
Information security incidents in the news
There are far too many incidents to list here, unfortunately, so instead these are some of the key resources we use routinely to find out about and learn from incidents (favorites first):
Managing & responding to IT incidents
  Information Security Management with ITIL
v3 by Cazemier et al (€40 from the publisher) is an excellent guidebook for organizations that use ITIL and/or ISO27k. We’re reviewed the book here. Incident management is a Big Thing in ITIL. An updated ISO?IEC 20000 is on its
way - should be released towards the end of 2011 or early 2012.
Information Security Incident Management - A Methodology by Neil Hare Brown (£50 from BSI) is worth buying if you are designing or
reviewing information security incident management processes, perhaps as part of implementing ISO/IEC 27002, and if you work in a government or large commercial organization that needs a comprehensive, well
-structured incident management process. Read our book review for more.
SP800-61 Revision 1 is the Computer security incident handling guide, as usual from NIST, gives the full nine
yards. SP800-86 Guide to integrating forensic techniques into incident response delves more explicitly into
the forensic elements of IT incident responses.
A panel of experts assembled by SANS explain how to liaise with law enforcement on security incidents.
Incident Response and Computer Forensics, second edition by Chris
Prosise, Kevin Mandia and Matt Pepe (~$34 from Amazon) explains in a reasonably generic and timeless way how to tell when a computer system has been, or is being, attacked and how to respond to that. Despite its age, the book’s good reviews from information security graybeards bode well.
In Incident Response: A Strategic
Guide to Handling System and Network Security Breaches (~$24 from Amazon), authors Eugene Schultz and Russell Shumway give us the benefit of their considerable experience in the field.
Combining procedural, technical, legal and policy matters, the book is a useful guide to professional incident response processes and teams, plus forensic techniques and tools.
Despite being an ancient text, Incident Response by Ken van Wyk and Richard Forno (long since out of print) remains a
decent broad but shallow introductory-level text to a field that actually hasn’t progressed much in all that time.
The mother of all incident management teams is the Computer Emergency
Response Team Coordination Center CERT/CC, set up by the US DoD in 1988 in the wake of the original Morris Worm at at Carnegie Mellon University's
Software Engineering Institute. CERT commands enormous respect in the incident management community and remains the reference. Their mission is
not to respond directly to individual incidents but to coordinate overall responses.
Watchguard’s VML exploit video is an object lesson in technical awareness
presentations - professionally produced, clear, straightforward and just over 4 minutes long.
Through the use of networks of hundreds or thousands of zombie PCs (compromised PCs on high-bandwidth/broadband connections) to exploit
architectural ‘features’ of the Internet, Distributed Denial of Service (DDoS) attacks by extortionists on web
-based businesses are all but impossible to prevent. Online gambling and other financial sites have mostly been targeted to date. Having already been DDoS’d a year before, WorldPay was hit again. An email to
customers confirmed that their data are secure and contingency plans are in place (although in practice the site was evidently reduced to a crawl), but the attack can hardly enhance the bank’s reputation with its
customers.
The Forum of Incident Response Teams FIRST is a club for over 170 incident response teams worldwide. As
well as helping each other, members have prepared and published a range of system security configuration guides.
Information security incidents come in all shapes and sizes. This news story, for example, concerned
allegations that source code had been stolen from an Indian software company. One hurdle to any investigation of the case is that the facility fell short on security, according to investigators. “It does not have
a security policy, it has no log of the computer and network activity at the center, and passwords are known to all and sundry,” said technical consultant Vijay Mukhi. So much for preventive controls.
In Help! I think I’ve been hacked, author Tony Bradley discusses incident response processes for individuals
whose PCs have been compromised by malware, in particular.
The Computer Incident Response Team’s desk reference guide is a manual describing the US Federal
Communications Commission’s incident response process.
Related NoticeBored links collections
Information security risk management and contingency planning,
NB: we do not necessarily endorse or agree with the third party websites accessible through the links. Use at your own risk. Please let us know about broken links on this page and especially additional resources you
would recommend to others.
|