Security Management and Incident Handling and Response

The 2008 Data Breach Investigations Report draws from over 500 forensic engagements handled by the Verizon Business Investigative Response team over a four-year period. Tens of thousands of data points weave together the stories and statistics from compromise victims around the world. This report seeks to answer the following questions;

• Who is behind data breaches?
• How do breaches occur?
• What commonalities exist?
• Where should mitigation efforts be focused?

With a mixture of centralized and local IT service providers, higher ed presents unique challenges to effective incident response. The University at Albany has developed a web-based incident management and reporting tool that provides immediate sharing of incident information with local responders and real-time incident response functionality (e.g., switch port control).

Recognizing that an incident response policy is only as good as the procedures that support it, Dartmouth College developed its approach to incident response from the bottom up. This session will highlight the advantages of establishing procedures first and policy second when it comes to incident response planning.

Review of news sources and databases shows an increase in the number of both security incidents and affected institutions in the last year.

"When is higher education going to get serious about safeguarding the private information of students,
faculty, and staff?"

This is the final report for the 2007 NSF Cybersecurity Summit, held February 22 & 23rd, 2007, in Arlington, VA.

The higher education community faces increasingly difficult issues of security in a networked world, compounded by the demands of advanced applications. Performance requirements (high bandwidth, end-to-end transparency, new protocols) are essential for the academic mission and innovation, but are not easily accommodated in current approaches to network security. The Salsa group is forging new frontiers to address these issues.

The focus on information security at Embry-Riddle Aeronautical University, as in many institutions, has evolved gradually over a number of years. Beginning with what can best be described as ad hoc initiatives driven by afterthought oversight, the university's focus on information security is maturing into a formalized, integrated business component and directive.

Presenting two best-practice models for cyber incidents: To prevent cyber incidents, learn how to use an uncomplicated cyber risk assessment to help you focus your institution's limited resources. When an incident occurs, know how to douse the effect of breach events when notification is required.

The CERT CSIRT Development Team has introduced a method to evaluate and improve an organization's capability for managing computer security incidents. This method uses a set of incident management best practices defined in a set of metrics called the Incident Management Capability Metrics. These metrics provide organizations a baseline against which they can benchmark their current incident management processes or services.

The metrics questions explore different aspects of incident management activities. These questions are grouped into four basic functional categories:

• Protect
• Detect
• Respond
• Sustain

The results from an evaluation using the metrics will help an organization determine the maturity of its incident management capability regardless of organization type or sector (commercial, academic, government, etc.).