
	Home > Ask the Security Experts > Information Security Threats Questions & Answers > Will the new CERT security incident-response project benefit infosec pros?

Ask The Security Expert: Questions & Answers

EMAIL THIS

Will the new CERT security incident-response project benefit infosec pros?

EXPERT RESPONSE FROM: John Strand

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 11 July 2008
What is your opinion of the new CERT security incident-response project, and will it benefit infosec pros?

EXPERT RESPONSE
The goal of the CERT security incident-response project is to provide a management framework to serve as a guide for the technical components of dealing with an incident.

I strongly believe that this type of guidance is long overdue. Too many security professionals are obsessed with tools and technology. Because many incident-response teams lack a management-level understanding of security, they tend to focus on dealing with the technical symptoms of an incident and not focus on root cause analysis. By implementing the CERT guidelines, it will help put incidents in the context of an enterprise and help the incident-response team focus on making the procedural and/or technical changes to mitigate damages of future incidents.

While the new security incident-response project is a great move by CERT, to many IT security pros it looks and feels like it has too much management speak. For example, on its website it mentions the goals of the CERT Incident Response Project as being focused on performance standards and management best practices. These are things that are usually the object of humor in Dilbert cartoons.

Keep in mind, though, that the first step in the process is to obtain management buy-in. Remember, management controls budgets, and we as security professionals need to speak their language. This applies not only to incident response, but also to architecture and penetration testing as well.

Another thing to keep in mind regarding any template-based procedures for incident response is that there is no such thing as one size fits all. Plans need to be tailored to specific environments. Take anything from CERT, NIST, and SANS as a starting point.

One of the nice things I see in this project is that it is goal- and metric-based. I feel that having goals and metrics are great tools to demonstrate the value of having a dedicated security/incident-response team. By utilizing goals and metrics, security pros can demonstrate to upper management that they provide value to the enterprise, which is a skill that many security teams lack.

More information:

Learn five steps to successful incident response.
How does a liaison officer interact with incident response? Expert Mike Rothman explains.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Information Security Threats
	Does the iPhone SDK effectively increase the risk iPhones pose?
	How can widget malware on social networking sites threaten enterprises?
	How can an enterprise-wide network remain resilient against denial-of-service (DoS) attacks?
	Can "good" botnets fight bad botnets?
	Are there antivirus suites that pick up more than just run-of-the-mill viruses?
	Are social networking sites an easy target for malicious hackers?
	Best practices for using restriction policy whitelists
	Can threat modeling help enterprises?
	Are iPhone security risks different than those of other mobile devices?
	Are attackers using malware to exploit service oriented architectures?

Information Security Incident Response

Spotlight article: Domain 9, Physical Security

Sound compliance policies, practices reduce legal costs

Product review: Mandiant Intelligent Response 1.0

Worst practices: Bad security incidents to avoid

Incident response success in five quick steps

The forensics mindset: Making life easier for investigators

Finding lost notebooks with 'LoJack for laptops'

What are the roles of a liaison officer?

Data breach costs soar

What are the proper procedures for handling a potential insider threat?

Information Security Incident Response Research

Management Support for Information Security

IT security not valued at many firms, study finds

How to get information security buy-in from the executive team

Initial virtualization costs could outweigh benefits

What's your advice for getting other business units to contribute to crafting an effective information security policy?

CIO role could shift toward data quality, says IBM group

Results Chain for Information Security and Assurance

Information Security Blueprint

What are the pre-requisites for implementing single sign-on (SSO) in an organization?

Learn from NIST: Best practices in security program management

CISOs adapt as compliance requires strategic thinking

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

disaster recovery plan (SearchSecurity.com)

incident response (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy