Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Network Forensics

The I-Team

Successful incident handling begins with a properly trained team (to find educational resources, see "Get Smart" on page 38). Your information security department may consist of a few trained individuals who carry out many roles, sometimes referred to as the "one person, 1,000 hats" infrastructure. Regardless, your infosec-response guidelines must clearly define the responsibilities of each business unit. Everyone from those in the executive suite down plays a part. Here's a breakdown of the roles organizations must fill, and their functions:

Product Roll Call

Dig Deeper (on-site search queries)

Read On

• The infosec executive steering committee sets direction for the information security department as a whole. This is where overall business risk is assessed and included in infosec policy development. Charged with making big-picture decisions, the committee evaluates the progress of and adherence to initiatives designed to protect the organization, for example, whether business units are complying with security policies. It usually comprises upper-level managers who are capable of performing cost-benefit analyses and providing direction based on the results--is the extra security offered by tokens, for example, worth the hardware and helpdesk costs? Most security pros would say yes, while those tasked with supporting end users might disagree.

• The information security department maintains all policies and standards, including the overall incident-response process. This team performs routine audits and assessments, including investigation of reported incidents. All new-project development must be evaluated and approved by this department, including changes or additions to both internal and external network presence and infrastructure. For instance, if HR wants to create a database of all employee contact information that's accessible to the entire company, it must obtain approval from the information security department before proceeding.

  • 1