Security Incident Handling in an Academic Medical Center by David McKelvey on 19/07/05

Security incident handling is the planned response to events that are recognized as compromises to the confidentiality, integrity or availability of a system. In addition specific Academic Medical Center (AMC) compromises involve the misuse of: 1) Proprietary information, 2) Patient information (PHI) or 3) Personal information. Preparation before incidents occur is vital. Security policies, procedures and standards define the secure operation of systems. People with the needed skills must be organized and trained. Software and hardware tools should be assembled. Detection of intrusions may come from users, support staff, outside parties and automated detection systems. The recovery steps are: 1) Regain control, 2) Analyze the intrusion, 3) Contact the relevant Computer Security Incident Response Team (CSIRT) and other sites involved, 4) Recover from the intrusion, 5) Improve the security of your system and network, 6) Reconnect to the Internet and 7) Update your security policy.

This document is in PDF format. To view it click here.

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.