In this excerpt of Chapter 2 from ISACA's Cybercrime: Incident Response and Digital Forensics, author Robert Schperberg looks at the benefits of instituting an incident response process.
Today, global organizations rely on the Internet, VPNs, WANs and LANs to conduct their day-to-day business. Many global organizations rely on e-commerce to produce revenue.
Skeptics ask: Why the need for the elaborate processes, and why spend money on building a program that does not contribute to the bottom line? The answer to this question is provided by a sample of activities that take place in the cyberenvironment, reinforcing the need to create a cyber-response program to investigate cyberattacks and cyberfraud, and conduct digital forensics evidence recovery and analysis.
In 2005, one in five enterprises is expected to experience a serious Internet security incident targeting information and intellectual property, Gartner analysts predict. Of all future attacks, nearly one in three will be financially or politically motivated, according to Richard Hunter, a Gartner vice president and research director. Cybercriminals are taking advantage of users, enterprises and unsecured systems to usher in high-profit, low-overhead crimes.
Incident response is a vital part of any successful IT program. It is frequently overlooked until a major security breach occurs, resulting in untold amounts of unnecessary time and money spent, not to mention the stress associated with responding to a crisis. Potential risks that could occur as a result of any cybercrime incident include:
- Threat to human life
- Financial loss
- Exposure to legal liability
- Loss of customer confidence
- Damage to organizational reputation
- Loss and unauthorized modification of data
- Threat to national security
A solid incident response program can save an organization a substantial amount of money and a significant degree of embarrassment. The following are generally cited as business drivers of implementing security programs to combat cybercrime, thus enabling executive management to improve the ROI of implementing incident response programs and use digital forensics:
- Reduced cost — By management acknowledging the need to put in place preventive and detective measures to combat cybercrime, management can be assured that in the event of attacks, recovery measures are in place to contain the damage and minimize loss to an organization. Without security programs, time and money could be wasted in the recovery efforts.
- Increased security — By establishing an incident response team and implementing an incident response program, management can have the peace of mind that the enterprise's information assets are secure through incident response tools and techniques (described in more detail in the later chapters of this document).
When a professional incident response team is deployed for a problem, it can significantly reduce the monetary loss and embarrassment the organization could suffer. The team determines, usually in a short time, the answers to the following questions:
- Who are the potential intruders?
- What is the sensitivity of the compromised information?
- What is the level of unauthorized access obtained by the attacker?
- How long will the affected systems remain down?
- How critical are the affected systems to the organization?
- How widespread is the incident to the outside world?
- How quickly can the organization recover?
Read the rest of Chapter 2, Business drivers for creating an incident response process and conducting digital forensics investigations
Dig Deeper on Information Security Incident Response-Detection and Analysis