Friday, April 2, 2010

Incident Response Article

The article “Public Communications Are Critical to Computer Security Incident Response – Law, Forensics and Public Relations” as posted by Benjamin Wright on February 9, 2010, emphasizes the importance of sharing information with outside parties. I chose this article because it directly complies with section 2.3.4 of NIST’s Computer Security Incident Handling Guide (NIST SP800-61). I thought it was relevant because it presents how historically security and incident response programs have spoken little about attacks or breaches of security. They have quietly focused on defense, investigation and remediation. However, because laws and politics changed the game, data holders are now required to notify constituents and sometimes government authorities when private data has been compromised. Today when security incident happens, public communications can be critical to an effective response.
There are guidelines on communicating with several types of outside parties regarding the handling of actual incidents, including the media, law enforcement, and incident reporting organizations. Figure 1 shows several outside parties with which the organization may need to communicate.


Fig. 1