Step No. 5: Learning From Your Company Security ExperienceThe follow-up to a security incident typically involves a round of vulnerability assessment. Security groups check to make sure that the remediation efforts truly eradicated the problem and patched the afflicted systems. Different types of attacks call for different recovery procedures. An unauthorized access incident could involve the attacker gaining root access to a system. If that’s the case, the recommended course of action is to change all of the passwords on the system, according to the National Institute of Standards and Technology’s Computer Security Incident Handling Guide. But organizations don’t always follow all the steps” toward comprehensively recovering and securing a system. Changing all users’ passwords in a big organization is a very tedious job and a time-consuming and very intensive manual process. An intruder who gains root access may have obtained administrator-level access to the system.
Security teams usually conduct a post-incident scan with vulnerability assessment tools to ensure that necessary actions, such as applying required patches, have been taken. But security managers say they are continuously scanning anyway to uncover vulnerabilities or violations of security policy.
Vulnerability scans are used to scan desktops, servers, and networking gear for compliance to corporations’ security policies. Then the resulting information is used to improve security measures. Some corporations check for gaps in several key areas including system security configuration settings, security patches, antivirus status, personal firewall status, and industry-known vulnerabilities. Others have customized their security measures to help assess compliance to their acceptable-use policy. The result is an executive-level snapshot in time of whether end users are following policy. They may also brings in an outside analyst every few years to perform a vulnerability assessment.
The University of Georgia runs vulnerability scans and has vulnerability management applications installed on sensitive and critical servers. The vulnerability management applications check configurations or settings on servers and generate a report card, which covers areas such as operating systems level and patch, open vulnerable ports and user accounts.
Some corporations do vulnerability assessment and scans on a regular basis. Scans at UPS are performed by a managed security services provider and may be scheduled on an on-demand basis as a follow-up to an event.
A vulnerability assessment is largely a technical exercise. Enterprises also convene post-incident meetings with representatives from different areas of an organization, which focus on process as much as technology.
Some security group holds an “aftermath party” with the university’s security advisory council, including the chief information officer and representatives from the legal, public affairs and HR departments, among others. The meeting dissects the security team’s response to the incident, assessing the effectiveness of processes and procedures. The follow-up meeting also serves as a springboard to spread the word about a given incident, with an eye toward avoiding it in the future. Security experts point to education as the most important safeguard against future incidents. Some companies ensure their employees undergo security awareness training when they first join the company and annually thereafter. Managers are held accountable to make sure all who report to them have gone through the training.
Sometimes security training crops up in other guises. Sometimes security messaging and data protection messaging are integrated into all of leadership training ands sometimes a company may schedule a security awareness week each year. Training aims to prevent incidents, but an educated user can also contribute to early detection. Because they’ll know what not to do and when to call if they see something out of the ordinary, many serious incidents are prevented.. Education initiatives must be flexible, enabling security groups to take lessons learned from security incidents and fold them back into the training regimen. They also mus study changes in attack types and methods and update the curriculum.
Some banks conduct quarterly threat assessments to close existing vulnerabilities and anticipate new exploits. They may review their security posture annually with a third party. Their new understanding of the threat environment is incorporated into training programs for technical people and awareness programs for the rest.
Keeping information-technology departments up to speed on security is another dimension of the security group’s education initiative. Application developers, for example, need to incorporate the organizations’ latest security principles as they generate code.
Ongoing training efforts help keep security on the front burner, say security executives, who warn that the absence of major incidents tends to lead to complacency. Companies that are not successfully attacked get lax and you have to reinvigorate them. Understanding the hazards and risks and threats of doing business in a networked environment will help employees and companies become much more secure.
Because cybercriminals are becoming smarter and more sophisticated in their operations, they are real threats to your personal security and privacy. Your money, your computer, your family, and your business are all at risk.
These cybercriminals leave you with three choices:
1. Do nothing and hope their attacks, risks, and threats dont occur on your computer.
2. Do research and get training to protect yourself, your family, and your business.
3. Get professional help to lockdown your system from all their attacks, risks, and threats.
Remember: When you say “No!” to hackers and spyware, everyone wins! When you don’t, we all lose!
Online Security Photo
By geralt from Pixabay