Chapter 1. Welcome to the Information Age

When it comes to controlling our information, too many systems have been implemented but given little or no regard to security until a compromise has occurred. Any computer system can be compromised, given enough time and resources. The key to preventing such a security breach is to ensure that enough safeguards are present to persuade a would-be intruder to move on to another target. However, when an intruder, worm, virus, or automated attack persists in targeting a computer system, having specific controls in place and a plan of action for responding to the attack or computer incident can greatly reduce the resultant costs to an organization. The implementation of a computer incident response team (CIRT), whether it is formed with internal or external resources, is one safeguard that can produce a large return on investment during a crisis situation.

This book is meant to serve as a guide to anyone contemplating or charged with forming a CIRT. The creation of such a team is not a trivial matter, and many issues must be addressed up front to ensure a smooth implementation. This book identifies most of these issues so as to help with the creation process. Once the team is formed and operational, this guide should continue to serve as a valuable resource while the team evolves to meet the demands of the constituency it serves and to respond to the ever-changing types of vulnerabilities.

With the evolution of computer systems into both local and wide area networks, the scope of computer security has increased dramatically over the past two decades. The ability to adequately safeguard information while ensuring resource availability has increasingly become a challenging task for management, system administrators, and information security personnel alike. Today, more than ever, people are discovering their vulnerability to the perils of the Information Age. As such, the topic of computer security is becoming more of a priority in many organizations. Computer security isn't a new field—it has existed since the development of the first computer. What is new is the broader view that must be taken to ensure the security of a system and the information it contains. Personnel addressing areas such as incident response must be prepared for attacks targeting any platform, exploiting any vulnerability, at any time. This uncertainty makes the world of incident response very challenging and often exciting.

This book addresses several topics that should be considered when forming an incident response team. It was written for the executive contemplating the formation of a team and for the manager charged with carrying out the directive to provide an incident response capability. Those hired to detect and respond to the incidents as they occur should find many of the topics presented equally useful, as well as those considering the world of incident response for a career. Although many technical factors are touched upon in various sections, this book was not intended to be an in-depth technical guide. Several resources are already available for that purpose. Instead, this book focuses on the decision-making aspects of creating the team, from the initial tasking through achieving an operational state.