incident response

20 June 2013 at 3:43am

Privacy Law Amendments Could Hinder Response to Privacy Incidents

Andrew Cormack
Data Protection Regulation
incident response
One of the areas of network operations where it’s particularly tricky to get legislation right is incident response, and recent amendments proposed by the European Parliament to the draft Data Protection Regulation (warning: 200 page PDF) illustrate why.
Read more
13 November 2012 at 4:43pm

Legal issues in dealing with Botnets

Andrew Cormack
Botnets
Data Protection Regulation
CSIRT
ePrivacy Directive
incident response
malware
An interesting paper from ENISA and the NATO Cyberdefence Centre illustrates the narrow space that the law allows for incident response, and the importance of ensuring that new laws don’t prevent incident response teams from protecting networks, systems, their users and information against attack.
Read more

Janet CSIRT conference (#CSIRT2012)

Andrew Cormack
8 November 2012 at 2:59pm
Cybercrime
incident response
malware
There was an excellent line-up of speakers at Janet CSIRT’s conference this week.
Read more
17 October 2012 at 1:22pm

Analysing Malware lawfully

Andrew Cormack
Computer Misuse Act
incident response
malware
Malicious software, generally shortened to malware, is involved in a wide variety of security incidents, from botnets and phishing to industrial sabotage. Analysing what malware does and how it can be detected, neutralised and removed from infected computers is an important part of keeping networks and computers secure.
Read more
20 September 2012 at 12:15pm

ENISA on cyber incident reporting

Andrew Cormack
Breach Notification
Data Protection Regulation
ePrivacy Directive
incident response
eSignature Directive
ENISA have  published an interesting report on cyber incident reporting. Their scope is wide – incidents range from the failure of a certificate agency to storms creating widespread power (and therefore connectivity) outages.
Read more
17 September 2012 at 9:34am

Cooperation between CERTs and Law Enforcement

Andrew Cormack
incident response
Cybercrime
Data Protection Regulation
I participated in an interesting discussion last week at ENISA’s Expert Group on Barriers to Cooperation between CERTs and Law Enforcement. Such cooperation seems most likely to occur with national/governmental CERTs but I’ve been keen to avoid recommendations that they be given special treatment, not least because of the risk that such treatment might actually create barriers between them and other CERTs.
Read more

Dealing with Computer Crime

Andrew Cormack
Wednesday, July 25, 2012 - 13:39
Cybercrime
incident response
Being the victim of a computer security incident is an unpleasant and stressful experience. In the spirit of first aid, these guidelines aim to provide assistance until expert help arrives.
Read more
13 August 2012 at 10:59am

MoJ Summary of Data Protection Responses

Andrew Cormack
Access Management
Breach Notification
Data Protection Regulation
Privacy
incident response
Cloud computing
The Ministry of Justice have published a summary of the responses to their consultation on European Data Protection proposals. On the issues we raised around Internet Identifiers, Breach Notification and Cloud Computing there seems to be general agreement with our concerns.
Read more

System Administrators Charter - Examples

Andrew Cormack
Thursday, June 28, 2012 - 14:59
System Administration
incident response
The following examples have been chosen to accompany the System Administrator's Charter to indicate how the charter is intended to work in practical situations. As I receive enquiries about the charter I will try to update these examples, so if you find an interesting situation which is not covered here, or a case that makes the points better, then please let me know andrew.cormack@jisc.ac.uk.
Read more

Suggested Charter for System Administrators

Andrew Cormack
Thursday, June 28, 2012 - 14:56
System Administration
incident response
This document has been prepared by Andrew Cormack, Chief Regulatory Adviser at Jisc Technologies. It is endorsed by the Universities and Colleges Information Systems Association (UCISA). Members of the UCISA Networking Group were closely consulted during the drafting process.
Read more
Subscribe to incident response