18.6 Prepare a Postmortem

   

The final step in the process of handling a security incident is preparing a postmortem. A postmortem should be a short report, no more than two or three pages, that details the attack and the steps taken to resolve the security hole that was exploited.

For serious security incidents, a postmortem should be presented to the senior officers of the company, as an explanation of what occurred, and what steps are being taken to prevent it from recurring. The senior company officials should sign off on the postmortem before it is distributed to other employees in the company.

A postmortem can be used as the basis for other documents, such as a press statement if the attack was particularly high profile, and it can be the basis of any reports filed with law enforcement agencies.

The postmortem should include the date and time of all correspondence regarding the incident, as well as a broad overview of the system, or systems, that was compromised. A general explanation of how the attack was accomplished, how it was spotted, and how it was stopped should also be part of the document. Finally, the steps being taken to secure the system and prevent the attack from recurring, as well as any follow-up steps that need to be taken, should be part of this document.

The postmortem should serve as a quick guide for less technical staff members who need to be made aware of the incident. It is also useful to pass it on to customers who may have been impacted by the security incident, as long as it does not contain any confidential information about the organization.

Good communication is important when dealing with security incidents. Letting people know about the problem, in a clear, easy-to-understand manner, will help smooth any questions about the effectiveness of the current security system. This is especially true if the postmortem demonstrates that the appropriate groups reacted in a swift and decisive manner to deal with a security incident.

   


The Practice of Network Security. Deployment Strategies for Production Environments
The Practice of Network Security: Deployment Strategies for Production Environments
ISBN: 0130462233
EAN: 2147483647
Year: 2002
Pages: 131
Authors: Allan Liska

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net