E-business Guide Logo
E-business step by step
Understanding e-business
What are the benefits?
Trusting the Internet
Getting started
Understanding
About planning
How to plan
Researching the opportunities
Key issues to consider
What level of e-business is right for you?
Writing your e-business plan
Planning
About building
Technical issues
Choosing and preparing contents
What do you want users to do?
Marketing and your website
Designing your website
E-commerce - selling on your website
Maintenance considerations
Developing the website
Building
About protecting
Why be secure?
Where do I start?
What can I do?
Key issues
Top ten e-security tips
Protecting
About managing
Who does the managing?
Maintaining e-business systems
Internal policies and guidelines
Promoting your website
Budgeting for maintenance
Controlling the risks
Legal issues
Spam and ethical e-marketing
Managing
About Improving
Evaluating your e-business
Doing business with government online
Procurement over the Internet
Managing the supply-chain and logistics
Putting your catalogue online
E-marketplaces
Exporting
Improving
e-businessguide - An Australian guide to doing business online e-businessguide Image
Incident response Protecting - Key issues - Incident response
You are here:  Home  /   Protecting   /   Key issues   /   Incident response

Incident response is a process by which you can identify, evaluate and address negative computer-related security events. It is the process you go through when:

  • your website is hacked and unauthorised data changes made
  • employee data falls into the wrong hands
  • a virus spreads through your computer system.

Some companies may create internal response teams and others may co-develop a plan with their website host, or Internet Service Provider or Application Service Provider.   Response procedures should be documented, published, communicated to all employees and enforced within the company. They should include comprehensive definitions of roles and responsibilities and a prioritised response based on the risk of the incident and the automated and manual responses required. 

What to do

Recommendations from System Administrator Network Security (SANS) include:

  • don't panic - document what happened: who, what, when, where and how
  • notify the right people within the organisation and get help
  • enforce a "need-to-know" briefing; limit full briefing to a small group
  • contain the problem; keep it from getting worse
  • assess what damage has been done
  • make a back-up of the affected system(s) as soon as it is practical (use new disks and not recycled disks as experts will be able to re-create your computer system from these back-ups)
  • deal with the cause and learn from the incident
  • get back to business (after checking your back-ups to ensure they are not compromised, restore your system from the back-ups and monitor the system closely to determine whether to reinstate it).

If you suspect there has been criminal activity regarding your information systems that has resulted in financial loss, you will need to involve the police or appropriate law enforcement service.

In this case it is important that the incident has been recorded and that all evidence, including reports and logs, be preserved in a forensically sound way.

Sometimes, the only way to find out what would happen if your systems were hacked or compromised is to conduct "ethical hacking" exercises. This can be conducted by approved and accredited third-party organisations that specialise in information security testing and policy development. The result would inform you of your system weaknesses and vulnerabilities and give you the knowledge to create an action plan to rectify them.

< BACK Printer friendly Printer-friendly version Text-only Text-only site
Home Contact us Privacy Disclaimer Copyright Site Map
Resources

using this site
who can help
e-business training
e-business references
case studies
quick tools
glossary
Search
 
Advanced
DBCDE Logo
Last updated 16 May 2009