Incident Response Training

ITRC Report and Analysis Data Security Breaches in 2010

A study done by the Identify Theft Resource Center found that there were 662 data security breaches reported in the United States in 2010.

Of the 622 total breaches reported in 2010, traditional businesses accounted for the largest percentage of data breaches (42.1%) followed by medical and health care facilities (24.2%), state and federal agencies and the military (15.7%); educational institutions (9.8%) and financial institutions (8.2%)

Example of How to monitor for rogue employees or an “insider threat” is the US Govt. agencies memo for protection in a post-WikiLeaks environment

Businesses can take the advice of the highest level of US government agencies on how to be on the lookout for “insider threats” that can expose confidential information. The memo highlights many elements of advice and counsel that are applicable to protecting information in the traditional business world. They include the following “best practices” recommendations to assess the current state of your information systems security:

  • Assess what your agency (business) has done or plans to do to address any perceived vulnerabilities, weaknesses, or gaps on automated systems.

  • Assess weakness or gaps … and formulate plans to resolve the issues or acquire resources to address those weaknesses or gaps.

  • Assess all security, counterintelligence, and information assurance policy and regulatory documents.

More succinctly, the memo also outlines broad categories for your information security attention. Those categories are:

  • Management & Oversight

  • Counterintelligence

  • Safeguarding

  • Deter, Detect, and Defend Against Employee Unauthorized Disclosures

  • Information Assurance Measures

  • Education & Training

  • Personnel Security

  • Physical/Technical

Computer Security Incident Handling Guide” Recommendations of the National Institute of Standards and Technology (NIST)

Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. New types of security-related incidents emerge frequently. Preventative activities based on the results of risk assessments can lower the number of incidents, but not all incidents can be prevented. An incident response capability is therefore necessary for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring computing services. To that end, this publication provides guidelines for incident handling, particularly for analyzing incident-related data and determining the appropriate response to each incident.

This publication seeks to help both established and newly formed incident response teams. This document assists organizations in establishing computer security incident response capabilities and handling incidents efficiently and effectively.