Any incident with IT security is a serious one. As such, it’s important to consider how these kinds of incidents will be handled when they occur, and plan for them accordingly. The first step in this kind of strategy is to have a clear definition of what constitutes an IT security incident.
Steps To Better IT Security
The most effective way to define an IT security incident is to speak with the board of your company. Then a communications channel must be created so that the proper individuals can be notified in the event an incident occurs.
Staff will first need to know how to detect and report incidents, and then who to notify when something happens. This is usually an incident management team.
The Incident Management Team
Companies who may not have an incident management team in place can do so by choosing individuals with the ability to handle several aspects of an incident. Several individuals with different skillsets should be chosen. When an incident occurs, those people can be contacted and a team formed specifically for that incident.
The team should be tasked with assessing the company’s risk for a security breach. All critical business services should be considered when performing the assessment.
Alternative communication systems to email should be chosen beforehand in the event that an incident also takes down the company’s email system. All incident team members should be listed with their home or mobile number. Team members should be given the tools they need to fix the issue. This includes access to system logs.
Impact On The Business
The potential or actual impact of a security breach on the business should be the first thing assessed once a security issue has occurred. This can be easier to identify when the team considers the worst case scenario to be the actual scenario. Considering an incident in this manner will allow investigations to begin, at least until such time as facts have been presented and the actual impact is determined.
Damage Control
Once the impact has been realised, it’s time to contain it as much as possible with the purpose of limiting the impact on the company. It may be that some aspects of the business may need to cease temporarily in order to complete full damage control. Where this is the case, incident recovery may need to be placed on hold.
Forensic Data Collection
The scene of a security breach should be treated like any other crime scene. Data must be collected from all sources, properly and in a timely manner, to ensure that none is lost. This work should be performed by an uninvolved party, a chain of custody needs to be in place to ensure that there is information about each stage of collection. This kind of third party collection will allow for the establishment of the facts surrounding the incident.
Calling The Experts
It’s always a good idea to have experts on hand who can help to restore systems that have been compromised. Some components may need to be completely destroyed or cleansed, and if this is the case, a company like Absolute IT can help. Our services include the wiping of data from hard drives, removable media and other devices, as well as the complete physical destruction of these items if necessary. To comply with your chain of custody, we provide a guarantee of destruction, along with a full report outlining what items were destroyed on which dates.
Once you have recovered from a security incident, you can call us to keep your data safe moving forward. Our secure office boxes can be ordered in your requested size and placed at your site. Simply discard all unwanted computer items in the boxes, and call us when it’s full for secure pick-up, transport and destruction.
