|
Knowledge, vigilance, and preparation
are the keys to effective security. Yet, many enterprises do not
think about how to respond to computer security incidents until
they have been hit. Often, the victims say and believe that they
are “secure,” yet have no formal incident detection
and response mechanisms or policies in place. All too often, the
violated enterprise is unaware, finding out about intrusions only
when an outside party discovers, and maybe even becomes the collateral
victim of, the situation.
Whether our clients need to prepare
to meet intrusions or are in the midst of a violation and need immediate
assistance, Polar Cove can help.
Security policies developed with
Polar Cove’s assistance help clients define all of the steps
and components for protecting valuable information-based resources
before an attack occurs. Possible threats are determined, and the
necessary actions are described. A documented plan and set of procedures
are established in order to mount a coordinated response.
When a client needs help in responding
to an actual incident, Polar Cove assists in containing the attack.
Working onsite, analysts quickly and reliably identify the events
that threaten security posture. Impact, scope, severity, and containment
options are then determined. Countermeasures are developed to contain
and then to halt the intrusion while minimizing as much as possible
the impact on core functions. When legal verification of an intrusion
is required, Polar cove works with clients to gather and prepare
the evidence.
Intrusion Response includes:
If an intrusion has not occurred:
- Establishing management-level guidelines
and rules for responding to intrusions.
- Reviewing procedures and policies to
help ensure that they are legally defensible and conform to
each client’s policies as well as to the client industry’s
best practices.
- Documenting the response procedures.
- Assist in a legal review of developed
intrusion policies and procedures, ensuring that they are legally
defensible, and conform to company policies and industry best
practices, demonstrating due care.
- Configuring response tools and processes.
- Training designated staff.
- Prepare staff and configure tools
for response procedures.
If an intrusion is underway:
- Analyze all available information.
Characterize and understand the intrusion.
- Consult with all parties—operations,
management, legal, public relations—that need to be aware
of the intrusion and progress.
- Employ computer forensic techniques
to contain, collect, and protect information associated with
the intrusion.
- Maintain chain of custody protocols
and procedures to be followed for all data collection.
- Contain the intrusion, minimize the
negative impact, and then eliminate means of access.
Polar Cove’s detailed
reports document the preventative or responsive activities that
have been taken, along with supporting incident analysis and documentation.
Specific policies, and the steps for implementing them, are provided.
Download
this text as PDF
[ Back to Top ] |
|
| You
Should Know... |
| Through
2005, 20 percent of enterprises will experience a serious
Internet security incident that is beyond a virus. Cleanup
costs of such incidents exceed prevention costs by 50 percent
Source: Gartner
more
» |
| Contact
us |
For any questions
you may have, contact us at 
1-401-454-3939.
Our Polar Cove representative will answer and assist you with
your specific needs. |
|
