Information Securityby Andy Taylor
What happens if something goes wrong?
We tend to judge success by the number of incidents, with zero incidents meaning ultimate success. However, in reality there will always be incidents and these need to be handled appropriately. Therefore success should be measured according to how well those issues are handled and the degree of disruption they cause.
One of the most important measures you can take is to ensure that you learn from the mistakes or errors so they don’t happen again. For organisations where financial considerations are paramount (any commercial organisation, for example), the financial impacts of incidents could be measured. It is a very powerful argument to arrive at a board meeting with statistics that show £X millions had to be spent on recovering from security incidents in the last twelve months. This would provide a very strong basis on which to build the case for security measures being taken.
What is forensic preparedness all about?
One other area to be considered in information security is managing the consequences of incidents. In particular, if there is a criminal act involved with the incident, then how the incident is managed could well seriously affect the success or otherwise of the subsequent prosecution.
A forensic readiness plan should be in place to address this. This is an area, though, where detailed specialist knowledge will be required and should not be undertaken by the well-meaning amateur.
The biggest issue is around the whole IT technology. Turning systems on and off, for example, can cause significant changes to the information stored, the way it is stored and what is accepted as evidence in a court case. It is therefore absolutely vital that there is a good understanding of what to do in the event of an incident. It is also vital that the team designated to deal with incidents is fully aware of the requirements for evidence and how to manage the consequences of an incident; they must also know who are the key people to contact in the case of this type of incident. It is highly likely that they will need some specific and detailed training.