Case Studies
As we were completing this book, we wanted to test our methodology against real experiences throughout the security community. As members of the Forum for Incident Response and Security Teams (FIRST), Cisco has established a trusted relationship with fellow incident response teams. Through FIRST, we found two other security teams interested in sharing some perspective regarding their security monitoring. This highlights how their security monitoring aligns with the methodology presented in this book. Here are case studies from two respected security teams: KPN-CERT and Northrop Grumman.
KPN-CERT
KPN is a Dutch telecommunications company that operates fixed-line and mobile telephony, Internet, wireless television, ICT, retail, and IPTV services. The company, which employs nearly 30,000 people, has an active computer security incident response team called the Computer Emergency Response team (KPN-CERT). This team provides security monitoring and response for KPN’s company network as well as the networks over which KPN offers its services, including Internet services.
Like all companies in the Netherlands, KPN is governed by Dutch and European Union laws. These regulations limit the depth of KPN’s security monitoring, and require retention of some event records. Because KPN is a telecommunications company, the customer data it stores is further regulated, and the security team must actively monitor for security breaches.
Note
KPN has several divisions, with policies and response ...
Get Security Monitoring now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.