An Analysis of Security Breaches and Incident Handling - Assignment Example

An Analysis of Security Breaches and Incident Handling Table of Contents 1- ABSTRACT Privacy and security incident and problems are about the efforts or successful illegal admittance, utilization, disclosure, change or damage of data, interfering of information through system processes in a computer system. Security breaches and incidents as well outlines the loss of data through device misplacement, theft, misplacement or loss of documents as well as misrouting or misdirecting an mail, all of them have the likelihood to place the data at risk of unlawful access, illicit utilization, disclosure, change otherwise devastation. Some of these happenings have the probability intended for putting at risk the privacy, reliability or else ease of access to the information system, business or else personal data being stored, processed or broadcasted. A privacy or security incident is an infringement, or an impending danger of a violation of an open or indirect security strategy, satisfactory utilization of policies, or standard privacy as well as security practices. As certain adverse happenings, (like that, fires, floods, excessive heat and electrical outages) are able to create system collapses, and they are not recognized as computer-security incidents. A safety or security incident turns out to be a breach while the incident engages the suspected or else actual hammering of personal or business data and information. A security incident is a visible occurrence in a corporate network or in a personal system, for example, noticed surveys, infections proscription (Scarfone et al., 2008; Armoni, 2002; Grimaila, 2004). Incident response relies on particular business, corporate functions, public information, information technology, data types, law enforcement, etc. The security incident reaction procedure can initiate an explicit report of a safety contravene, however it is more plausible to initiate as the consequence of a regular analysis into a number of anomalous system or else network performance. For instance a server printing service can stop working or else server can response rather slowly. For the reason that of the possibility illegal release or change of data, and service disruption, it is significant to evaluate the likelihood that odd behavior can be the outcome of a number of security problems previous to taking effective steps to correct a “typical” problem (Scarfone et al., 2008; Armoni, 2002; Grimaila, 2004). This research paper presents a comprehensive analysis of some of the main aspects of incident handling in case of some security breaches. This paper will assess and analyze some of the main aspects of incident handling methods along with the ways to manage and corroborate the business continuity. In this scenario this research will assess some of the main security breaches and the appropriate incident handling mechanisms against these security violations. 2- INTRODUCTION Information security and incident response have turned out to be a significant part of the programs associated with the information technology. Security-related intimidations have turned out to be not just more frequent and dissimilar however as well more harmful and troublesome. Additionally, the modern and fresh kinds of security allied events appear normally. Defensive tasks planned on the outcomes of risk evaluations are able to minimize the amount of happenings however not the entire incidents can be stopped. An incident response potential is consequently essential for quickly identifying incidents, reducing loss and devastation, managing the flaws that were subjugated, and re-establishing diverse services pertaining to computing. In this scenario performing security incident response efficiently is a difficult responsibility; setting up a flourishing incident response potential necessitates considerable planning as well as resources. Frequently observing threats in the course of intrusion detection and prevention systems (IDPSs) and additional methods is necessary. Setting-up obvious measures intended for evaluating the present and future business influence of incidents is significant, similar to putting into practice efficient techniques of gathering, examining plus reporting data. Structuring associations and setting-up appropriate ways of communication by other inner groups (for example lawful, human resources) as well as by means of outside groups (for example law implementation as well as other security incident response staff) are as well very important (Scarfone et al., 2008; Dhillon & Backhose, 2001; Edward H. Freeman, 2004; Turban et al., 2005). 