Home > Information Security Magazine > Features > CSI for the CISO
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

CSI for the CISO
by Marcia Savage
Issue: Sep 2007
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   9  |   10  |   NEXT PAGE  >

The updated Federal Rules of Civil Procedure are making an internal forensics lab a valuable asset for controlling future litigation costs, Spernow says. The new e-discovery rules require that parties in a lawsuit be able to articulate where in their infrastructure they have data relating to the case, provide estimates for the cost of extracting that data and criteria for filtering out privileged information.

"The identity of the data is something that anybody in IT can do, to show where it lives," Spernow says. "But extracting and filtering it based on privilege becomes a forensics issue."

The Law Enforcement Dilemma
Deciding when to call law enforcement after a breach can be difficult. It usually involves weighing a lot of factors--whether there's criminal activity suspected, the extent of damages and risk of public disclosure.

While law enforcement can have great resources to track down culprits, an organization essentially gives up control of an investigation when it calls for official help, Spernow says. Plus, there's the risk that corporate "jewels" could end up revealed in a court case.

The FBI's Beeson says an organization should have a good idea of what happened and its losses--estimates of downtime, personnel and lost business--before calling law enforcement.

"We don't have the resources to open a case on every single computer intrusion reported to us," he says. "Sometimes we have to tell the victim, 'Your losses just aren't substantial enough for the FBI to be involved.' "

Federal law requires a loss of $5,000 in computer intrusion cases, but federal prosecutors often raise the threshold much higher, he adds.

Lessons Learned
Besides having an incident response plan and preserving evidence properly, Jenkins says it's important for an organization to learn from a breach. Since the breach three years ago, which remains under FBI investigation, UW Medicine boosted its security dramatically. In addition to stepping up network monitoring with a Tipping Point network-based IPS, it also implemented host-based IPS/firewall systems and banned IRC and other peer-to-peer traffic.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   9  |   10  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts