63
4
Preparing for an Incident
*
Before anything else, preparation is the key to success.
—Alexander Graham Bell
4.1 Introduction
As my father-in-law has said, “If you dont prepare the garden in the spring it
wont be ready to harvest in July.” Preparing does not just include turning the
ground over and planting the seeds; it also includes putting up a fence and
using deterrents for those pesky deer and rabbits trying to eat everything. If
we apply that sentiment to security incidents, the information security profes-
sional obviously needs much more than a rewall to deter those pesky hackers
from our critical data and systems as was outlined in the previous chapter. In
addition, the digital forensics professional also needs the security deterrents
set up in such a way that they will have the appropriate means to help catch
and convict the intruder if he or she does get unauthorized access. The digital
forensic process also needs to be able to gather information to determine and
secure the vulnerability that was exploited. Thus, in this chapter, the topics
and safeguards that needed to be implemented preincident to facilitate secur-
ing the assets as well as provide data for an effective investigation postincident
will be discussed.
It can be an overwhelming task for any business—well aware of the expo-
nentially growing cyber threats to its critical assets—to maintain a compre-
hensive security posture. A comprehensive security posture will include
features that will not only mitigate incidents but will also make both inci-
dent response (IR) and the digital forensic investigation much more effective
because all bets are that the incident will occur eventually and will need
to be investigated. In other words, just as in ring a weapon, “aim, re” is
not enough, the weapon should be “ready” too. In an organization in which
resources are tight, preincident preparation and the development of the IR
process may take a back seat to responsibility of securing the system. The
point is that a successful preincident preparation process should have its own
focus by both the information security and digital forensics professionals to
*
Excerpts in this chapter are from DeFranco and Laplante (2011).

Get What Every Engineer Should Know About Cyber Security and Digital Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.