Analysing Information Security Incidents Resulting from System Failures

System failures may be the result of malicious activity, but differentiating these failures from hardware or known software bug failures requires experience and expertise. This topic looks at some of the techniques for analysing failures caused by malicious activity.

To view the related Policy click      

  • Incomplete analysis of a system failure may not reveal that the failure was due to malicious activity, thus leaving a back door opportunity for future disruption of services.

  • Perform the following types of investigative activity :-
  1. Examine operating system accounting files in order to ascertain which system processes were running when the system failed.
  2. Examine any intrusion detection software to see if external parties were involved in the activity.
  3. Examine any error log files associated with the system failure for details of processes and users who were active on the system at the time of the failure.
  4. Combine the details from the three aforementioned sources to pin point user activity at the time of the failure.
  5. Where possible, ensure that system start up checks are run before users are allowed to log on, in order to ensure the integrity of the data.
  6. Ensure that all system failures are logged, whether they are deemed as being caused by an information security breach or not.
  7. Build up a database of system failures and subsequent recovery procedures in order to provide quick cross references for any future failures.
Previous PageTop of this pageNext Page

Information Security Policies from US$595


Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word


Next PageUpPrevious Page