Cert is an organization that is responsible for

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: breach disclosure laws that require organizations to notify the public if a security breach involving personally identifiable information is even suspected. So it’s to your benefit to make sure you are open and forthright with third parties. ch10.indd 882 12/4/2009 11:39:10 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 Chapter 10: Legal, Regulations, Compliance, and Investigations 883 A sound incident-handling program works with outside agencies and counterparts. The members of the team should be on the mailing list of the Computer Emergency Response Team (CERT) so they can keep up to date about new issues and can spot malicious events, hopefully before they get out of hand. CERT is an organization that is responsible for monitoring and advising users and companies about security preparation and security breaches. N OTE NOTE Resources for CERT can be found at www.cert.org/certcc.html and www.cert.am. Incident Response Procedures In the preceding sections, it is repeatedly stated that there should be a standard set of procedures for the team to follow, but what are these procedures? Although different organizations may define these procedures (or stages) a little differently, they should accomplish the exact same thing. To further complicate matters, incident response is a dynamic process. Oftentimes stages are conducted in parallel, even as one stage depends on the output of another. The important thing is that your organization uses a methodical approach. This allows for proper documentation that may be important in later stages of the incident response process or if the case goes to trial and you are asked whether you followed a standard procedure and whether any steps were left out. A documented checklist of your incident response procedure will help ensure admissibility in court. You should understand the following set of procedures for incidence response: • Triage • • • • • Investigation Containment Analysis Tracking Recovery When an event has been reported by employees or detec...
View Full Document

This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.

Ask a homework question - tutors are online