You are previewing Managing Information Security Breaches: Studies from Real Life.
O'Reilly logo
Managing Information Security Breaches: Studies from Real Life

Book Description

Even when organisations take precautions, they may still be at risk of a data breach. Information security incidents do not just affect small businesses; major companies and government departments suffer from them as well.

A strategic framework

Managing Information Security Breaches sets out a strategic framework for handling this kind of emergency. It focuses on the treatment of severe breaches and on how to re-establish safety and security once the breach has occurred. These recommendations support the controls for the treatment of breaches specified under ISO27001:2005.

Top priorities

The actions you take in response to a data breach can have a significant impact on your company's future. Michael Krausz explains what your top priorities should be the moment you realise a breach has occurred. This book is essential reading for security officers, IT managers and company directors.

Read this guide and learn how to …

  • Avoid information security breaches
    The author uses cases he has investigated to illustrate the various causes of a breach, ranging from the chance theft of a laptop at an airport to more systematic forms of data theft by criminal networks. By analysing situations companies have experienced in real life, the case studies can give you a unique insight into the best way for your organisation to avoid a data breach.
  • Plan your response
    If something did go wrong, how would you handle it? Even if you have done everything possible to prevent a data breach, you still need to know what to do, should one occur. This book offers advice on the strategies and tactics to apply in order to identify the source of the leak, keep the damage to a minimum, and recover as swiftly as possible.
  • Preserve the trust of your customers
    If your company ever experiences an information security incident, then the way your customers see you will depend on how you react. This book tells you the key steps you need to take to hold on to the goodwill of your customers if a data breach occurs. The book also offers advice on what to do if you discover defamatory material about your business on YouTube or on forum sites.
  • Improve management processes
    Information security breaches are committed, often by ambitious or embittered employees. This book looks at ways to reduce the risk of staff selling product designs or customer data to your competitors for personal gain.

This book provides a general discussion of, and a source of learning about, what information security breaches are, how they can be treated and what ISO27001 can offer in that regard, spiced with a number of real-life stories of information security incidents and breaches. It is a 'first line of defence' for the reader who is affected by an incident and wants to turn to a source of guidance and direction.

Make sure your team is prepared before an information security incident – buy this book today!

