Incident Response: A Strategic Guide to Handling System and Network Security Breaches

by Terry Gudaitis, Ph.D.

The concern for information security is growing nationwide and worldwide as more companies, financial institutions, organizations, governments , and individuals rely on computers to maintain, increase, and advance their businesses. The problems of computer misuse, computer sabotage , and hacking are issues for everyone, professionally or personally , who uses the Internet or is attached to a company network. Individuals, small companies, and organizations not affiliated with technology sometimes assume that they cannot be harmed or targeted by computer criminals. Of course, everyone can be a target for hackers, even the little guy. Although the attacks are technical, people are being hurt, people are being affected, and more importantly, people are still the perpetrators. The weapons of choice might be technical, but the fingers on the keyboards are still human.

The primary response services in the information security industry include technical solutions (such as PKI and VPN), technical preventions (such as firewalls and IDSs), and incident response programs. Although the current services offer a wide array of technical solutions to prevent damaging incidents, these incidents are still committed by human beings. Ironically, although the damage is being done by humans , all of the typical solutions for mitigating information security incidents are technical based. The addition of behavioral science ‚ based investigative techniques must be integrated into an effective incident response program to develop a more complete and successful solution to information security issues.

To comprehensively protect sensitive information from modification, destruction, and disclosure, the science of studying human beings, the organizations for which they work, and the society in which they live must be assessed. Even the companies that purchase a great deal of technology-based protection for their systems will continue to have the problems based on human behavior and human beings. The best firewall built cannot prevent the person with legitimate access from causing harm. Human-based protection must be incorporated into an overall security package because more than 60% of attacks are coming from the inside. Human-based incident response techniques must be incorporated into an overall incident response program.

Although there are numerous established technical means to assist a company in protecting sensitive information and data, the same level of behavior-based techniques is not being utilized. The techniques from the fields of criminology, sociology, behavioral science, and human communication should play a complimentary role with computer science and information technology to more successfully secure the integrity of data and information. Behavioral science and profiling tools focus on the assessment, investigation, education, and development of human beings, the companies for which they work, and the society in which they live. The purpose of this chapter is to demonstrate how behavioral science methodologies can be combined with existing technical investigative techniques to combat cybercrime and fit within an incident response team. The behavioral assessment methods used in incident response closely parallel the six-stage incident response methodology outlined in Chapter 3,"A Methodology for Incident Response."