Information Security

Defending the digital infrastructure

Tommi - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Security incident handling: Prepare to find answers

CISOs work in stressful scenarios. Before you face executives armed with questions about security incident handling, it's time to formulate some of your own.

Never be afraid to ask a question is the well-trodden mantra of journalists everywhere. But it may surprise you to know astronomer Carl Sagan is among those credited with the axiom:

"There are naive questions, tedious questions, ill-phrased questions, questions put after inadequate self-criticism. But every question is a cry to understand the world. There is no such thing as a dumb question," the Pulitzer Prize-winning author wrote in his book The Demon-Haunted World: Science as a Candle in the Dark.

CISOs often find themselves in stressful scenarios, where clear communication about security incident handling can result in better decision-making. As the "unofficial" leader of the path forward in a potentially damaging security incident, is it safe to assume that all servers were patched as directed? That no files were transferred to and from the systems? The answer is probably no.

We explore security incident handling and some of the gaps that organizations and technology vendors are attempting to address in this month's cover story. Time to respond is a big one. NCR product management director Lenny Zeltser, who is well known for his work in antimalware and digital forensics, advises those tasked with security incident handling to have specific questions ready in advance to quickly gain control of the incident and response.

Finding vulnerabilities takes some skill, but experience and resources play a part, too. A December 2015 study found that, while 77% of the 200 U.S. security professionals surveyed indicated that their organizations had the tools to fight malware, those with a CISO or CSO function had a higher confidence level. Moreover, 94% of the companies with CISOs had dedicated incident response teams or security operations centers, compared with 48% of organizations without a chief of security.

More companies, beyond high tech, are also reaching out to the security research community at large for help with finding and fixing vulnerabilities. General Motors launched a vulnerability disclosure program in January, minus the monetary rewards.

Invitation-only bug bounty programs are also on the rise. We explore the risks and "rewards" of bug bounty programs in "Inside the Minds of Big Bounty Researchers."

Crowdsourcing and the role of researchers are both hot topics at RSA Conference 2016 (perhaps its last hurrah), as the hills of San Francisco welcome thousands of security professionals this week. Ironically, the area around the Moscone Center is notorious for credit card fraud and ID theft. (I should know—it happened to me.) Former guests of one Nob Hill hotel warned other travelers recently about employees who appeared to be skimming credit cards. Of course, the hotel, while admitting there was an issue related to unapproved charges, blamed it on buggy software.

Article 4 of 5

Next Steps

When to call emergency incident response providers 

The CISO's role in incident response 

NIST incident response guidelines updated

This was last published in March 2016

Dig Deeper on Information Security Incident Response-Information

Get More Information Security

Access to all of our back issues View All