Read NBlog, the NoticeBored blog
Click the banner for the site map of NoticeBored.com, the information security awareness service
Incident management resources

   

Rather than cross your fingers

Information security incidents in the news

There are far too many incidents to list here, unfortunately, so instead these are some of the key resources we use routinely to find out about and learn from incidents (favorites first):

  • Google, of course.  We search often using the Google toolbar in our browser.  We have learnt to craft more effective queries by exploiting Google’s search syntax including the advanced search functions
  • Google Alerts are a set-n-forget way to trawl the Web daily for specific news and tidbits relevant to the monthly topics, especially since we discovered how to integrate alerts into our RSS/blog reader …
  • Google Reader is, currently, our RSS/blog reading weapon of choice.  Have you spotted the not-too -subtle pattern here?  Google rocks! 
  • ISN (InfoSecNews) delivers an excellent daily selection of relevant news clippings by email.  The really nice thing about this one is that not only do they manage to find topical stuff that other sources seem to miss, but they provide a neat summary and nice clean URL to the original source.  [ISN is a free service but we’re happy to make the occasional donation to help keep it going.]
  • Hyperlinks embedded within other sources.
  • Blogs, particularly information security blogs from information security gurus and respected tech journalists, but sometimes we enjoy naïve or counter-cultural blogs, even a few from the Dark Side, the hacker underground (as in ‘know your enemy’!).  Check our blogroll (lower right) to see whose blogs we’re currently following.
  • RISKS-List - news and discussion about incidents of all sorts, not just information security ones.
  • Academic and trade journals, such as EDPACS, ISSA Journal and (ISC)2 Journal.
  • SANS Internet Storm Center reports on Internet security incidents in real time.
  • Industry associations, meetings and peers.
  • Magazines such as Hackin9 and ClubHACK.
  • General news media – yes, even TVNZ, the BBC, CNN and others occasionally highlight information security incidents or issues that haven’t already come to our attention elsewhere, albeit rather superficially and usually with a distinctly distasteful whiff of geekiness about the journalism.
  • Information security surveys such as those from Secunia, CSI and PwC (including the biannual breaches survey).  While these sometimes mention interesting incidents, they tend not to be very recent or go into enough depth to be much use.  Surveys are of more value for their information about information security threats that most other sources don’t often cover.

Managing & responding to IT incidents

read our book reviewRead our book reviewHot item Information Security Management with ITIL v3 by Cazemier et al (€40 from the publisher) is an excellent guidebook for organizations that use ITIL and/or ISO27k.  We’re reviewed the book here.  Incident management is a Big Thing in ITIL.  An updated ISO?IEC 20000 is on its way - should be released towards the end of 2011 or early 2012.

Information Security Incident Management - A Methodology by Neil Hare Brown (£50 from BSI) is worth buying if you are designing or reviewing information security  incident management processes, perhaps as part of implementing ISO/IEC  27002, and if you work in a government or large commercial organization that needs a comprehensive, well -structured incident management  process.  Read our book review for more.

SP800-61 Revision 1 is the Computer security incident handling guide, as usual from NIST, gives the full nine yards.  SP800-86 Guide to integrating forensic techniques into incident response delves more explicitly into the forensic elements of IT incident responses.

Hot item A panel of experts assembled by SANS explain how to liaise with law enforcement on security incidents.

Check the Amazon page for this bookIncident Response and Computer Forensics, second edition by Chris Prosise, Kevin Mandia and Matt Pepe (~$34 from Amazon) explains in a reasonably generic and timeless way how to tell when a computer system has been, or is being, attacked and how to respond to that.  Click here to read more about this book on AmazonDespite its age, the book’s good reviews from information security graybeards bode well.

Hot item In Incident Response: A Strategic Guide to Handling System and Network Security Breaches  (~$24 from Amazon), authors Eugene Schultz and Russell Shumway give us the benefit of their considerable experience in the field.  Combining procedural, technical, legal and policy matters, the book is a useful guide to professional incident response processes and teams, plus forensic techniques and tools.

va Wyk and Forno's bookDespite being an ancient text, Incident Response by Ken van Wyk and Richard Forno (long since out of print) remains a decent broad but shallow introductory-level text to a field that actually hasn’t progressed much in all that time.

Hot item The mother of all incident management teams is the Computer Emergency Response Team Coordination Center CERT/CC, set up by the US DoD in 1988 in the wake of the original Morris Worm at at Carnegie  Mellon University's Software Engineering  Institute.  CERT commands enormous respect in the incident management community and remains the reference.  Their mission is not to respond directly to individual incidents but to coordinate overall responses.

Watchguard’s VML exploit video is an object lesson in technical awareness presentations - professionally produced, clear, straightforward and just over 4 minutes long.

Through the use of networks of hundreds or thousands of zombie PCs (compromised PCs on high-bandwidth/broadband connections) to exploit architectural ‘features’ of the Internet, Distributed Denial of Service (DDoS) attacks by extortionists on web -based businesses are all but impossible to prevent.  Online gambling and other financial sites have mostly been targeted to date.  Having already been DDoS’d a year before, WorldPay was hit again.  An email to customers confirmed that their data are secure and contingency plans are in place (although in practice the site was evidently reduced to a crawl), but the attack can hardly enhance the bank’s reputation with its customers.

The Forum of Incident Response Teams FIRST is a club for over 170 incident response teams worldwide.  As well as helping each other, members have prepared and published a range of system security configuration guides.

Information security incidents come in all shapes and sizes.  This news story, for example, concerned allegations that source code had been stolen from an Indian software company.  One hurdle to any investigation of the case is that the facility fell short on security, according to investigators. “It does not have a security policy, it has no log of the computer and network activity at the center, and passwords are known to all and sundry,” said technical consultant Vijay Mukhi.  So much for preventive controls.

In Help! I think I’ve been hacked, author Tony Bradley discusses incident response processes for individuals whose PCs have been compromised by malware, in particular.

The Computer Incident Response Team’s desk reference guide is a manual describing the US Federal Communications Commission’s incident response process.

Related NoticeBored links collections

Information security risk management and contingency planning,

NB: we do not necessarily endorse or agree with the third party websites accessible through the links. Use at your own risk.  Please let us know about broken links on this page and especially additional resources you would recommend to others.
HomeLinks > Incident management >

Copyright © 2012  IsecT Ltd.