incident response

27 September 2013 at 5:51pm

Draft Network and Information Security Directive: consultation summary

Andrew Cormack
Breach Notification
Cybersecurity Directive
incident response
The Department for Business, Innovation and Skills has published a summary of the responses to its consultation on the proposed EU Directive on Network and Information Security (NIS). Summarising that summary (!):
Read more
25 June 2013 at 3:31pm

Bug Bounties

Andrew Cormack
Software Vulnerabilities
incident response
#firstcon13
Bug bounty schemes have always been controversial. In the early days of the Internet someone who found a bug in software was expected to inform the author and help fix it, as a matter of social responsibility. Suggesting that those researching vulnerabilities be paid for their time and effort seemed rather grubby. Unfortunately not everyone shared those scruples.
Read more
25 June 2013 at 3:30pm

Sharing to Win Privacy

Andrew Cormack
Data Protection Regulation
Privacy
ePrivacy Directive
incident response
#firstcon13
The theme of this week’s conference of the Forum of Incident Response and Security Teams (FIRST) is “Sharing to Win”. Perhaps inevitably, I’ve had a number of people (and not just Europeans) tell me that privacy law prevents them sharing information that would help others detect and recover from computer security incidents. If that’s right, then those laws are working directly against the privacy they are supposed to be protecting.
Read more
18 June 2013 at 3:17am

Uncertainty, Risk Assessment and Breach Notification

Andrew Cormack
Breach Notification
Data Protection Regulation
incident response
#firstcon13
Two talks on the first day of the FIRST conference highlighted the increasing range of equipment and data that can be found on the Internet, and the challenges that this presents both for risk assessment and, if incidents do happen, assessing the severity of the possible breach and what measures need to be taken.
Read more
2 May 2013 at 10:17am

Legal developments affecting incident response

Andrew Cormack
incident response
Data Protection Regulation
Data Retention Directive
Communications Data Bill
I was asked recently how I saw current legal developments in Europe affecting the work of incident response teams, so here’s a summary of my thoughts.
Read more
15 February 2013 at 3:15pm

ICO on pseudonyms, consent and legitimate interests

Andrew Cormack
Access Management
Data Protection Regulation
incident response
Privacy
It’s interesting to read the Information Commissioner’s comments on the draft European Data Protection Regulation, which have just been published. A number of the comments address issues we’ve been struggling with in providing Internet services such as incident response and federated access management.
Read more
7 February 2013 at 4:34pm

EU Cyber Security Strategy

Andrew Cormack
incident response
Breach Notification
CSIRT
Cybersecurity Directive
The European Commission’s Cyber Security Strategy aims to ensure that Europe benefits from a “robust and innovative Internet”. The Strategy has five priorities:
Read more
7 February 2013 at 8:45am

Using technology to enhance incident response

Andrew Cormack
incident response
CSIRT
At last week’s TF-CSIRT meeting, Gavin Reid from Cisco suggested that we may have been over-optimistic about how much technology can do to detect and prevent incidents. Automated incident prevention systems can be effective at detecting and preventing automated attacks but are less effective against targeted attacks that use human intelligence rather than brute force. In the worst case an organisation that relies too much on automation may end up designing its security stance to suit the available automation systems, rather than the other way around.
Read more
1 February 2013 at 9:15am

Reporting Information Security Breaches

Andrew Cormack
Breach Notification
incident response
Data Protection Regulation
An interesting, though depressing, figure from Verizon’s 2012 Data Breach Investigations Report is that 92% of information security breaches were discovered and reported by a third party. Not by the organisation that suffered the breach, nor by its customers who are likely to be the victims of any loss of personal data, but by someone else.
Read more
29 January 2013 at 12:43pm

Misconfiguration may be harmful

Andrew Cormack
incident response
Darknets
Darknets are well known as a place to look for Internet threats, but a presentation by RESTENA and CIRCL at this week’s TF-CSIRT meeting suggested they may also show up other kinds of problems. Darknets are parts of the IP address space that are routed but not used, so there should be no legitimate packets arriving at those addresses. Packets that do show up may relate to scanning, or be responses to attacks forged to appear to come “from” the darknet addresses.
Read more
Subscribe to incident response