Page 69 - index
P. 69
The following are other factors to help you determine how security incidents are different — and
potentially more dangerous — than IT incidents.
Threat Agents:
Security incidents always have a threat agent. Threats can be non-target specific like viruses,
worms, and Trojans, or even acts of nature. They can also be intentional attacks from hackers,
terrorists, or insiders; international and domestic criminals; other corporations or foreign
governments seeking to steal competitive company, product or financial information; and
unauthorized acts by employees that may expose or threaten critical data. Basically it’s anything
and everything that affects the state of your entire organization’s security. These events should
be treated as if they are being performed by an enemy, even if that enemy is just lines of code.
Containment:
When an IT Incident occurs, immediate response can be important, but not always essential.
With a security incident, instant reaction is critical in order to shut down the attack and contain
further potential loss and damage. Also, unlike most IT staffs, security incidents don’t work on
an eight-hour schedule. They can happen at any time, and the longer it takes you to react, the
more damage your company may suffer. So you need a response team and plan ready to go 24
hours a day.
Impact Not Readily Known:
When you suffer an IT problem, like a computer crashing or losing an internet connection, you
know right away. But with so much information contained in a complex IT infrastructure,
detecting whether a security incident has occurred can sometimes be challenging. With copious
amounts of processing power and memory, malware can exist in a system for the duration of its
lifespan without a user noticing any impact at all — until it’s too late. You could continue to lose
data that won’t be missed until an internal audit weeks later, or even worse, when your own
customers notify you that someone has stolen private information they trusted you to protect.
Communication:
An IT incident response will normally involve the IT staff and the department or departments the
issue affects. A problem occurs, someone contacts IT, a staff member repairs it, and life is back
to normal. But since it may threaten multiple departments, including IT, or even the entire
company, a security incident must involve communications with key stakeholders, management,
and affected parties throughout your organization. How quickly and effectively people share
information determines how swiftly they can take the appropriate course of action to neutralize
the threat and curtail widespread harm.
What is the most effective way to detect security incidents? Technology, people and processes.
Design and implement a system that will warn you the moment an incident occurs. Build a team
of IT and security people who understand your technology and systems, but also the criticality of
your business. The right approach to security incident response enables you to position your
organization a step ahead of any incident. Aligning with this methodology and enabling the
69 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
