Managing the Response to a Computer Security Incident

Organizations typically devote substantial information security resources to the prevention of attacks on

computer systems. Strong authentication is used, with passphrases that change regularly, tokens, digital

certificates, and biometrics. Information owners spend time assessing risk. Network components are kept

in access-controlled areas. The least privilege model is used as a basis for access control. There are layers

of software protecting against malicious code. Operating systems are hardened, unneeded services are

disabled, and privileged accounts are kept to a minimum. Some systems undergo regular audits,

vulnerability assessments, and penetration testing. Add it all up, and these activities represent a

significant investment of time and money.