about failures in computer security will negatively reflect on the reputation of the organization.
In publicly traded companies, managers are concerned that negative press could negatively impact stock price or erode investor confidence.
If an organization reports an incident and the case goes to trial, the litigation process will consume resources and expose the organization to public scrutiny.
Every organization needs to make a rational decision about how to participate in the reporting and information-sharing process. I have a bias toward participation and information sharing and have attended many meetings of InfraGard chapters and organizations such as the High Tech Crime Investigation Association. Having attended the meetings I have concluded that there are several immediate benefits for reporting and information sharing:
Liaisons with the FBI and other law-enforcement organizations can be established.
Internal security staff becomes more familiar with the IS security community and sources of support and assistance.
Internal security staff members are exposed to ongoing training activities.
Internal security staff has access to additional warning and alert systems.
It is important to bear in mind that in the war against terrorism, any organization that experiences an attack or an intrusion into its IS that may be related to terrorism is likely to suffer negative consequences if the events are not reported to law enforcement.
Action Checklist Number 4 (see Table 4.2) shows what steps an organization needs to take in order to start participating in the information-sharing process. The next chapter focuses on corporate actions required for homeland security by sector.
Status (e.g., Completed, Pending, or N/A)
Establish policies for reporting computer-related incidents.
Develop procedures for reporting computer-related incidents.
Assign staff responsibilities for reporting computer-related incidents.
Assign staff responsibilities for participating InfraGard or professional organizations.
|< Day Day Up >|| |