Minimize the impact security incidents

Tuesday, August 21, 2007

You cannot avoid Security incidents, but you can minimize the impact of the incident. Here are some points that will help you do that.

  • Clearly establish and enforce all policies and procedures. Many security incidents are accidentally created by IT personnel who have not followed or not understood change management procedures or have improperly configured security devices, such as firewalls and authentication systems. Your policies and procedures should be thoroughly tested to ensure that they are practical and clear and provide the appropriate level of security.
  • Gain management support for security policies and incident handling.
  • Routinely assess vulnerabilities in your environment. Assessments should be done by a security specialist with the appropriate clearance to perform these actions i.e. (bondable and given administrator rights to the systems).
  • Routinely check all computer systems and network devices to ensure that they have all of the latest patches installed.
  • Establish security training programs for both IT staff and end users. The largest vulnerability in any system is the inexperienced user ? the ILOVEYOU worm effectively exploited that vulnerability among IT staff and end users.
  • Post security banners that remind users of their responsibilities and restrictions, along with a warning of potential prosecution for violation. These banners make it easier to collect evidence and prosecute attackers. You should obtain legal advice to ensure that the wording of your security banners is appropriate.
  • Develop, implement, and enforce a policy requiring strong passwords. You can learn more about passwords in "Enforcing Strong Password Usage Throughout Your Organization" in the Security Guidance Kit.
  • Routinely monitor and analyze network traffic and system performance.
  • Routinely check all logs and logging mechanisms, including operating system event logs, application specific logs and intrusion detection system logs.
  • Verify your back-up and restore procedures. You should be aware of where backups are maintained, who can access them, and your procedures for data restoration and system recovery. Make sure that you regularly verify backups and media by selectively restoring data.
  • Create a Computer Security Incident Response Team (CSIRT) to deal with security incidents. You can learn more about CSIRT in the following section of this document.

-- Anish


  © Blogger templates Newspaper by 2008

Back to TOP