Table of Contents

  1. MANAGING INFORMATION SECURITY BREACHES
  2. Managing Information Security Breaches
    1. FOREWORD
    2. PREFACE
    3. ABOUT THE AUTHOR
    4. ACKNOWLEDGEMENTS
    5. CONTENTS
    6. Introduction
    7. PART 1 – GENERAL
      1. CHAPTER 1: WHY RISK DOES NOT DEPEND ON COMPANY SIZE
        1. Risk effect
        2. Propagation of damage (downstream effects)
        3. Culture
        4. Information security staff
        5. Cash reserves / cash at hand
        6. Ability to improvise / make quick decisions
        7. Preparedness
        8. Contacts with authority
      2. CHAPTER 2: GETTING YOUR RISK PROFILE RIGHT
        1. Intuitive risk analysis
        2. Formal risk analysis
        3. Step 1 – identifying threats
        4. Notes for Table 1
        5. Step 2 – Assigning damage and likelihood
        6. Notes on Table 2
        7. Step 3 – Defining acceptable loss
        8. Step 4 – Defining mitigation priorities (business priorities)
        9. Residual risks
      3. CHAPTER 3: WHAT IS A BREACH?
        1. Information security incident
        2. A single or a series …
        3. … significant probability of compromising …
        4. Confidentiality breach
        5. Availability breach
        6. Integrity breach
        7. Impact
        8. Source
        9. External vs. internal
        10. Unintentional vs. intentional
        11. Manual vs. automatic
        12. Human vs. Nature
        13. General treatment options
      4. CHAPTER 4: GENERAL AVOIDANCE AND MITIGATION STRATEGIES
        1. Introduction – general aspects / avoidance and related ISO27001 controls
        2. People
        3. A.8.1.1 – Roles and responsibilities
        4. A.8.1.2 – Screening
        5. Methods of screening
        6. A.8.1.3 – Terms and conditions of employment
        7. A.8.2.1 – Management responsibilities
        8. A.8.2.2 – Information security awareness, education and training
        9. A.8.2.3 – Disciplinary process
        10. A.8.3.1 – Termination responsibilities
        11. A.8.3.2 – Return of assets
        12. A.8.3.3 – Removal of access rights
        13. Processes
        14. 4.2.1d – Identify risks
        15. 4.2.1e – Analyse and evaluate the risks
        16. 4.2.1f – Identify and evaluate options for the treatment of risks
        17. 4.2.1g – Select control objectives and controls for the treatment of risks
        18. 4.2.1h – Obtain management approval of the proposed residual risks
        19. Technology
        20. ISO27001 Controls helpful for treatment of breaches
        21. A.6.1.6 – Contact with authorities
        22. A.8.2.2 – Information security awareness, education and training
        23. A.8.2.3 – Disciplinary process
        24. A.8.3.2 – Return of assets
        25. A.8.3.3 – Removal of access rights
        26. A.10.4.1 – Controls against malicious code
        27. A.10.10.1 – Audit logging
        28. A.10.10.3 – Protection of log information
        29. A.12.5.4 – Information leakage
        30. A.13.1.1 – Reporting information security events
        31. A.13.1.2 – Reporting security weaknesses
        32. A.13.2.1 – Responsibilities and procedures
        33. A.13.2.2 – Learning from information security incidents
        34. A.13.2.3 – Collection of evidence
        35. Strategies and tactics for treating breaches
        36. Get the 6 Ws immediately
        37. Establish lessons learned
        38. Get PR involved
        39. Be prepared
        40. Tactical advice
        41. Regular meetings
        42. Time, time, time
        43. Rest
        44. People (number)
        45. International contacts
        46. Keep the information flowing
        47. Keep minutes
        48. Additional quality feedback
        49. Dimensions of treatment / mitigation of information security breaches
        50. None
        51. Internal investigation
        52. External investigation
        53. Joint task force
    8. PART 2 – CASE STUDIES
      1. CHAPTER 5: NOTES FROM THE FIELD
        1. Privacy
        2. Cost
        3. The practicalities of surveillance
        4. People
        5. Cost
        6. Speed
        7. Outreach
        8. The truth vs. company policy
      2. CHAPTER 6: MOTIVES AND REASONS
        1. Greed
        2. Despair
        3. Revenge
        4. Business advantage
      3. CHAPTER 7: CASE STUDIES FROM SMALL COMPANIES
        1. Foreword to the case studies
        2. The stolen backup
        3. In-depth explanation
        4. Lessons learned
        5. Eavesdropping on faxes
        6. In-depth explanation
        7. A stolen laptop
        8. In-depth explanation
      4. CHAPTER 8: CASE STUDIES FROM MEDIUM-SIZED COMPANIES
        1. A case of intrigue – the missing contract
        2. In-depth explanation
        3. Lessons learned
        4. The sales manager who changed jobs
        5. In-depth explanation
        6. Lessons learned
        7. The project manager who became a friend; and then an enemy
        8. In-depth explanation
        9. The lost customers – how a sales manager cost a company 10% of revenue
        10. In-depth explanation
        11. Lessons learned
        12. The flood – how not to learn about risk management
        13. In-depth explanation
      5. CHAPTER 9: CASE STUDIES FROM LARGE CORPORATIONS
        1. Who wants my data? – a case of data theft
        2. In-depth explanation
        3. Lessons learned
        4. Who wants my data? – a more complicated case
        5. In-depth explanation
        6. Hard disk for sale – beware of your contractors
        7. In-depth explanation
        8. Unauthorised domain links – it is easy to harm a company’s reputation
        9. In-depth explanation
        10. The trusted guard who was not
        11. In-depth explanation
        12. Insider badmouthing
        13. In-depth explanation
        14. The software vulnerability that was not – a case of blackmail
        15. In-depth explanation
        16. Lessons learned
    9. PART 3 – A SAMPLE TREATMENT PROCESS
      1. CHAPTER 10: A SAMPLE TREATMENT PROCESS
        1. Step 1 Gather information
        2. Step 2 Determine extent and damage
        3. Step 3 Establish and conduct investigation
        4. Step 4 Determine mitigation
        5. Step 5 Implement mitigation
        6. Step 6 Follow up on investigation results
        7. Step 7 Determine degree of resolution achieved
      2. ABBREVIATIONS AND ACRONYMS
      3. ITG RESOURCES
        1. Other Websites
        2. Pocket Guides
        3. Toolkits
        4. Best Practice Reports
        5. Training and Consultancy
        6. Newsletter