Computer Security Breach
Bad things can happen at any place and any time when talking about computer security incidents. Not everything goes perfectly fine when a computer system is involved. It could be something as simple as a bad cable or it could be as horrible as a hacker trying to steal all of your information. Either way, it probably isn’t going to end well.
Additionally, the FBI and the Computer Security Institute, in their annual survey on computer crime and information security, gathered the following disturbing facts in 1998: 1) 64 percent of respondents reported a security breach in 1998 — up 16 percent from the previous year; 2) security breaches cost the respondents who could quantify losses a total of $136,822,000 — up 35 percent over the previous year; 3) 18 percent of respondents had no idea whether or not they had been hacked; 4) only 38 percent of respondents had a written intrusion policy, and only 22 percent had an evidence handling policy; 5) 74 percent of respondents reported attacks from inside their networks, and 70 percent reported attacks …show more content…
initiated from outside; 5) disgruntled employees accounted for attacks reported by 89 percent of the respondents, while outside hackers accounted for 79 percent (all respondents reported attacks from multiple sources). These are some horrifying numbers and bits of information. This means that security was extremely lax on these systems based on the reports from the respondents.
When it comes to Computer Security Incidents many companies or corporations will create what’s known as CSIRT (Computer Security Incident Response Team). This team has multi-disciplined individuals who have the appropriate legal, technical and other expertise that are necessary in dealing with the incidents that may arise. This team responds to many incidents, including: network breaches or computer intrusions.
When a security investigation must occur, there are steps that are normally taken. These eight steps are: pre-incident preparation, incident detection, response preparation, and investigation. Let’s see what each of these steps mean.
During the Pre-Incident Preparation, it is difficult to prepare anything before something happens. This step is primarily done by the management team. A need is identified as to why an incident response is necessary.
The next step is the Incident Detection stage. During this step, the actual incident is occurring. This step is used to figure out how the incident was noticed. Did someone physically see it happen in real time or did someone see it on camera. Other possible incidents might not have been seen but observed later (fraudulent charges made on a company credit card). Computer and technology incidents could possibly occur in real time, if the organization has antivirus or firewall software that alerts the CSIRT team as it’s happening. Sometimes, however, the people or team that detect the incident may not have the authority to investigate it. There may be policies that do not allow the actual person who noticed the incident to investigate it.
The next stage is the Incident Response.
During this stage, an initial investigation is begun. Basic details of the incident are logged and recorded. The CSIRT is brought in and the information and reports are relayed to them. The CSIRT notifies management or the supervisors of what occurred and what their next step will be.
The next step is Formulating a Response Strategy. Based on the results of all the known facts of the investigation, the CSIRT will determine the best response to the incident and will receive approval from the management of the supervisors to pursue any type of legal or administrative action.
The next step is Reporting. It is exactly what it sounds like. During this stage, reports are put together that explain in great detail every piece of information that was gathered about the incident, how it occurred, and what the response was. These reports are given to the management or supervision
staff.
And the final stage is Resolution. In this stage, you take all of the information that was learned during all the stages and use that information to develop a long term plan to counter any incident of the same type for the future.
Both private and public entities can use these steps and the CSIRT. Most public corporations have some form of IT Department. Within this department are members of staff that could be part of a CSIRT. However, in private companies or the government have their own governing body that handles all of their IT issues. Many of the federal government departments rely on multiple people brought together from all of the other agencies to create a “task force” of sorts to help each other when it comes to Computer Security Incidents. This task force would probably be comprised of people from the: FBI, CIA, NSA and other agencies like this. Many of the people on this task force would have a background in Computer Science and have a lot of life experience in the field of Computer Science. The testing is rigorous but the payoff has got to be worth it.
Computer Security is an ever growing process with hundreds of companies trying to figure a way for consumers to be able to work with the internet or their computer with as much safety as possible.
Additionally, the FBI and the Computer Security Institute, in their annual survey on computer crime and information security, gathered the following disturbing facts in 1998: 1) 64 percent of respondents reported a security breach in 1998 — up 16 percent from the previous year; 2) security breaches cost the respondents who could quantify losses a total of $136,822,000 — up 35 percent over the previous year; 3) 18 percent of respondents had no idea whether or not they had been hacked; 4) only 38 percent of respondents had a written intrusion policy, and only 22 percent had an evidence handling policy; 5) 74 percent of respondents reported attacks from inside their networks, and 70 percent reported attacks …show more content…
initiated from outside; 5) disgruntled employees accounted for attacks reported by 89 percent of the respondents, while outside hackers accounted for 79 percent (all respondents reported attacks from multiple sources). These are some horrifying numbers and bits of information. This means that security was extremely lax on these systems based on the reports from the respondents.
When it comes to Computer Security Incidents many companies or corporations will create what’s known as CSIRT (Computer Security Incident Response Team). This team has multi-disciplined individuals who have the appropriate legal, technical and other expertise that are necessary in dealing with the incidents that may arise. This team responds to many incidents, including: network breaches or computer intrusions.
When a security investigation must occur, there are steps that are normally taken. These eight steps are: pre-incident preparation, incident detection, response preparation, and investigation. Let’s see what each of these steps mean.
During the Pre-Incident Preparation, it is difficult to prepare anything before something happens. This step is primarily done by the management team. A need is identified as to why an incident response is necessary.
The next step is the Incident Detection stage. During this step, the actual incident is occurring. This step is used to figure out how the incident was noticed. Did someone physically see it happen in real time or did someone see it on camera. Other possible incidents might not have been seen but observed later (fraudulent charges made on a company credit card). Computer and technology incidents could possibly occur in real time, if the organization has antivirus or firewall software that alerts the CSIRT team as it’s happening. Sometimes, however, the people or team that detect the incident may not have the authority to investigate it. There may be policies that do not allow the actual person who noticed the incident to investigate it.
The next stage is the Incident Response.
During this stage, an initial investigation is begun. Basic details of the incident are logged and recorded. The CSIRT is brought in and the information and reports are relayed to them. The CSIRT notifies management or the supervisors of what occurred and what their next step will be.
The next step is Formulating a Response Strategy. Based on the results of all the known facts of the investigation, the CSIRT will determine the best response to the incident and will receive approval from the management of the supervisors to pursue any type of legal or administrative action.
The next step is Reporting. It is exactly what it sounds like. During this stage, reports are put together that explain in great detail every piece of information that was gathered about the incident, how it occurred, and what the response was. These reports are given to the management or supervision
staff.
And the final stage is Resolution. In this stage, you take all of the information that was learned during all the stages and use that information to develop a long term plan to counter any incident of the same type for the future.
Both private and public entities can use these steps and the CSIRT. Most public corporations have some form of IT Department. Within this department are members of staff that could be part of a CSIRT. However, in private companies or the government have their own governing body that handles all of their IT issues. Many of the federal government departments rely on multiple people brought together from all of the other agencies to create a “task force” of sorts to help each other when it comes to Computer Security Incidents. This task force would probably be comprised of people from the: FBI, CIA, NSA and other agencies like this. Many of the people on this task force would have a background in Computer Science and have a lot of life experience in the field of Computer Science. The testing is rigorous but the payoff has got to be worth it.
Computer Security is an ever growing process with hundreds of companies trying to figure a way for consumers to be able to work with the internet or their computer with as much safety as possible.