Incident response process brings ROI and peace of mind

Cybercrime: Incident Response and Digital Forensics

By Robert Schperberg

218 pages; $40-55

Information Systems Audit and Control Association

In this excerpt of Chapter 2 from ISACA's Cybercrime: Incident Response and Digital Forensics, author Robert Schperberg looks at the benefits of instituting an incident response process.

Today, global organizations rely on the Internet, VPNs, WANs and LANs to conduct their day-to-day business. Many global organizations rely on e-commerce to produce revenue.

Skeptics ask: Why the need for the elaborate processes, and why spend money on building a program that does not contribute to the bottom line? The answer to this question is provided by a sample of activities that take place in the cyberenvironment, reinforcing the need to create a cyber-response program to investigate cyberattacks and cyberfraud, and conduct digital forensics evidence recovery and analysis.

In 2005, one in five enterprises is expected to experience a serious Internet security incident targeting information and intellectual property, Gartner analysts predict. Of all future attacks, nearly one in three will be financially or politically motivated, according to Richard Hunter, a Gartner vice president and research director. Cybercriminals are taking advantage of users, enterprises and unsecured systems to usher in high-profit, low-overhead crimes.

More information

Download Chapter 2, Business drivers for creating an incident response process and conducting digital forensics investigations

Learn more about incident response in our resource center

Read more book excerpts, chapters and reviews

What's on your bookshelf? Share your favorite infosec titles with the editor

Incident response is a vital part of any successful IT program. It is frequently overlooked until a major security breach occurs, resulting in untold amounts of unnecessary time and money spent, not to mention the stress associated with responding to a crisis. Potential risks that could occur as a result of any cybercrime incident include:

  • Threat to human life
  • Financial loss
  • Exposure to legal liability
  • Loss of customer confidence
  • Damage to organizational reputation
  • Loss and unauthorized modification of data
  • Threat to national security

A solid incident response program can save an organization a substantial amount of money and a significant degree of embarrassment. The following are generally cited as business drivers of implementing security programs to combat cybercrime, thus enabling executive management to improve the ROI of implementing incident response programs and use digital forensics:

  • Reduced cost — By management acknowledging the need to put in place preventive and detective measures to combat cybercrime, management can be assured that in the event of attacks, recovery measures are in place to contain the damage and minimize loss to an organization. Without security programs, time and money could be wasted in the recovery efforts.

  • Increased security — By establishing an incident response team and implementing an incident response program, management can have the peace of mind that the enterprise's information assets are secure through incident response tools and techniques (described in more detail in the later chapters of this document).

    When a professional incident response team is deployed for a problem, it can significantly reduce the monetary loss and embarrassment the organization could suffer. The team determines, usually in a short time, the answers to the following questions:

    • Who are the potential intruders?
    • What is the sensitivity of the compromised information?
    • What is the level of unauthorized access obtained by the attacker?
    • How long will the affected systems remain down?
    • How critical are the affected systems to the organization?
    • How widespread is the incident to the outside world?
    • How quickly can the organization recover?

    Read the rest of Chapter 2, Business drivers for creating an incident response process and conducting digital forensics investigations

    This was first published in July 2005

  • There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: