This attack model map shows how there is more than
one way around a firewall. Recognizing when a breach
has occurred can save a company’s sensitive information
from becoming public, or even worse, a complete
shutdown.
An organization without an incident handling team can be compared to a city without a fire brigade. When things begin to catch fire, there are no skilled persons in place to prevent the entire infrastructure from burning to the ground. This is the same for a company’s vulnerable security infrastructure; the result of a breach can be serious widespread damage, and normal employees find themselves having to tackle skills that they were never trained to perform.
An incident handler gains from the previous experience
of attacks, whether physical or logical, says Klaus
Majewski.
OR SO THEY THOUGHT
To alleviate this problem, larger companies have begun recruiting dedicated incident handlers. They are well-trained people dedicated to minimize any damages such incidents might otherwise cause. These teams may be as small as just two people, but will still be able to handle all critical incidents and have a positive stabilizing effect on the organization as a whole. They can apply their skills to both physical and logical security incidents.Unfortunately, it is becoming increasingly difficult to find experienced incident handling people on the market today, and those who are available are very experienced and as such very expensive. So, what more cost-effective routes are available for organizations looking to assemble their own efficient incident handling teams?
One solution would be to hire cheap trainees, but to provide them with high-quality equipment with which to handle such incidents. The problem with this approach is that it could conceivably take a very long time before these rookies would have enough experience handling incidents to become effective. Another problem is that allowing raw recruits the freedom to get up to speed in a live production environment is just not acceptable to the vast majority of businesses.
Another idea would be to send the inexperienced staff on incident handling courses. Basic training would certainly be better than none at all, but its value would be limited because the training would not take place in an organization’s own live corporate environment. Each company has its own unique specialized environment, security devices and individual procedures for handling incidents.
TEAM SKILLS
An enthusiastic chief security officer has figured out his own way to train the Incident Handling Team. He did not have any experienced incident-handling people on his staff at all, but he did have a good set of basic security protection tools. His biggest problem, therefore, was that the staff was not trained to use their tools efficiently.By testing their skills, the incident management staff learned to use its equipment and was able to store incident management data for future use, should similar incidents occur.
It does not take a great deal of effort to train an efficient incident management team, as long as it has good tools at its disposal. Remember to make the team practice regularly with real incidents in a familiar live environment.
The security points at airports need greater cooperation and work among incident
handlers.
SIDEBAR
Incident Handling at Airports
Five years after 9/11, most Americans continue to feel the impact of this tragic event, especially when they fly commercially.Rob Schorr of MDI Security Systems said the hijacking of four commercial planes and the subsequent deaths in New York, Washington, D.C., and Pennsylvania forced aviation security professionals to focus on methods to completely integrate on intra-facility security platforms as well as provide nationwide situational awareness between locations.
“Aviation security professionals have seen an evolution of security measures that allowed people to take their friends and loved ones to the departure gates to one where only ticketed passengers must pass through TSA checkpoints that makes them take off their shoes and turn on every electronic device that passes through their gates,” he said. “At the same time, this tragedy has made aviation professionals look at ways to completely unify their security processes.”
The government response to 9/11 has given aviation professionals additional funding to complete the security system integration. The proposed joint Congressional budget for fiscal year 2007 calls for over six billion in Transportation Security Administration expenditures to help airports provide better security. Most of the funding will come from offsetting fee collections generated through commercial airline ticket sales.
Schorr said he has worked through a government integrator with airport officials in Phoenix and Denver to help them use existing government funding to integrate their video surveillance with the various checkpoint sensors.
“The problem with most airports today is that they have a multitude of sensors and manufacturers that require a lot of work to incorporate together under one security platform,” he said. The executive said that most airports have three to four “checkpoint” vendors who supply explosive and metal detection systems. Other security contractors have developed X-Ray screening services and RFID data collection for tickets or luggage.
“Most of these frontline security vendors are not readily willing to provide signal outputs to third-party integrators to help incorporate them into a unified solutions,” he said. “Going forward, the government would be wise to stipulate such cooperation with its aviation checkpoint vendors when its issues future request for proposals.”
In Arizona and Colorado, Schorr said, “it took a great deal of finesse at first but we quickly proved there that with the right integrator, political support and the right platform that you can easily provide airport-wide situational security awareness.” Both the Denver and Phoenix airports now have well developed user interfaces with a graphical user interface screens that automatically enable a TSA worker to add new security devices as needed to their checkpoints.
