Guide: How to Manage an Attack

Monday, August 13, 2012 @ 11:08 AM gHale


One of the biggest issues a company has in facing a possible cyber attack is they do not have a plan in place on how to deal with an intrusion.

That can now change as there is now a renewed guide out on how to manage computer security incidents is now available.

RELATED STORIES
Threats Rise, so Should Security
Black Hat: New Security Paradigm
ICS-CERT: Attacks on Rise
Cyber Secure Device Certification

While the publication mainly deals with the government, it can also apply to the private sector. The publication focuses on best practices from government, academic and business organizations, and includes a new section expanding on the important practice of coordination and information-sharing among agencies, according to the National Institute of Standards and Technology (NIST), which wrote the guide.

Government agencies face daily threats to their computer networks and the Federal Information Security Management Act (FISMA) requires government agencies to establish incident response competencies. NIST said its researchers revised the guidance in the publication to cover challenges related to today’s evolving threats.

The revised NIST guide provides step-by-step instructions for new, or well-established, incident response teams to create a proper policy and plan, it said.

NIST recommends each plan have a mission statement, strategies and goals, an organizational approach to incident response, metrics for measuring the response capability, and a built-in process for updating the plan as needed. The guide recommends reviewing each incident afterward to prepare for future attacks and to provide stronger protections of systems and data.

“This revised version encourages incident teams to think of the attack in three ways,” said co-author Tim Grance, Computer Security Division at the Information Technology Laboratory at NIST. “One is by method — what’s happening and what needs to be fixed. Another is to consider an attack’s impact by measuring how long the system was down, what type of information was stolen and what resources are required to recover from the incident. Finally, share information and coordination methods to help your team and others handle major incidents.”

A draft version of the guide covered agencies sharing and coordinating information, but public comments called for more detailed information in this area, and the authors added a section on this topic to meet the requests, NIST said. The guidance said trusted organizations should share information about threats, attacks and vulnerabilities so each organization they can learn from each other.

By reaching out to the trusted group during an attack, one of the partners may recognize the unusual activity and make recommendations to quash the incident quickly. Also, some larger agencies with greater resources may be able to help a smaller agency respond to attacks.

The guide provides recommendations for agencies to consider before adding coordination and information sharing to the incident response plan, including how to determine what information it should share with other organizations and consulting with legal departments.



Leave a Reply

You must be logged in to post a comment.