incident response

20 December 2017 at 4:28pm

Incident statistics for July 2017

James Cleeter
Janet CSIRT
incident response
incident statistics
These statistics only relate to information collated by Janet CSIRT and do not provide an accurate sample of security activity across the research and education sectors. The figures are frequently more closely correlated to the activity of CSIRT and our detection of events rather than their actual rates of incidence. For example: a successful investigation by researchers into a botnet will cause that month's malware figures to rise even though the malware may have been active in previous months.
Read more
18 December 2017 at 1:20pm

GDPR: Processing notification and protecting security

Andrew Cormack
Data Protection Regulation
incident response
GDPRtopics
Concern has sometimes been expressed whether the General Data Protection Regulation’s (GDPR) requirement to notify individuals of all processing of their personal data would cause difficulties for security and incident response teams. These activities involve a lot of processing of IP addresses, which the GDPR and case law seem to indicate will normally count as personal data. But a law that required us to tell attackers how much we knew about their activities would help them far more than us.
Read more
14 December 2017 at 9:40am

Centralisation of logging using WEF

Julian Fort
#security
incident response
Monitoring
What I find in my daily incident response work with different sites is the need to promote the importance of logging: namely centralised log collection. It cannot be understated how logs prove invaluable in a security incident. Tracing through logs on a central location makes investigation so much easier, and allows incident responders to locate a security event. There shouldn’t be any surprise for Windows Infrastructure owners that a free method to centralise logs from servers exists. That is Windows Event Forwarding.
Read more
12 December 2017 at 8:37am

Security, Incident Response, Privacy and Data Protection

Andrew Cormack
Data Protection Regulation
incident response
The Forum of Incident Response and Security Teams (FIRST) invited me to write a piece on how GDPR affects security and incident response. Summary: it makes them pretty much essential :)
Read more
4 December 2017 at 2:32pm

An Emotet malware incident write up

Julian Fort
malware
incident response
#security
Janet network CSIRT recently provided guidance to a Janet-connected organisation that experienced a malware infection. The site performed a full analysis of the incident and wrote a post mortem of the event and the lessons learned from it. The report was created initially for internal use, but they have kindly allowed us to publish a redacted version, in case it is useful for other institutions: 1 Summary
Read more
3 November 2017 at 10:21am

Article 29 WP draft on Breach Notification

Andrew Cormack
Data Protection Regulation
incident response
Breach Notification
GDPRtopics
The Article 29 Working Party's draft guidance on Breach Notification under the General Data Protection Regulation (GDPR) provides welcome recognition of the need to do incident response and mitigation in parallel with any breach notification rather than, as I've been warning since 2012, giving priority to notification.
Read more
26 October 2017 at 4:23pm

GDPR and "cyber security"

Andrew Cormack
Data Protection Regulation
incident response
GDPRtopics
Education Technology have just published an article I wrote (though I didn't choose the headline!) on how security and incident response fit into the General Data Protection Regulation. It aims to be an easy read: if you want something more challenging follow the "incident response protects privacy" link to get the full legal analysis.
Read more
19 April 2017 at 9:36am

Article 29 Working Party support security and incident response

Andrew Cormack
ePrivacy Regulation
incident response
GDPRdevelopment
Having had my own concerns that the European Commission's draft e-Privacy Regulation might prevent some activities that are needed by security and incident response teams, it's very reassuring to see the Article 29 Working Party recommending an explicit broadening of the scope of permitted Network and Information Security (NIS) activities.
Read more
19 April 2017 at 9:38am

GDPR: Official CSIRTs?

Andrew Cormack
Data Protection Regulation
incident response
GDPRtopics
A couple of organisations have asked me recently whether the General Data Protection Regulation (GDPR) requires them to get some sort of external recognition of their incident response team. Here's why I don't think it does. Recital 49 of the Regulation says:
Read more
19 April 2017 at 9:42am

ePrivacy Regulation: a risk for website security?

Andrew Cormack
ePrivacy Regulation
incident response
GDPRdevelopment
Last October the European Court of Justice confirmed that websites do have a legitimate interest in security that may justify the processing of personal data. That case (Breyer) overruled a German law that said websites could only process personal data for the purpose of delivering the pages requested by users. As far as I know, everywhere else in Europe the use of logs to secure websites is accepted as lawful.
Read more
Subscribe to incident response