3- SECURITY BREACHES 3.1- What are Security Breaches Information systems and data Security breaches are about the pilfering or loss of devices (for example system external drives, laptops) as well as storage media (like that storage disks or Storage USB devices) that are used to store business or else personal data, yet in the lack of some proof that the data have been taken or accessed. Contravenes are as well described to comprise undelivered or wrongly directed emails, faxes and parcels, or additional faults concerning accountable parties who have no attention in getting access or mishandling the information or data. Additionally, the actions and notices are for all time a second most excellent tool for the reason that they simply act in response to security breaches, not stop them. Furthermore, they transfer the burden from the liable groups to the blameless data focus. The obsession by means of notices is yet more difficult when they are necessary while there is no risk to persons or unknown individuals are able to protect next to that risk Information security is significant. Security breaches can or cannot be, relying on what is incorporated inside the term “security breach.” The majority information and data breach laws describes “security breach” to comprise illegal access to distinct types of personal data as well as information (in the US, frequently information employed to produce or access business, economic plus monetary accounts). Moreover, some researches described a breach as “business or personal data and information are revealed to illegal access, utilization, exposure or alteration” (Cate, 2008). A computer system breach is one of the majority hard conditions intended for Information Technology personnel to effectively manage. In the absence of a response arrangement, the IT businesses are able to become besieged inner allegations as well as baseless novel requirements. The information technology staff that does have an incident response arrangement is able to respond rapidly as well as productively, reducing reports plus negative intransigent activities. As the system breach engages the revealing of business or personal details like that account numbers, social security numbers, business contracts and credit card information, the well-organized business will as well be able to manage the people’s reaction by means of an apparent consideration of Breach Notification Laws (Buffington, 2009; Shelly et al., 2005). 3.2- Overview In the past, businesses were extremely unwilling to expose the reality that they had practiced a security breach. In case of this exposure, they were going to disclose that business is having a number of flaws that eventually would effect in lost client loyalty. However through the new technology based computerized storage of business as well as personally exclusive details plus information, customers recognized that similar breaches could have an individually damaging influence. In case of new technology evolution the number plus intensity of security breaches in all the areas of life and business have augmented. As of personal life to enormous business structures all the areas have experienced security breaches. The intensity of these breaches varies with the person along with type of business data. In case of huge business security breaches the business can create huge business troubles and this influences huge number of people. On the other hand the security breaches to some personal information account can have limited however extensive impacts (Buffington, 2009). 3.3- World Wide Impact of Security Breaches This section outlines some real examples of security breaches all through the world those have influenced the large and renowned business organizations those thought to have well protected business management structure. In this scenario British companies have been stroked through a flow of business and personal information security breaches over the last two years those have harmed the overall business and corporate structure expensively plus outlaying the nation numerous billions of pounds a year. In this regard the newest edition of the ISBS (Information Security Breaches Survey) from PwC (Price Waterhouse Coopers LLP) discloses that privacy and security breaches, comprising both business insiders and external hackers, augmented to extraordinary levels as the final information (Condon, 2010).. Price Waterhouse Coopers make the ISBS after every two years and it is extensively recognized as an important picture of the state of United Kingdom data and information safety. In current years, every report of Price Waterhouse Coopers’ ISBS has revealed a steady development as corporations starting to put into practice high-quality fundamental security management. However the newest report demonstrates a total turnaround caused through augmented cyber-crime movement as well as an increase in deception all-through the collapse. Personal as well as business information security does not occur in a vacuity. It involves huge business and personnel involvement and coordination (Condon, 2010). 3.4- Present Situation Information Security Breaches Survey of year 2010 demonstrates that technology has sustained to develop speedily in the course of superior utilization of virtualization, cloud computing and social networks. Businesses in both the private and public areas have completed additional effort to identify the dangers they face, with 82 percent of big ones and 75 percent of smaller ones evaluating information security threats currently, contrasted to 48 percent who performed consequently in the year 2008. Almost half the businesses census told that they had augmented their spending on business communication as well as information security in the last year as well as approximately the similar number believed that they anticipated using more on it the following year. Smaller businesses had experienced on average 11 security and privacy breaches all through the preceding year (those are higher as compared in 2008, where businesses had experienced on average 6 security plus privacy breaches), as large businesses had experienced 45 security breaches (those were 15 in the year 2008). The expenditure of administration, management as well as damage made by a security breach has as well augmented, by means of smaller corporation stating that their most horrible security breach incident on average had priced them £55,000, evaluated to £20,000 in the year 2008. In case huge plus big business organizations, average most horrible security breaches event cost was £690,000 that is extremely higher as compared to £170,000 in the year 2008 (Condon, 2010). 