Title: IT Incident Response
1IT Incident Response
2What we really need
The goals
How to achieve this
People Process Technology
Architecture
Policies
Standards
What can we really do
Management by in
Standards Guidelines Procedures
System Safeguard
Security Internet architecture
3What we really need
The goals
Security Policies sets the stage for standards,
guidelines and procedures
Define what behavior is not allowed
Policies
Standards
Communicates consensus amongst governance
stakeholders
Facilitates the Good neighborly philosophy for
networking
Management by in
4What we really need
Security Policies must be
Implementable and enforceable Concise and
ambiguous Balance protection productivity Balanc
e protection productivity
The goals
Security Policies should
Policies
Standards
State reasons why policy is needed Describe the
coverage who, what where and how Define
contacts responsibilities Define how violations
will be handled
Management by in
5Policy Definitions
- Program Policy
- Used to create IT security program
- Sometime referred to as departmental or company
security policy - Issue-Specific Policy
- Addresses issues of concern (what-ever)
- System-Specific Policy
- Focuses on decisions to protect a particular
system - Procedures, standards, Guidelines are used to
describe how policies are implemented
6Tools to implement policy
- Operational Standard
- Specify uniform use of specific technologies
organization wide ID badges - Guidelines
- Recognize that IT systems vary and that
safeguards may be implemented in many ways - Procedures
- Detailed steps to be followed (set-up user
accounts) - Strategies
- Broad direction on implementation
- Directions
- Focused implementation Instructions
7Enforceability
- Policies
- In some jurisdictions, adherence to policy may
be the only legal enforceable document - Guidelines, standards, procedures should probably
have a very specific tractability reference to
policy check with legal department
8IP Service Categories
9Enterprise Wide Collaboration on Incidents
Technical Collaboration
Operation Collaboration
Incident Handling (Operational)
Incident Handling (Technical)
Incident Handling Forensic Analysis Criminal
Investigation