In this excerpt of Chapter 2 from ISACA's Cybercrime: Incident Response and Digital Forensics, author Robert Schperberg looks at the benefits of instituting an incident response process.
Today, global organizations rely on the Internet, VPNs, WANs and LANs to
conduct their day-to-day business. Many global organizations rely on e-commerce
to produce revenue.
Skeptics ask: Why the need for the elaborate processes, and why spend money on
building a program that does not contribute to the bottom line? The answer to this
question is provided by a sample of activities that take place in the
cyberenvironment, reinforcing the need to create a cyber-response program to
investigate cyberattacks and cyberfraud, and conduct digital forensics evidence
recovery and analysis.
In 2005, one in five enterprises is expected to experience a serious Internet security
incident targeting information and intellectual property, Gartner analysts predict. Of
all future attacks, nearly one in three will be financially or politically motivated,
according to Richard Hunter, a Gartner vice president and research director.
Cybercriminals are taking advantage of users, enterprises and unsecured systems to
usher in high-profit, low-overhead crimes.
Incident response is a vital part of any successful IT program. It is frequently
overlooked until a major security breach occurs, resulting in untold amounts of
unnecessary time and money spent, not to mention the stress associated with
responding to a crisis. Potential risks that could occur as a result of any cybercrime
incident include:
- Threat to human life
- Financial loss
- Exposure to legal liability
- Loss of customer confidence
- Damage to organizational reputation
- Loss and unauthorized modification of data
- Threat to national security
A solid incident response program can save an organization a substantial amount of
money and a significant degree of embarrassment. The following are generally
cited as business drivers of implementing security programs to combat cybercrime, thus enabling executive management to improve the ROI of implementing incident
response programs and use digital forensics:
Reduced cost — By management acknowledging the need to put in place
preventive and detective measures to combat cybercrime, management can be
assured that in the event of attacks, recovery measures are in place to contain the
damage and minimize loss to an organization. Without security programs, time
and money could be wasted in the recovery efforts.
Increased security — By establishing an incident response team and implementing
an incident response program, management can have the peace of mind that the
enterprise's information assets are secure through incident response tools and
techniques (described in more detail in the later chapters of this document).
When a professional incident response team is deployed for a problem, it can
significantly reduce the monetary loss and embarrassment the organization could
suffer. The team determines, usually in a short time, the answers to the
following questions:
- Who are the potential intruders?
- What is the sensitivity of the compromised information?
- What is the level of unauthorized access obtained by the attacker?
- How long will the affected systems remain down?
- How critical are the affected systems to the organization?
- How widespread is the incident to the outside world?
- How quickly can the organization recover?
Read the rest of Chapter 2, Business drivers for creating an incident response process and conducting digital forensics investigations