3.5- Types of Security Breaches This section outlines some prime types of security breaches and their overall percentage of events during the preceding years. These numbers about the corporation shows that the types and severity of security breaches is augmenting day by day and offering huge business issues and corporate management problems. Here are some of main percentages of security and privacy breaches at the business and corporate arrangements (Condon, 2010): 61 percent have noticed a major effort to crack into their business plus corporate networks (31 percent). 62 percent were infected through a virus or else malicious application in the previous year (21 percent in the year 2008). 25 percent have experienced a DoS (denial-of-service) attack (11 percent). 15 percent have identified real infiltration through an illegal intruder into their business and corporate networks in the previous year (13 percent). 45 percent of privacy breaches were extremely or immensely severe. 46 percent said staff had misplaced or disclosed secret and important business and operational data. The Information Security Breaches Survey of year 2010 was carried out through online replies as of 539 businesses gathered all through the month of February. Earlier reports expected support as of the Department of Trade and Industry (afterward recognized as the BERR (Business, Enterprise, and Regulatory Reform)) and were founded on over 1,000 telephone survey as well as interviews by means of a carefully chosen cross-section of businesses (Condon, 2010). 3.6- Corporate Influenced This section presents some names of the business corporations all through the world those have experienced extensive business security and privacy breaches those lead to a huge as well as extensive business damage. The main aim of this section is to outline the severity and possible detrimental effect of security breaches all through the world. Throughout the preceding 2-years, numerous well-known organizations plus companies smacked the news coverage regarding business in addition to corporate security breaches. A number of them comprise Marshalls, TJX Cos., Club Inc., BJ’s Wholesale, bookstores, Barnes & Noble Inc. Boston Market Corp., Sports Authority, Dave & Buster’s restaurants, OfficeMax Inc., Hannaford Bros Co., DSW Inc. Shoe Stores, Heartland Payment Systems Inc., and a lot of other corporations. In year-2001, numerous of the payment card businesses organized privacy and security conformity plans or programs that merchants as well as service supplier were necessary to conform (Moldes, 2009). 4- INCIDENT HANDLING 4.1- What is incident handling? In case of security and privacy breaches an incident response procedure can be initiated by means of an open description of a security contravene, however it is more probable to commence as the outcome of a regular analysis into a number of inconsistent system or network activities. For instance, a server can be working less effectively, or the business main printing service can stop functioning. For the reason that of the probable for illegal release or alteration of information plus data, as well as service stoppage, it is significant to evaluate the likelihood that odd behavior can be the outcome of a number of security difficulties prior to taking effective steps to acceptable a “standard” issue or trouble (UCOP, 2008). As it is determined that an incident handling in case of some security breach can be security associated, then the kind of the recovery attempt have to be customized as well as suitable personnel need to be concerned to confirm that proper data and information is gathered plus recognized to verify the type as well as extent of the security breach plus if suitable, to ease an analysis through law enforcement. Relying on the type and extent of a security breach, it can be essential to formulate people confessions; this will necessitate the participation of campus administrators, management plus others as company executives as well as IT professionals determine the technology and development matters (UCOP, 2008). 4.2- Purpose In case of establishment of Enterprise Security Incident Handling measures at the corporate level are aimed to up-hold implementation by the Business Information Technology Security and privacy Incident Response Policy. The purpose of these corporate measures is to offer organization with a realistic framework intended for management of security occurrences and attacks. These measures articulate essential steps as well as procedures taken to successfully react to security events and attack interruptions comprising information technology (IT) Resources as well as assets to make sure the competent plus consistent techniques in reporting and managing similar events (MASS, 2010). The Corporate Security Office is necessary to organize the CSIRT or Cybercrime Security Incident Response Team as well as raise suitable actions on the fundamentals of the security incident category as well as austerity while events like that malicious as well as illegal events that can engage premeditated incorrect doing otherwise the release/exposure of elevated sensitivity of information as well as data occurrence. Continuing validation, testing plus updates of the corporate as well as agency measures comprising changes foundational upon the instructions learned as of earlier events are necessary to make sure persistent efficiency as well as correctness at the business plus organization levels (MASS, 2010). 