Incident response process brings ROI and peace of mind

Cybercrime: Incident Response and Digital Forensics By Robert Schperberg 218 pages; $40-55 Information Systems Audit and Control Association

In this excerpt of Chapter 2 from ISACA's Cybercrime: Incident Response and Digital Forensics, author Robert Schperberg looks at the benefits of instituting an incident response process.

Today, global organizations rely on the Internet, VPNs, WANs and LANs to conduct their day-to-day business. Many global organizations rely on e-commerce to produce revenue.

Skeptics ask: Why the need for the elaborate processes, and why spend money on building a program that does not contribute to the bottom line? The answer to this question is provided by a sample of activities that take place in the cyberenvironment, reinforcing the need to create a cyber-response program to investigate cyberattacks and cyberfraud, and conduct digital forensics evidence recovery and analysis.

In 2005, one in five enterprises is expected to experience a serious Internet security incident targeting information and intellectual property, Gartner analysts predict. Of all future attacks, nearly one in three will be financially or politically motivated, according to Richard Hunter, a Gartner vice president and research director. Cybercriminals are taking advantage of users, enterprises and unsecured systems to usher in high-profit, low-overhead crimes.

More information Download Chapter 2, Business drivers for creating an incident response process and conducting digital forensics investigations Learn more about incident response in our resource center Read more book excerpts, chapters and reviews What's on your bookshelf? Share your favorite infosec titles with the editor

Incident response is a vital part of any successful IT program. It is frequently overlooked until a major security breach occurs, resulting in untold amounts of unnecessary time and money spent, not to mention the stress associated with responding to a crisis. Potential risks that could occur as a result of any cybercrime incident include:

• Threat to human life
• Financial loss
• Exposure to legal liability
• Loss of customer confidence
• Damage to organizational reputation
• Loss and unauthorized modification of data
• Threat to national security

A solid incident response program can save an organization a substantial amount of money and a significant degree of embarrassment. The following are generally cited as business drivers of implementing security programs to combat cybercrime, thus enabling executive management to improve the ROI of implementing incident response programs and use digital forensics:

Increased security — By establishing an incident response team and implementing an incident response program, management can have the peace of mind that the enterprise's information assets are secure through incident response tools and techniques (described in more detail in the later chapters of this document).

When a professional incident response team is deployed for a problem, it can significantly reduce the monetary loss and embarrassment the organization could suffer. The team determines, usually in a short time, the answers to the following questions:

• Who are the potential intruders?
• What is the sensitivity of the compromised information?
• What is the level of unauthorized access obtained by the attacker?
• How long will the affected systems remain down?
• How critical are the affected systems to the organization?
• How widespread is the incident to the outside world?
• How quickly can the organization recover?

Read the rest of Chapter 2, Business drivers for creating an incident response process and conducting digital forensics investigations

BROWSE BY TAG Network Intrusion Detection and Analysis,   Enterprise Network Security,   Information Security Incident Response,   Application and Platform Security,   Windows Security: Alerts, Updates and Best Practices,   Operating System Security,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Information Security Incident Response Tying log management and identity management shortens incident response Tabletop exercises sharpen security and business continuity Security book chapter: Applied Security Visualization The challenges of incident response plans and procedures CISOs, human resources cooperation vital to security After a data breach, are there legal implications of sharing details? Boosting morale of the information security staff after a data breach Recovering stolen laptops one step at a time IT security pros face challenge during economic crisis Spotlight article: Domain 9, Physical Security Information Security Incident Response Research Windows Security: Alerts, Updates and Best Practices When BIOS updates become malware attacks Microsoft patches WebDAV security vulnerability in bevy of updates Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Hackers targeting unpatched Microsoft DirectShow flaw Microsoft warns of IIS zero-day vulnerability Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw How to perform Microsoft Baseline Security Analyzer (MBSA) scans Microsoft patches serious Excel zero-day, Windows flaws Microsoft Stirling Beta 2 release includes Exchange SaaS offering

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary incident response  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary