Consider the Value of ISACA Membership in 2012
Members and certified members know that the value of ISACA membership is reflected in both the knowledge and skills you bring to your employer, and in the member-only monetary savings you receive. Continue to enjoy these special benefits that are so important to your career and professional development by renewing your ISACA membership today!
As an ISACA member, you are in the know about current hot topics in the profession through the ISACA Knowledge Center, the ISACA Journal and @ISACA. You are able to network with your global community of peers, enjoy free access to the ISACA eLibrary, be the first to peruse ISACA’s newest deliverables, and utilize key resources for the issues and solutions that help you face the challenges of today’s workplace.
As a certified ISACA member, you can obtain all of your annual required continuing professional education (CPE) credits free of charge by completing quizzes in the ISACA Journal and participating in the virtual conferences and webinars offered monthly. More than 70 hours of free CPEs are available annually to ISACA members. Discounts on conferences and online opportunities provide additional CPEs on a variety of topics, keeping you on the forefront of your field.
If you have not yet renewed your ISACA membership, please renew now, before your access to these member benefits ends.
Seven Typical Tasks of Incident Handling
By Leighton Johnson, CISA, CISM, CIFI, CISSP
The typical areas of performance by an incident handler are found in most incident response (IR) teams. The following are the primary responsibilities of the handler personnel and describe a typical day (if that actually exists) for an IR team member:
- Analyzing reports—All incidents are usually reported to the IR team after or, hopefully, during the incident. These reports are analyzed to identify the type of activity, its potential impact, its scope, how many systems are involved, whether it’s local or larger, and whether it’s a known type of attack. These areas are all analyzed first during the initial response efforts.
- Analyzing logs—Evaluating any logs, suspect files or artifacts is a prime responsibility of incident handlers. The network logs, system logs, router logs, firewall logs, sniffer logs, application logs, any supporting information and possibly even the incident artifacts are analyzed to help identify the systems, possibly other sites involved in the incident, and the methods of ingress and attack.
- Researching background information—What were the first steps taken by the attackers? When was the affected system last patched? When and where did the attackers enter the network? Identifying the hosts, systems and IP addresses from the attack location or attack vector provides important support information to help prevent future attacks and to isolate potential vulnerabilities in the security posture of the compromised system or network.
- Monitoring system and network logs—Watching the system or network once the attack or compromise is discovered can add to the data and information needed to further secure the system in the future. A handler could determine if the compromise is still active by evaluating the logs currently being recorded and may possibly catch the perpetrator in the act.
- Technical assistance—Providing technical assistance, whether it is over the phone or by sending an e-mail with a source document and suggestions or steps for recovery, is part of the handler’s duties. The team may have a web site with all the necessary documentation or there may be a repository of defined information for the organization; in either case, the handler would update this as part of his/her technical assistance responsibilities.
- Coordinating and sharing information—The handler will coordinate information with the various affected units within the organization and, possibly, with outside organizations. Collaboration improves response efforts, and information sharing helps the responders react and contain at a much faster rate than what was seen in the past, so this part of the handler’s job has become much larger in recent years. Tracking of tasks, contacting software and hardware vendors for data research, and preparing briefings and reports are all part of this task.
- Other duties—Typically, if the incident warrants it, the handler will assist law enforcement with incidents that involve the criminal element. The handler can be, and is often, called upon to provide detailed expert testimony on previous cases and incidents. He/she also could be tasked with supporting the notification activities of victims of unauthorized release of data.
Leighton Johnson, CISA, CISM, CIFI, CISSP, is a senior security consultant for the Information Security & Forensics Management Team of Bath, South Carolina, USA.
Passed an ISACA Certification Exam? Save Money by Applying Now!
Effective 1 June 2012, an application fee of US $50 will be required to apply for Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), and Certified in Risk and Information Systems Control (CRISC) certification. By applying now, those who have already taken and passed the exam can save on the application fee. Candidates may apply in three easy steps:
- Download the application from the CISA, CISM, CGEIT or CRISC Application pages of the ISACA web site.
- Complete the application, collect completed verification forms and obtain any necessary documentation (e.g., degree waivers).
- Submit application and support documentation in one package by fax (+1.847.253.1755) or e-mail (email@example.com).
Those who have passed the exam, but have not yet applied, are encouraged to do so immediately.
Knowledge Center Offers Instant Information on Relevant Topics
Meet Knowledge Center Topic Leader Marc Vael, CISA, CISM, CGEIT, CISSP, of the Belgium Chapter
How were you introduced to the Knowledge Center?
I was a member of the ISACA Communities Committee when the Knowledge Center was first discussed. It was a very exciting experience to see it evolve to what it is today.
In your opinion, what makes the Knowledge Center a valuable resource for ISACA members?
It serves as a central starting point to search for answers on topics, questions I have. I like the multitude of information sources, such as documents, links, articles and discussions, and the ability to ask questions or reply to questions from ISACA members, not only on the topic for which I am the topic leader, but also on other domains, where I feel I can add value.
What made you decide to become a topic leader?
For me, it is a normal thing to do: share my knowledge with peers and ISACA in various ways, such as documents, links and replies to questions. I started with my favorite topic, information security management, but I later volunteered to be a topic leader for cloud computing—I am chair of the Cloud Computing Task Force—and for privacy—I am a member of the Flemish Privacy Commission. It feels natural for me to do this.
How did you choose your topic?
I chose topics to lead based on my own experiences, knowledge and interests. I selected 1 and, when I felt comfortable, I selected 2 more.
What is 1 thing you wish all ISACA members knew about the Knowledge Center?
All members could benefit from knowing that the Knowledge Center offers the ability to be alerted automatically when something new happens in your favorite topics.
Any parting words of advice to those who have not yet visited the Knowledge Center?
Challenge yourself and ISACA by visiting the Knowledge Center, searching and sharing knowledge on your favorite topics, and providing your honest and constructive feedback to ISACA. Just do it!
Visit the Information Security Management, Cloud Computing, Privacy and Data Protection Groups in the Knowledge Center to join the discussions with Vael, or browse other topics in the Knowledge Center to find resources and connect with fellow ISACA members. To learn more about volunteering as a topic leader, please visit the Become a Topic Leader page of the ISACA web site.