RSS
Email
Print
ShareNetwork Forensics
Posted by Marisa Mack on December 3, 2004
The I-Team
Successful incident handling begins with a properly trained team (to find educational resources, see "Get Smart" on page 38). Your information security department may consist of a few trained individuals who carry out many roles, sometimes referred to as the "one person, 1,000 hats" infrastructure. Regardless, your infosec-response guidelines must clearly define the responsibilities of each business unit. Everyone from those in the executive suite down plays a part. Here's a breakdown of the roles organizations must fill, and their functions:
|
• The infosec executive steering committee sets direction for the information security department as a whole. This is where overall business risk is assessed and included in infosec policy development. Charged with making big-picture decisions, the committee evaluates the progress of and adherence to initiatives designed to protect the organization, for example, whether business units are complying with security policies. It usually comprises upper-level managers who are capable of performing cost-benefit analyses and providing direction based on the results--is the extra security offered by tokens, for example, worth the hardware and helpdesk costs? Most security pros would say yes, while those tasked with supporting end users might disagree.
• The information security department maintains all policies and standards, including the overall incident-response process. This team performs routine audits and assessments, including investigation of reported incidents. All new-project development must be evaluated and approved by this department, including changes or additions to both internal and external network presence and infrastructure. For instance, if HR wants to create a database of all employee contact information that's accessible to the entire company, it must obtain approval from the information security department before proceeding.
Add Your Comment: