
	Home > Ask the Security Experts > Information Security Threats Questions & Answers > Will the CERT security incident-response project benefit infosec pros?

Ask The Security Expert: Questions & Answers

EMAIL THIS

Will the CERT security incident-response project benefit infosec pros?

EXPERT RESPONSE FROM: John Strand, featured expert

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 11 July 2008
What is your opinion of the new CERT security incident-response project, and will it benefit infosec pros?

BROWSE BY TAG

Information Security Threats, Network Intrusion Detection and Analysis, Enterprise Network Security, Information Security Incident Response, Information Security Management, Business Management: Security Support and Executive Communications, VIEW ALL TAGS

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Information Security Threats
	How to get rid of malware, botnets on a hospital IT network
	Should a national cybersecurity strategy include offensive botnets?
	How can search results lead to malware?
	How to prevent brute force webmail attacks
	How to prevent mobile phone spying
	What are today's antivirus software trends?
	How to detect input validation errors and vulnerabilities
	Can secure USB devices prevent man-in-the middle attacks
	How to prevent and build protection against online identity theft
	Is there a spy on my mobile device?

Information Security Incident Response

Tying log management and identity management shortens incident response

Tabletop exercises sharpen security and business continuity

Security book chapter: Applied Security Visualization

The challenges of incident response plans and procedures

CISOs, human resources cooperation vital to security

After a data breach, are there legal implications of sharing details?

Boosting morale of the information security staff after a data breach

Recovering stolen laptops one step at a time

IT security pros face challenge during economic crisis

Spotlight article: Domain 9, Physical Security

Information Security Incident Response Research

Business Management: Security Support and Executive Communications

RSA council addresses growing security risks in the cloud

How to write a risk methodology that blends business, security needs

Risk management must include physical-logical security convergence

New partnerships, creative thinking help security bust recession

How to align an information security framework to your business model

Service-focused security offers best value to organization

Cybersecurity Act of 2009: Power grab, or necessary step?

Information security skills must include communication, expert says

Mimic the IBM approach to security at RSA

Sell the business on virtualization security

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

incident response (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

The goal of the CERT security incident-response project is to provide a management framework to serve as a guide for the technical components of dealing with an incident.

I strongly believe that this type of guidance is long overdue. Too many security professionals are obsessed with tools and technology. Because many incident-response teams lack a management-level understanding of security, they tend to focus on dealing with the technical symptoms of an incident and not focus on root cause analysis. By implementing the CERT guidelines, it will help put incidents in the context of an enterprise and help the incident-response team focus on making the procedural and/or technical changes to mitigate damages of future incidents.

While the new security incident-response project is a great move by CERT, to many IT security pros it looks and feels like it has too much management speak. For example, on its website it mentions the goals of the CERT Incident Response Project as being focused on performance standards and management best practices. These are things that are usually the object of humor in Dilbert cartoons.

Keep in mind, though, that the first step in the process is to obtain management buy-in. Remember, management controls budgets, and we as security professionals need to speak their language. This applies not only to incident response, but also to architecture and penetration testing as well.

Another thing to keep in mind regarding any template-based procedures for incident response is that there is no such thing as one size fits all. Plans need to be tailored to specific environments. Take anything from CERT, NIST, and SANS as a starting point.

One of the nice things I see in this project is that it is goal- and metric-based. I feel that having goals and metrics are great tools to demonstrate the value of having a dedicated security/incident-response team. By utilizing goals and metrics, security pros can demonstrate to upper management that they provide value to the enterprise, which is a skill that many security teams lack.

More information:

Learn five steps to successful incident response.
How does a liaison officer interact with incident response? Expert Mike Rothman explains.

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Site Index

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2003 - 2009, TechTarget \| Read our Privacy Policy