Categories
Articles

Incident Response and the Law

At the FIRST conference this week I’ve heard depressingly many incident responders saying “our lawyers won’t let us…”. Since incident response, done right, should actually support the law’s objectives, it seems we need to be smarter, and maybe a bit more assertive, about explaining how incident response and law interact. The laws most relevant to […]

Categories
Articles

Incident Response: Humans and Tools

Following a couple of talks earlier in the FIRST conference that described how economic forces drive security downwards, it was good to hear a final keynote from Bruce Schneier that suggested that economics may actually encourage the development of high-quality incident response services. Incident response is commonly divided into three phases: prevent, detect, respond. Prevent […]

Categories
Articles

Security and the Board

Many of the talks at the FIRST conference consider activities within and between incident response teams, but two talks today considered how CSIRTs and boards can work better together. Pete O’Dell suggested that many company boards either delegate or ignore information security, perhaps considering that it is “just another risk”. He suggested that information security […]

Categories
Articles

An anthropologist learns about incident response

If you’ve been watching movies and TV series, it may come as a surprise that most computer security incident response actually involves a lot of command line interfaces and perl scripts, and rather few graphical interfaces. That was the first disappointment that greeted a team of computer scientists from Honeywell and Kansas State University who […]

Categories
Articles

The Human Side of Information Sharing

There are quite a few talks at the FIRST conference this week about getting computers to automatically receive, process and distribute information about security events. However I was particularly interested in a session on the human issues that need to accompany any such information exchange. Organisations, which ultimately means individuals, need to trust one another […]

Categories
Articles

Measuring “network health”

A panel session at the FIRST conference on comparable security metrics made me wonder why this seems to be so hard. My first visit to another CSIRT, fifteen years ago, was to work out how to compare our Janet CSIRT statistics with those from SURFnet. And yet the tricky question still seems to be working […]

Categories
Articles

Dutch national responsible disclosure guidelines

From personal experience many years ago I know the frustration of discovering a security vulnerability in a website, wanting to warn the site owners, but being unable to find a responsive contact to accept the information. However I also know, from even longer ago, what it’s like to be a sysadmin told by a stranger […]