4.3- Procedures In case of any security breaches, the incident handlers are normally employed. Security Breach can be happened through an inside discontented staff private or else outside hacker interference. The incident handler has to recognize the kind or technique of security interference, prevent more access, as well as manage and alleviate the harm made to the business data or else server through the setting up of root kit software program well as additional malware applications. One more category of breach that might not instantly come into view to be beneath the extent of a security breach incident handler is the physical robbery of a business arrangement plus system. There have been numerous sophisticated laptop robberies, one of the majority harmful being the pilfering of a laptop as of a worker of the US Department of Veterans Affairs. It was assessed that the laptop held the personal details of approximately over 26 million armed forces experts or veterans. Support by breach announcement is rapidly turning out to be another significant step in security incident management. Generally, breach announcement is the procedure of communicating the reality that a computer system that enclosed personal as well as business information was conciliated. The objective is to aware those staff members whose secrete information was lying on the computer system so that they could acquire particular measures to defend themselves as of an security attack, economic deceit, identity pilfering or other personal grievance (Buffington, 2009). 4.3- Business Continuity Planning (Incident Handling Steps) This section offers specification along with steps those can be used for the continued business working and management of organizational operations. In case of happening of any security breach at the business or corporate level leads to the establishment of incident handling procedures. In this regard this section presents a detailed analysis of some of the key aspects of handling and management of the overall incidents at the corporate level. The procedure can be broken down into 5 simple steps for corporate incident handling (Santarcangelo, 2009): I. Get ready (intended for incidents) II. Recognize III. Incident handling IV. Recover (from incident) V. Lessons learned 4.3.1- Get Ready – Proactive Preparation is the majority vital aspect of incident handling and management process. In this situation we document the strategy to manage as well as treat incidents. Groundwork makes sure we will be better prepared to control most circumstances as they arise. Initially begin through recognizing what our business has that it thinks vital resources. This could be consumer data, services or physical assets that are presented. Then we entail recognizing what kinds of intimidation our business experiences. Place it straightforward at this point, no need of going into particulars, physical intimidations, IS intimidations, outsider and insider intimidations, etc. Then articulate our course of action, strategy as well as checklists on how to recognize, determine, and recuperate from them (Santarcangelo, 2009). 4.3.2- Recognizing In this stage of the incident handling and management process, it is the majority complex areas regarding the overall procedure. The capability to collect “events” is vital in its absence, the event could be overlooked. A business has to recognize the basis of the proceedings and what their significances are so as to authenticate and event as well as shift into the event management procedure. The most excellent part of recommendation anybody could obtain at this time is “keep record, and log the whole thing (Santarcangelo, 2009). 4.3.3- Incident Handling This is the main step of overall process of incident handling. This is the step where we prevent the overall attack on our business or else on network. Once the event has been recognized, we collect our strike staff, go inside, plus eliminate the nasty attacking elements. Here is where training works: if the documentation is sequentially, comprising the measures on how to manage diverse kinds of incidents, then managing by them in a rapid as well as well-organized means will be a crack (Santarcangelo, 2009). 4.3.4- Recovery In this stage of the overall process of incident handling and management, we basically” place things back to standard states. Confirm that back to standard does not comprise the danger that was mistreated in the initial place to produce this incident. In a cyber incident handling and management this usually means reconstruct as of scratch. Here we need to be cautious if we make a decision to re-establish as of backup, if it is able not to or have not recognized exactly as the incident or else breach took place, we could reinstate back to the bad condition as well as have to initiate the entire over. It is most excellent to restore our configurations from our configuration administration arrangement (Santarcangelo, 2009). 