It is worth noting that at the same time the hacker skill level is becoming low. Probable reason being the increase in number of loop holes in modern systems and open opportunity for hackers to share information and transfer technology amongst one another. This situation is of prime concern to the information security world. Methodologies are being developed and improved to combat, investigate and prevent such breaches into system boundaries1.
Study conducted by the FBI and CSI in the year 2002 revealed alarming increase in system intrusion by hackers. 90% of the respondents identified their systems to be invaded. 80% accepted financial loss. Loss above 450,000,000 $ was reported collectively by about 220 respondents. 74% of the total declared internet as the repetitive point of attack.
To cater for the increasing number of attack incidents, an approach must be formulated to respond to such unpleasant events so that the effect of such attacks on the organization is minimized. Minimization of the intrusion impact will lead to un-altered organizational performance and ideally no loss of capital. However, if such incidents are dealt with lightly and casually, the organizational integrity is under serious threat. The response mechanism should be able to manage sufficient information of the breach to assist the decision makers and concerned personnel to determine the actions accordingly, to combat future attacks and to dissuade attacks through investigation and law trial. The methodology to the response to such an attack has to be time optimized because mostly time is the key governing variable to determine organizational performance. Also, the methodology must be efficient emphasizing low resource utilization because finance in an organization is another contingent controlling variable. The approach towards dealing with the situation must be modular so that the repair and maintain mechanism is refined into manageable chunks. The approach should also emphasize on the most logical sequence of actions for dealing with threats and invasions. Finally, the approach must also incorporate the room for dealing with never-seen-before security situations. It should be kept in mind that the design of the response methodology has linked legal issues as liability limitation and reduction in insurance premiums. Taking into consideration the issues explained above, a multi-step linear feed back model has been developed. Incidence response is generally based upon this model. The sequential steps of the response method proposed by the model are preparation, detection and containment followed by analysis, eradication and recovery. At the end of the linear chain, follow up and feed back is required for the response process completion2.
SIGNIFICANCE OF EVIDENCE
The evidence of a security breach can be collected in any of the seven steps in the response model described above. It is important that this evidence be managed in an efficient manner as this