Information Security Governance Papers
| Paper Title | Incident Response |
|---|---|
| The Abstract of The Paper |
Attacks on information systems and networks have become more numerous, sophisticated, and severe in recent years. While preventing such attacks would be the ideal course of action for organizations, not all information system security incidents can be prevented. Every organization that depends on information systems and networks to carry out its mission should identify and assess the risks to its systems and its information and reduce those risks to an acceptable level.78 An important component of this risk management process is the trending analysis of past computer security incidents and identifying effective ways to deal with them. A well-defined incident response capability helps the organization detect incidents rapidly, minimize loss and destruction, identify weaknesses, and restore information technology (IT) operations rapidly.
The Federal Information Security Management Act (FISMA) specifically directs federal agencies to develop and implement procedures for detecting, reporting, and responding to security incidents. In addition, OMB79 directs federal agencies to identify in their FISMA report any incidents (physical or electronic) involving the loss of or unauthorized access to personally identifiable information (PII) and report them according to the policies outlined in OMB Memorandum.80 Federal civilian agencies are responsible for reporting all computer security incidents to the United States Computer Emergency Response Team (US-CERT) in the Department of Homeland Security and for documenting the corrective actions taken and their impact. Specifically, agencies are responsible for reporting all incidents involving PII to the (US-CERT) within one hour of discovering the incident. Further, policy guidance issued by the OMB in Circular No. A-130, Appendix III, requires that agencies have a capability to provide help to users after a system security incident occurs, and to share information concerning common vulnerabilities and threats. National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61, Computer Security Incident Handling Guide, details a four-phase incident |
| Web Link | http://csrc.nist.gov/publications/nistpubs/800-100/SP800-100-Mar07-2007.pdf |