4.3.5- Lessons Learned This is last stage of the overall process of incident handling and management where we take what we have discovered from this as well as return to the groundwork stage plus formulate changes as essential. These alterations could as well indicate transforms to the physical atmosphere, production systems as well as yet the guidance we provide to our workers. Occasionally these transforms could seem stupid; however we yet require paying attention to the warnings as well as bring the transform (Santarcangelo, 2009). 5- COMMON ATTACK VECTORS In case possible security breaches to a corporate network we have some common attack vapors. In the previous few years, network security attackers have employed more than a few attack vectors so as to compromise systems. Below I will describe some security areas those can be compromised in case of possible security attack on the corporate network and communication system (Moldes, 2009): Lack of security education and teachings inside the corporate Less effective business as well as organizational operational management Weak security arrangements Less frequent security updates Partners connections (Point-to-point links plus VPNs) Remote Access Accounts (Employees, IT Admins, and vendors) Wireless networks (absence of powerful encryption techniques along with algorithms) Insider admittance (Workers plus contractors) Operating Systems (absence of solidifying plus/otherwise patching) Web Applications (SQL Insertion as well as other OWASP top 10 weaknesses) 6- MINIMIZING THE NUMBER AND SEVERITY OF SECURITY INCIDENTS This section will suggest some prime processes and procedures that can be adopted for the sake of effective handling and management of the potential incidents those occur due to some security in addition to privacy attacks. In the majority areas of life, avoidance is better as compared to treatment, as well as security is no exclusion. Where probable, we will desire to stop security incidents as of occurring in the initial stage. Though, it is not possible to stop the entire security incidents. While a security incident occurs, we will need making sure that its influence is reduced. To reduce the number as well as influence of security events you should require to follow the given below main method for the process of incident handling as well as management in case of any security breach (Microsoft, 2010; Curphey & Araujo, 2006; Ghosh & Swaminatha, 2001): Obviously set up and put into practice the entire plan and procedures. A lot of security incidents are produced by chance through IT personnel who have not pursued or else not recognized change management events or encompass indecently set up plus configured the security systems, like that authentication systems as well as firewalls. Our strategies as well as actions should be methodically experienced to make sure that they are realistic as well as obvious and offer the suitable security level. Achieve executive support intended for security strategies as well as incident management. Regularly evaluate vulnerabilities or flaws in our surroundings. Evaluations should be done through safety professionals by means of the suitable consent to carry out these activities. Regularly confirm the accurate working of computer systems and network devices to make sure that they have all the newest patches installed on the systems. Setting-up security training plans intended for together IT staff plus customers. The main vulnerability in some systems is the inexperienced client. For example I-LOVE-YOU worm successfully broken that weakness between IT staff as well as clients. Post safety signs that evoke users of their jobs plus limits, along by a caution of potential trial for contravene. These safety/safety signs as well as banners make it simpler to gather proof as well as indict attackers. We should acquire lawful counsel to make sure that the words of our safety/safety banners are suitable. Implement, expand and exercise a policy necessitating tough passwords. We are able to discover more regarding passwords in "Imposing Strong Password Practice all through our business" in the safety supervision Stuff. Regularly check and examine network traffic and system performance. Regularly ensure the entire records plus logging methods comprising application definite logs, operating system incident logs plus intrusion detection system (IDS) logs. Confirm our support or back-up and refurbish events. We should be alert of where backups are upheld, who are able to have admittance to them, as well as our events intended for data restitution plus system revival. Ascertain that we frequently confirm backups plus media through selectively reinstating data. Produce a CSIRT (or Computer Security Incident Response Team) to tackle through security events. 7- SIGNIFICANCE OF LOGGING This section will outline some aspects and areas in case of significance of proper logs development for detaining or capturing in addition to ducting possible security violations. Systems and diverse network devices logs are necessary to incident researchers. Below I will outline some possible types of network services and security logs those specified by the Cyber Emergency Response Team (CERT) and those need to be regularly assessed and recorded for optional performance (CERT , 2010): Packet detain Host as well as Application logs DNS logs Firewall logs Proxy logs IDS logs Flow data from routers and switches All-through an incident management and investigation, business information system manager and network administrators have to be capable of recognizing which inside hosts contain communicated with which IP addresses and also what kind of network traffic was produced. DNS proxy action, inquiries and extraordinary network action, like that port scanning, are as well significant data that can be quite necessary and useful in an incident analysis. In case of any security breach system auditing characteristic, log maintenance periods, as well as time synchronization is supposed to be suitably organized. Log reliability is necessary in an incident examination; consequently, logs should be incessantly stored on an isolated system, regularly backed-up, as well as hashed in cryptographic manner to permit discovery of log modifications (CERT , 2010). 8- CERT INCIDENT HANDLING This section discuses some aspects and scenarios specified by the CERT that is also known as the Industrial Control Systems Cyber Emergency Response Team or ICS-CERT. Cyber Emergency Response Team offers direction to critical communications asset holders on how to organize our network to manage and examine a cyber occurrence. The main aim of such preparations are to carry out suggested applications intended for building as well as managing incident response potentials vital to gather data as well as carry out consequential measures to re-build and reinstate our business in addition to corporate information systems to standard functions after some possible security breach attack. Not the entire cyber incidents are able to be prohibited; consequently, the capability to recognize the source as well as examine the degree of the concession is essential for quickly identifying incidents, reducing loss, managing the flaws that were subjugated, as well as reinstating computing services back to their original working position (CERT , 2010): 8.1- Operational Preparation CERT or Cyber Emergency Response Team has specified some of the enhanced and effective practical awareness measures should be retained to make sure accessibility of sufficient data to recover as of an incident. Especially, general incident awareness checklist has to be developed as well as assessed frequently. Appreciation points as well as contact records should as well be preserved, printed, as well as stored to contain ISPs, CERTs, software/ hardware/ service providers, inside staff leads, etc. The documentation of system should be available to the working staff to assist analysis of the incident as well as recognize precedence intended for revival. At a least, documentation have to be comprised (CERT , 2010): Operating System versions, names and patch levels and diverse Software, etc. Entrance and outlet points among networks IP ranges and hostnames User and computer tasks DNS information CERT or Cyber Emergency Response Team specifies an incident response arrangement is based on the information collecting “checklist” that have to be as well be developed to confirm the kind of information that might support external CERTs or else partners are congregated as early as feasible. CERT’s specified checklist should comprise information like that (CERT , 2010): Affected or Compromised IPs Way of detection Nature of incident Kind of support required Possible operational influence Points of contact 9- SANS INCIDENT HANDLING This section outlines some of the main aspects along with areas regarding incident handling and specifications offered by the SANS (System Administration, Networking, and Security Institute). In this scenario if our business is working with an Internet connection or one or two employees become displeased, then our business computer systems will be smacked. In this case we need to competently identify attackers' tactics as well as strategies of hackers comprehensively. This will offer us facility to experience the discovery of vulnerabilities plus finding out intrusions, and preparing ourselves by means of a wide-ranging incident handling plan. SANS specified incident management arrangement offers full information that facilitates us to proficiently tackle plus manage computer attackers. Here we able to know the newest cutting-edge dangerous attack vectors as well as the "oldie-but-goodie" assaults that are yet so common, as well as everything in between. This is a step-by-step procedure intended for responding to computer incidents; a comprehensive explanation of how attackers deteriorate systems so we are able to be prepared, observe, as well as react to them; and concretely discovering holes previous to the bad guys perform (Cusin, 2011), (Kibirkstic, 2009) & (Lundell, 2009). 10- NIST INCIDENT HANDLING This section presents the specifications by the NIST (National Institute of Standards and Technology) for better handling and managing any possible incident in case of society breaches at the business platforms and networks. Here NIST has outlined that we systematize a computer security incident reaction potential. Then we also need to set-up incident response policies as well as measures. NIST stated that forming an incident response staff, comprising subcontracting concerns. Here it is also outlined that we need to distinguish which added staff can be summoned to contribute in incident response. Below I have outlined some vital and possible specifications given by the NIST for an effective handling and management of any incident response capability: Developing an incident response strategy and approach Building measures intended for carrying out incident handling as well as exposure, formed on