‚ < ‚ Free Open Study ‚ > ‚ |
Why has the majority of this chapter been devoted to risk analysis when this book is supposed to cover incident response? Let's put together everything that has been covered so far. Chapter 1 already introduced the major types of incidents. These included breaches of confidentiality, compromised integrity, disrupted availability, repudiation , harassment attempts, extortion attempts, pornography trafficking , computer misuse that involves organized crime, subversion, and hoaxes .We also have presented data showing that cyberattacks and system misuse are causing substantial financial loss for companies and organizations. Now, most recently, we have gone over major categories of risk and their potential impact. Knowing about the major types of incidents that occur (or that are likely to occur) in greater frequency and their associated risks is important in helping those who are part of an incident response effort to prepare for the types of incidents that occur. A critical requirement in responding to incidents is being prepared to respond before each incident occurs. (Chapter 3 covers this topic in considerably more detail.) Knowing the incidents that are most likely to result in the greatest amount of loss and/or destruction or other undesirable outcomes in your organization so that you can devote more attention and resources to such incidents should they occur is essential. To say this another way, certain kinds of incidents are potentially much more catastrophic than others and thus merit considerably more advance planning and preparation for incident response. This is where at least some level of risk analysis can greatly help incident response efforts.
Consider this example. Suppose a petroleum company's greatest assets are its data regarding where crude oil deposits are located. Suppose also that this data is located in databases on servers dispersed throughout various subnets throughout the company's network. Perhaps, too, measures that fix vulnerabilities in these systems are in effect, but in reality, patching systems is a slow and disjointed process. To make matters worse , assume that several of these vulnerabilities are being frequently exploited in systems connected to the Internet. A good incident response strategy is to first learn as much as possible about the systems in question, including ways in which their security could be compromised. Determining how any incidents that might occur in these systems could be dealt with in a manner that minimizes the possibility of information loss or integrity compromise would then be a good next step. Risk is dynamic. New threats constantly emerge, and older ones often diminish in magnitude and potential impact. Risk analysis, if done correctly, is dynamic. Keeping up with new threats and new developments is thus imperative in a successful incident response effort. |
‚ < ‚ Free Open Study ‚ > ‚ |