Date post: | 21-Jan-2016 |
Category: |
Documents |
Upload: | ella-butler |
View: | 214 times |
Download: | 1 times |
1
Effective Incident Response
Presented by Greg Hedrick, Manager of Security Services
Copyright Purdue University 2007. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
2
Effective Incident Response
Why start a formal program?
Definition of an IT Incident
The Process
Infrastructure Requirements
Communications Channels
Notable Items
3
Why start a formal program?
Manage Communications
Proactive Opportunities
Awareness Opportunities
Regulatory Compliance
Standardize Procedures
Identify System Owners
4
Definition of an IT Incident
Purdue Policy Definition• Any event involving University IT Resources which
• violates Indiana state or U.S. federal law, or • violates regulatory requirements which Purdue is
obligated to honor, or • violates Purdue University policies, or • is determined to be harmful to the security and
privacy of University data, or IT Resources associated with, students, faculty, staff, and/or the general public, or
• is construed as harassment, or • involves the unexpected disruption of University
services.
5
The Process
6
The ProcessData Exposure Example
7
Infrastructure Requirements
People
Tools
Policy
Documented Procedures
8
Communication Channels
Secure Wiki
Policy
Presentations / Training
Trusted Community
Procedures
Mailing Lists
Monthly Reports
9
Notable Items
Clearly define “investigable” events Dedicate staff to the process Define “incident” carefully Clearly define roles and responsibilities Establish policy, procedures, training
and infrastructure in parallel Be prepared immediately for
management reporting