the incident response strategy Establishing strategy intended for communicating with external parties about incidents Choosing a group structure as well as personnel paradigm Implementing associations among the incident response staff as well as other groups, together outside (e.g., law imposing organizations) and inside (e.g., legal sector) Assessing what type of services the incident response group should offer Guiding as well as recruiting the incident response staff 11- CONCLUSION This report has presented deep and comprehensive analysis of some of the main aspects of security breaches and incident handling. In this scenario I have outlined some of the main aspects regarding prime ways along with types of security breaches those can happen at some business framework. Then I have outlined some of the main procedures and aspects those can be used for an enhanced handling and management of the possible mitigation of such security breaches. These procedures are known as the incident handling procedures. I have presented a complete set of steps for the continued business working that is called business continuity planning. I have also presented some of the main areas for better handling of any incident. These procedural areas are presented by world’s best known security management organizations like NIST, SANS plus CERT. I hope this research will offer a better insight regarding analysis of the possible business security breaches and incident handling frameworks. References Armoni, A., 2002. Data Security Management in Distributed Computer Systems. Informing Science, 5(1), pp.19-27. Buffington, J., 2009. Breach Notification in Incident Handling Copyright SANS---SANS Institute. [Online] Available at: http://www.sans.org/reading_room/whitepapers/incident/breach-notification-incident-handling_2114 [Accessed 04 January 2011]. Cate, F.H., 2008. INFORMATION SECURITY BREACHES Looking Back & Thinking Ahead. [Online] Available at: http://www.hunton.com/files/tbl_s47Details/FileUpload265/2308/Information_Security_Breaches_Cate.pdf [Accessed 02 January 2011]. CERT , 2010. Incident Handling Preparing for Incident Analysis. [Online] Available at: http://www.us-cert.gov/control_systems/pdf/Incident%20Handling%20Brochure-1.pdf [Accessed 02 January 2011]. Condon, R., 2010. Information Security Breaches Survey: Attacks hit new high. [Online] Available at: http://searchsecurity.techtarget.co.uk/news/article/0,289142,sid180_gci1511048,00.html [Accessed 04 January 2011]. Curphey, M. & Araujo, R., 2006. Web Application Security Assessment Tools. IEEE Security and Privacy, 4(4), pp.32-41. Cusin, M., 2011. Security 504: Hacker Techniques, Exploits & Incident Handling. [Online] Available at: http://www.sans.org/mentor/details.php?nid=22928 [Accessed 03 January 2011]. Dhillon, G. & Backhose, J., 2001. Current directions in IS security research: towards socio-organizational perspectives. Information Systems Journal, 11(2), pp.127-53. Edward H. Freeman, J., 2004. Digital Signatures and Electronic Contracts. Information Systems Security, 13(2), pp.8-12. Ghosh, A.K. & Swaminatha, T.M., 2001. Software Security and Privacy Risks in Mobile e-commerce. Communications of the ACM , 44(2) , pp.51-57. Grimaila, M.R., 2004. Maximizing Business Information Security's Educational Value. IEEE Security and Privacy, 2(1), pp.56-60. Kibirkstic, A., 2009. Security Incident Handling in High Availability Environments. [Online] Available at: http://www.sans.org/reading_room/whitepapers/incident/security-incident-handling-high-availability-environments_33188 [Accessed 04 January 2011]. Lundell, M., 2009. Incident Handling as a Service GIAC (GCIH). [Online] Available at: http://www.sans.org/reading_room/whitepapers/incident/incident-handling-service_33289 [Accessed 04 January 2011]. MASS, 2010. Enterprise Security Incident Handling Procedures. [Online] Available at: http://www.mass.gov/?pageID=afterminal&L=6&L0=Home&L1=Research+%26+Technology&L2=IT+Policies%2C+Standards+%26+Guidance&L3=Enterprise+Policies+%26+Standards&L4=Security+Policies+%26+Standards&L5=Enterprise+IT+Security+Incident+Response+Policy+%26+Procedure [Accessed 05 January 2011]. Microsoft, 2010. Responding to IT Security Incidents. [Online] Available at: http://technet.microsoft.com/en-us/library/cc700825.aspx [Accessed 04 January 2011]. Moldes, C.J., 2009. PCI DSS and Incident Handling: What is required before, during and after an incident--SANS Institute InfoSec Reading Room. [Online] Available at: http://www.sans.org/reading_room/whitepapers/compliance/pci-dss-incident-handling-required-before-incident_33119 [Accessed 04 January 2011]. Santarcangelo, M., 2009. Incident Handling – the dead horse that won’t die. [Online] Available at: http://www.securitycatalyst.com/incident-handling-%E2%80%93-the-dead-horse-that-wont-die/ [Accessed 04 January 2011]. Scarfone, K., Grance, T. & Masone, K., 2008. Computer Security Incident Handling Guide Special Publication 800-61 Revision 1. [Online] Available at: http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdf [Accessed 31 December 2010]. Shelly, Cashman & Vermaat, 2005. Discovering Computers 2005. Boston: Thomson Course Technology. Turban, E., Leidner, D., McLean, E. & Wetherbe, J., 2005. Information Technology for Management: Transforming Organizations in the Digital Economy. New York: Wiley. UCOP, 2008. Incident Handling. [Online] Available at: http://www.ucop.edu/irc/itsec/uc/incident_handling.html [Accessed 04 January 2011]. Read More