Wednesday, January 16, 2008

A Security Incident looked at closely

Incident Response, Handling, Management and Post-Incident actions are crucial to any Security program and this is a well recognized fact. Many companies do not test their systems, many do tests using internal 'gurus' who are generalists or hobbyists, some do it for the sake of meeting a regulatory requirement and so on. And unfortunately there are attacks and then there are attacks which are undiscovered.

And there was the mother of all compromises - the TJX Maxx incident which went undetected for more than a year.

A very interesting 'anatomy' of a hack was published and provides a situational view of what is happening and what to do.

Anatomy of a hack attack
Sally Whittle
Published: 07 Jan 2008 16:39 GMT

With the help of security experts, we recreate a typical hack attack on two large organisations and walk through the steps that the head of IT should follow in such a case.

(the print version of this article is here)

It will be to the advantage of the security organization to build a culture of proactive security and to continuously update and test their responsiveness to incidents. The security officers must also participate in meetings with law enforcement agencies to be informed about ground realities and any happenings which may affect their organization too.


No comments: