Sony shut down several of their Internet services in Canada, Thailand, and Indonesia today. Sony stated that their Thai site was accessed to gain customer information to conduct phishing attacks. Sony Music Entertainment was also infiltrated leading to source code theft. Organizations face many security challenges but some level of organization and planning can alleviate some of the headaches caused by a breach.
One popular framework that can be used to help develop your security is ISO 27001. ISO 27001 provides a management framework to guide organizations in making sure they have all the bases covered when it comes to security. ISO 27001 is not just about technology security, but also includes sections on physical security, and legal compliance. It is considered by most organizations a complete approach to managing an organization’s security program.
These sections are of importance in improving the security standing of an organization before and after a data breach.
A.10.6 Network security management – Objective: To ensure the protection of information in networks and the protection of the supporting infrastructure
A.13.2 Management of information security incidents and improvements – Objective: To ensure a consistent and effective approach is applied to the management of information security incidents.
There are specific topics in each section such as defining network controls and incident handling procedures. A little planning before an incident can go a long way to making the cleanup and prevention of future intrusions much easier to deal with .