Pages

Monday, December 6, 2010

 1.IT Security Incident :
  • Security of information technology is of utmost importance
   -Protect confidential data  
  • Safeguard private customer and employee data
-Protect against malicious acts of theft or disruption
-Must be balanced against other business needs and issues
  • Number of IT-related security incidents is increasing around the world 
  • Computer Emergency Response Team Coordination Center.
-Established in 1988 at the Software Engineering Institute.
-Charged with
  • Coordinating communication among experts during computer security emergencies
  • Helping to prevent future incidents.
  
2.Some characteristic of common computer criminals including their objectives:
Computer crime, or cybercrime, refers to any crime that involves a computer and a network, where the computers may or may not have played an instrumental part in the commission of a crime.[1] Netcrime refers, more precisely, to criminal exploitation of the Internet.[2] Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.
On the global level, both governments and non-state actors continue to grow in importance, with the ability to engage in such activities as espionage, financial theft, and other cross-border crimes sometimes referred to as cyber warfare. The international legal system is attempting to hold actors accountable for their actions, with the International Criminal Court among the few addressing this threat.
3. Action must be taken in response to a security incidents:
In most areas of life, prevention is better than cure, and security is no exception. Wherever possible, you will want to prevent security incidents from happening in the first place. However, it is impossible to prevent all security incidents. When a security incident does happen, you will need to ensure that its impact is minimized. To minimize the number and impact of security incidents, you should:
  • Clearly establish and enforce all policies and procedures. Many security incidents are accidentally created by IT personnel who have not followed or not understood change management procedures or have improperly configured security devices, such as firewalls and authentication systems. Your policies and procedures should be thoroughly tested to ensure that they are practical and clear and provide the appropriate level of security.
  • Gain management support for security policies and incident handling.
  • Routinely assess vulnerabilities in your environment. Assessments should be done by a security specialist with the appropriate clearance to perform these actions i.e. (bondable and given administrator rights to the systems).
  • Routinely check all computer systems and network devices to ensure that they have all of the latest patches installed.
  • Establish security training programs for both IT staff and end users. The largest vulnerability in any system is the inexperienced user ? the ILOVEYOU worm effectively exploited that vulnerability among IT staff and end users.
  • Post security banners that remind users of their responsibilities and restrictions, along with a warning of potential prosecution for violation. These banners make it easier to collect evidence and prosecute attackers. You should obtain legal advice to ensure that the wording of your security banners is appropriate.
  • Develop, implement, and enforce a policy requiring strong passwords. You can learn more about passwords in "Enforcing Strong Password Usage Throughout Your Organization" in the Security Guidance Kit.
  • Routinely monitor and analyze network traffic and system performance.
  • Routinely check all logs and logging mechanisms, including operating system event logs, application specific logs and intrusion detection system logs.
  • Verify your back-up and restore procedures. You should be aware of where backups are maintained, who can access them, and your procedures for data restoration and system recovery. Make sure that you regularly verify backups and media by selectively restoring data.
  • Create a Computer Security Incident Response Team (CSIRT) to deal with security incidents. You can learn more about CSIRT in the following section of this document....
 

No comments:

Post a Comment