Network Computingwww.networkcomputing.com

Network Forensics

Posted by Marisa Mack
December 03, 2004

Tags: Forensic ToolKit, AccessData Corp., Email Examiner, Encase, Guidance Software, Paraben Corp, ProDiscover, Sleuth Kit, Tech-nology Pathways, chain of custody, dtSearch, dtSearch Corp, evidence, hash, incident investigation, intellectual property theft, le-gal team, network forensics, network penetration, Access and Physical Security, Cyberterrorism, Data Protection, Government/Legal/Regulatory, Other, Security Policies and Management, Security and Privacy, Software and Web Development, Threats and Attacks, information security

Channel: Other, Data Protection

The I-Team

Successful incident handling begins with a properly trained team (to find educational resources, see "Get Smart" on page 38). Your information security department may consist of a few trained individuals who carry out many roles, sometimes referred to as the "one person, 1,000 hats" infrastructure. Regardless, your infosec-response guidelines must clearly define the responsibilities of each business unit. Everyone from those in the executive suite down plays a part. Here's a breakdown of the roles organizations must fill, and their functions:

• The infosec executive steering committee sets direction for the information security department as a whole. This is where overall business risk is assessed and included in infosec policy development. Charged with making big-picture decisions, the committee evaluates the progress of and adherence to initiatives designed to protect the organization, for example, whether business units are complying with security policies. It usually comprises upper-level managers who are capable of performing cost-benefit analyses and providing direction based on the results--is the extra security offered by tokens, for example, worth the hardware and helpdesk costs? Most security pros would say yes, while those tasked with supporting end users might disagree.

• The information security department maintains all policies and standards, including the overall incident-response process. This team performs routine audits and assessments, including investigation of reported incidents. All new-project development must be evaluated and approved by this department, including changes or additions to both internal and external network presence and infrastructure. For instance, if HR wants to create a database of all employee contact information that's accessible to the entire company, it must obtain approval from the information security department before proceeding.

Related Reading

More data-protection Insights