This preview shows page 1. Sign up to view the full content.
Unformatted text preview: breach disclosure laws that require organizations to
notify the public if a security breach involving personally identifiable information is
even suspected. So it’s to your benefit to make sure you are open and forthright with
third parties. ch10.indd 882 12/4/2009 11:39:10 AM All-in-1 / CISSP All-in-One Exam Guide, 5th Ed. / Harris / 160217-8 Chapter 10: Legal, Regulations, Compliance, and Investigations 883
A sound incident-handling program works with outside agencies and counterparts.
The members of the team should be on the mailing list of the Computer Emergency
Response Team (CERT) so they can keep up to date about new issues and can spot malicious events, hopefully before they get out of hand. CERT is an organization that is
responsible for monitoring and advising users and companies about security preparation and security breaches.
NOTE Resources for CERT can be found at www.cert.org/certcc.html and
www.cert.am. Incident Response Procedures
In the preceding sections, it is repeatedly stated that there should be a standard set of
procedures for the team to follow, but what are these procedures? Although different
organizations may define these procedures (or stages) a little differently, they should
accomplish the exact same thing. To further complicate matters, incident response is a
dynamic process. Oftentimes stages are conducted in parallel, even as one stage depends on the output of another. The important thing is that your organization uses a
methodical approach. This allows for proper documentation that may be important in
later stages of the incident response process or if the case goes to trial and you are asked
whether you followed a standard procedure and whether any steps were left out. A
documented checklist of your incident response procedure will help ensure admissibility in court.
You should understand the following set of procedures for incidence response:
Recovery When an event has been reported by employees or detec...
View Full Document
This note was uploaded on 06/01/2013 for the course NET 125 taught by Professor Hurst during the Fall '12 term at Wake Tech.
- Fall '12