Susan Carter | June 18, 2013
An incident response plan (IRP) should take its place right beside the business continuity and disaster recovery plans. It is that important! This plan should be considered a key corporate document that helps improve the chances that your company would survive the unexpected.
The plan should be designed to contain broad procedural guidelines that can be applied to the majority of security incidents. The bulleted list below can be used to evaluate your company’s IRP. Your IRP should include:
- Senior management approval/buy-in (very important)
- Team structure (Include appropriate technical subject matter experts, identified by their areas.)
- Team roles
- Complete on-call information including home phones and alternates
- Organizational approach to incident response
- Incident severity rating guidelines to help determine if the IR team needs to be...
Tags: data security best practices, incident response, information security, planning, preparation, risk analysis, risk assessment, security best practices, security policy, security tips, self-assessment questionnaire
Jon-Louis Heimerl | June 14, 2013
As part of their PRISM program, the National Security Agency (NSA) reportedly uses data from a variety of sources in attempts to track threats to the United States. The fact that some of the sources are U.S. based providers who are otherwise widely respected and used has helped elevate public concern and outcry over what is generally perceived to be new violations of our privacy rights. This is on top of the dramatic changes we have already seen in the way we treat our own privacy, and the role of information technology and social media in our day-to-day lives. There may be an illusion of privacy from days gone by, but we should, by now, know perfectly well that we no longer have the same level of privacy that we use to.
We reveal our secrets to Facebook and other social media. We allow ourselves to be tracked by cookies, or... read more >
Tags: electronic communication privacy legislation, information security, internet privacy, privacy, Social Media Security, PRISM
Joseph (J.B.) Blankenship | June 13, 2013
My girlfriend and I are currently in the process of buying a new house. After being in an apartment for some time, we're excited to get a little more space and our own yard. I'm looking forward to many cookouts this summer (something I couldn't really do on the tiny balcony at our apartment).
Once we take possession of our new home, securing the property will be one of the first priorities (along with painting multiple rooms and thinning the jungle of vegetation that makes up much of the yard). Keeping ourselves safe and protecting our stuff from theft is, after all, fairly important.
As part of my plan to secure the property, I plan to have all of the locks rekeyed (who knows who all has keys to the front door) and to install a home alarm system. It's a nice neighborhood and all, but why take chances?
Home Security vs. IT Security
Often, when I’m asked what Solutionary does by people who are not involved in the IT... read more >
Tags: it security, log monitoring, managed security service provider, Managed Security Services, security, security intelligence
Don Gray | June 10, 2013
Most people assume IRP stands for “Incident Response Plan,” but after providing managed security services, as well as identifying and helping our clients respond to security incidents for 13+ years, Solutionary takes a different view.
Incident Response is about how you respond to an incident. While this is an accurate statement, it is not quite as simple as that sounds. Think about how this works in real-life.
Company A: Has an incident response plan but has done nothing to prove it actually works; they have great technical staff, and are confident in their ability to react to an incident if one happens. When they are breached, they react using an unproven plan. Someone calls the database administrator (DBA) who, unfortunately, left the organization 6 months beforehand. After some scrambling, the replacement DBA steps in. He does not have the same skills as his predecssor and accidentally... read more >
Tags: breach, incident response, log monitoring, Managed Security Services, security
Robert (RJ) Jeffries | June 04, 2013
On May 29, 2013, Google announced plans to increase the pace of their disclosure timeline for observed zero day vulnerabilities. The measure appears to specifically target issues that were previously unknown and are actively under attack. Basing this action on their standing recommendation to provide patches within 60 days of discovery, the Internet giant appears to be taking the stance that they will release details of critical vulnerabilities under active exploitation within seven days of the time they are first observed if the vendor cannot release a patch. According to the article, the premise for this new action is that the longer zero day vulnerabilities go unannounced, the more systems... read more >
Tags: patch, vulnerabilities, zero-day
Rob Kraus | May 30, 2013
How well is your security program operating?
Are the security controls you funded effective?
Have you applied some methodology to determine if you are achieving a return on investment (ROI) for your security initiatives?
Often the biggest battle faced when defining the security vision of an organization is budget; a six-letter word that keeps our hands tied and can impact effectiveness and robustness of an organization’s ability to thwart attacks.
However, in some cases you may obtain the appropriate budget and be able to implement your security vision. With this in mind, how does your organization realize the value of that investment?
Security controls are often intangible and hard to prove ROI. Organizations must define the terms in which they deem a security initiative and deployment to be a success. This can apply to a single component within the security vision, or the vision in its entirety.
Examples of... read more >
Tags: it security, security program
Jacob Faires | May 28, 2013
Computer security is a fickle thing. It demands attention. It demands scrutiny. It demands follow through. When devising a security plan for your network, ensure that the protection completely encompasses your network.
In the physical security realm, if you put up a fence to keep people out, then install razor wire because you really want people to stay out, but don’t put razor wire over that part of fence in the corner, your security has failed. Or if you check badges at the front gate but leave the back gate unlocked, your security has failed. Sure, you could put cameras at the weak points in the fence. “Defense in depth” exists for a reason. The point I’m making is that the original defense was a failure because of a fundamental flaw in its design and implementation. Even though security was in place it, was unable to properly deter a determined opponent.
This is akin to leaving ports open. In this day and... read more >
Tags: defense, security