The Top Seven Tips for IR Policies
By Leighton Johnson, CISA, CISM, CIFI, CISSP
Incident response (IR), one of the five domains of the Certified Information Security Manager® (CISM®) certification, has great value to IT security professionals. Each incident is unique, but there are some common policies that need to be in place for proper preparation of the response team and the corporate staff. Here are the top seven policies necessary to help prepare for an incident response effort:
- AUP—The corporate acceptable-use policy (AUP) defines the actions allowed by the computer user on the machine or network. IR personnel need to know this policy so that they can determine what activities are normal and what activities are not acceptable on the computer or the network.
- Containment—What are the first steps to be taken by incident responders? When approaching an incident scene, review what is occurring on the computer screen. If data are being deleted, pull the power plug from the wall; otherwise, perform a real-time capture of system “volatile” data first. Evaluate what network or systems are being affected.
- Version control—What is the corporate patch management policy? By whom and when are patches tested, loaded, evaluated? Who controls the configurations of the servers and network devices? All of these questions should be answered in the version control policy that gives the incident responder the baseline to work from when investigating an incident.
- Communications—This policy covers who communicates to the corporate staff, the users, the workers, and the customers and clients of your organization when something happens. By whom and how the issue is communicated to the shareholders, the public, the media, and even local emergency and law enforcement officials should also be included in this policy.
- Reporting—Clearly define to whom and when the various activities are reported. Just as important is who is not reported to, since an incident could have an “insider” component.
- Backup—This policy sets the boundaries for recovery from the incident. How far back in time is the data retained, where is it, what are the procedures for the daily, weekly and monthly backups of the server or network data? These questions are answered in this backup policy, which the incident responders need to properly return the system or network to normal business operations.
Leighton Johnson, CISA, CISM, CIFI, CISSP, is a senior security consultant for the Information Security & Forensics Management Team (ISFMT) of Bath, South Carolina, USA.
New ISACA Journal Author Blog
ISACA® recently launched the ISACA® Journal author blog, where you can engage with Journal authors, ISACA constituents and staff, exchanging information pertinent to Journal article topics, the business environment and/or the profession. The blog is updated regularly, and numerous Journal volume 3 and 4 authors have already taken part, providing insightful entries on their recently published articles or other topical industry news.
Click here to visit, read and comment on the blog entries and to take part in the growing ISACA community.
Book Review: Scrappy Information Security: The Easy Way to Keep the Cyber-Wolves at Bay
Reviewed by Vishnu Kanhere, Ph.D., CISA, CISM, AICWA, CFE, FCA
Scrappy Information Security: The Easy Way to Keep the Cyber-Wolves at Bay, by Michael Seese, CISSP, CIPP, covers one of the hottest topics in information technology today. Lack of awareness and knowledge, coupled with a “don’t care” attitude, has led to a plethora of information security problems and mounting losses.
Business, industry and society are alarmed at the systematic attacks of ever-increasing magnitude, scale and frequency. Information security is something that touches our lives every day and no person can afford to ignore it.
A good knowledge of information security fundamentals, concepts, principles, issues, techniques, tools and practices has become essential for the survival of IT systems and businesses. Technical knowledge of the Internet, networking, communications, access controls, firewalls, routers and encryption technology has become essential for most users and managers. This book aims to cover this growing need, without being full of jargon.
Scrappy Information Security not only provides an overview of information security to anyone interested or engaged in using computers, but provides useful inputs to the information security professional. It addresses a wide range of audiences, without compromising on details, and is fun to read. The book provides a good introduction to information security, especially to those who are novices or are wary of techno-babble, and does so in a humorous way that entertains yet instructs the reader in information security technology and practices.
The book focuses on information security and is useful as a how-to reference. The chapters cover the background and need for information security, physical security, technical security, administration and training. Overall, it provides a management perspective as well as a practical technical approach to information security, using an easy-to-read and interesting presentation style.
Scrappy Information Security: The Easy Way to Keep the Cyber-Wolves at Bay is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in the latest issue of the ISACA Journal, visit the ISACA Bookstore or e-mail email@example.com.
Vishnu Kanhere, Ph.D., CISA, CISM, AICWA, CFE, FCA, is an expert in software valuation, IS security and IS audit.
Dubai Radio, CNBC and GRC Management Among Outlets Covering ISACA News
ISACA® continues to be well recognized in the news. Recent highlights include the following:
- George Ataya, a past international vice president of ISACA, was featured on Dubai Radio, discussing governance of IT.
- In a Baseline article on 40 cloud computing facts, ISACA is featured on slides 28 and 30, among companies such as Gartner, Oracle, Dell, Google and Amazon.
- A recent issue of GRC Management (Brazil) included five different articles in Portuguese—including a four-page feature on Certified in the Governance of Enterprise IT® (CGEIT®)—that mentioned COBIT® and ISACA’s certifications, and quoted Ricardo Castro, vice president of the ISACA Sao Paulo Chapter.
- Several global outlets reported the results of ISACA’s Risk/Reward Barometer survey, including CNBC (“Schwartz: Rethinking Your Network Security”), which featured an editorial opinion piece by ISACA member Eddie Schwartz.
- Ashford Global Information Technology ran an article on the Certified Information Security Manager® (CISM®) certification, “Certified Information Security Manager: Why Now?,” that states, “Not only is the Certified Information Security Manager certification a well-respected certification, but it’s becoming increasingly popular all over the world.”
- BizTech2.com in India posted a podcast interview with ISACA International Vice President Robert Stroud that took place at the Asia-Pacific Computer Audit, Control and Security (CACS) conference. He discussed ISACA’s Risk/Reward Barometer survey findings and Risk IT: Based on COBIT®.
- CNET ran an article titled “Study: Social-media Use Puts Companies at Risk,” featuring ISACA’s new social media white paper. CNET boasts an impressive circulation of 28,615,000 unique visitors per month.
Click here to access all of ISACA’s news announcements, fact sheets and case studies, and to subscribe to ISACA’s RSS feed.