The Incident Response Plan
After being on the job for a week reviewing Wellness Technology’s contingency plans, you have identified that the company doesn’t have a comprehensive incident response plan (IRP). You have discussed this with your boss, the IT manager, and have decided that this is something that must be created.
In this project, you will create an IRP for Wellness Technology, Inc. The format design of the IRP document can be your own creative work product and/or an industry standard one from the web. If you choose the ladder, please make sure you have the right to use it. Your IRP should cover the following events if they were to occur:
Internet service provider (ISP) failure
Burst water pipe
The Voice over Internet Protocol (VoIP) telephone system failure used by the sales team and 24×7 technical support team
Virus/malicious code compromising the Wellness Technology’s Web App (to include the presentation layer, business layer, and database layer) or the wrist device
Use a professional format for the IRP citing sources where applicable.
Create the IRP in approximately 5 pages in a Microsoft Word document.
Name the IRP SU_MIS6250_W2_Project_LastName_FirstInitial.docx.
Submit your IRP to the Submissions Area by the due date assigned.
Comprehensive Incident Report Plan for Wellness Technology
The existence of a robust incident report plan contributes significantly to the reduction of damage and recovery time, as well as limitation of the associated costs when catastrophic events occur. Incidence response entails how an organisation responds to an event such as cyber-attack, data breach, or fire outbreak (Hagen et al., 2013; Alexander, 2016). This paper presents a comprehensive incident report plan (IRP) for Wellness Technology. The events covered in the paper are power failure, internet service provider (ISP) failure, fire, burst water pipe, and the voice of internet protocol (VoIP) telephone system failure employed by the sales team and 24-hours a day, seven days a week technical support team. Malicious code or virus compromising the Wellness Technology’s Web App or the wrist device is also covered.
This incident response plan is established to offer a well-defined, organized strategy for addressing any potential event or threat to the organization and embracing appropriate action when an event occurs (Alexander, 2016). The events covered are power failure, internet service provider (ISP) failure, fire, burst water pipe, and the voice of internet protocol (VoIP) telephone system failure employed by the sales team and 24-hours a day, seven days a week technical support team. Malicious code or virus compromising the Wellness Technology’s Web App or the wrist device is also covered. The plan also identifies the responsibilities and roles of the organization’s Incident Response Team.
Incident Response Team
The incident response team is formed to provide a swift, effective, and organized response to the aforementioned events. The mission of the incident response team is to deter serious loss of information assets, client confidence, or profits by offering a quick, effective, and skilled response to any unanticipated event (Hagen et al., 2013). The team is mandated to take necessary measures deemed appropriate to resolve, mitigate, or contain incidents related to the aforementioned events. The team will be in charge of investigating incidents in a timely and cost-effective way, and reporting their outcomes to the management along with relevant authorities as appropriate.
Incident Response Team Members
The following parties constitute members of the incident response team:
· Chief Information Officer (CIO)
· Legal counsel
· Firm Managing Director
· Systems/Network Manager
· Director of Information Security
· Director of Information Technology
· Applications Manager
· Help Desk Manager
Notification of Incident Response Team
To ensure ease of reporting and timely response 24 hours a day, seven days a week, the information technology department help desk will serve as the central contact point for reporting any event. Alexander (2016) asserts that all events reported to the hell desks must pass through the director of information technology. The director of information technology will then take the necessary action together with the incident response team.
All organizational employees have a duty to report any confirmed or suspected event to the department of information technology immediately upon identification. Organizational employees reporting any suspected event will help in the acquisition of information, preservation of evidence, and provision of extra assistance as considered appropriate by any member of the incidence response team throughout the investigation.
Identification or Classification of Events
All reports associated with the criticality of potential events shall be categorized as low, medium, or high with the aim of facilitating adoption of necessary action.
High: Events or incidents possessing a monumental impact on the organization’s service to clients or business operations. Examples of such events are massive fire outbreaks and system break down
Medium: Events or incidents that possess significant or have the capability of possessing a monumental effect on the organization’s service to clients or business operations. An examples of such events is
Low: Incidents or events that have the ability to possess a monumental or significant effect on the organization’s business or service delivery to clients
Once the reporting of an event has been done, the appropriate IT department member should be informed for response (Hagen et al., 2013). IT department members will be in charge of executing the initial investigation with the aim of determining if an event has occurred.
· Checking the company’s fuses or circuit breakers to ensure that the outage does not result from equipment problems within the facility
· Ensuring that employees are safe
· Checking elevators, the facility, and equipment for circumstances that may require immediate attention
· Contacting the electrical contractor or electrician for outages within the company’s system
· Contacting the power supplier for outages external to the company’s system
· Turning off major equipment pieces not connected to the company’s stand-by generator. Such an undertaking helps to prevent damage to equipment that can start automatically when power resumes (Alexander, 2016).
· Leaving few lights on within visible areas to ensure that power can be detected when it resumes
· Shutting off circuit breakers to key pieces of equipment to prevent power surges and damages to equipment upon restoration of power
· Leaving breakers that regulate the lights on to signal when power is restored
· Contacting firms that service the organization’s communications equipment, alarm, and air conditioning systems for specific instructions
Internet Service provider (ISP) Failure
· Identifying and assessing network outage
· Evacuating area if necessary
· Reviewing with IT management
· Initiating remedial actions to ensures recovery of network assets
· Embracing decisions aimed at invoking network disaster recovery plan
· Reporting to senior management
· Contracting appropriate carriers and vendors
· Following through on procedures for recovery
· Indicating location of fire extinguishers and first-aid boxes
· Ensuring specialized personal protective equipment in on site
· Locating other equipment for fighting fire such as standpipes and hydrants
· Locating and switching main power supply source
· Ensuring the availability of adequate medical aid supplies on site
· Identifying worker and mobile equipment evacuation routes
· Identifying nearest medical centre or hospital
· Making provisions to codon off the scene of accident to safeguard workers/employees
· Identifying emergency access routes
Burst Water Pipe
· Identifying and shutting off water shut off valve
· Containing water in single areas using buckets
· Keeping water from hardwood floor areas
Voice of Internet Protocol (VoIP) Telephone System Failure
· Checking all the phones, modems, and routers to ensure that they are plugged in
· Checking the internet connection to ensure that it is functioning
· Consulting company technician for minor problems
· Consulting service provider for major problems on issues related to firewall
· Checking for power supply to the system
· Arranging for alternative communication system for the sales team
Malicious Code or Virus Compromising the Wellness Technology’s Web Application
· Gathering and reviewing log files
· Reviewing running or installed privileged programs
· Inspecting system file tampering
· Detecting unapproved services installed on systems
· Evidence of changes of password files
· Detecting unusual files
· Examining other hosts
· Network monitoring programs or sniffer reports
The primary purpose of this incident response plan is to guarantee efficient recovery via the elimination of vulnerabilities and reinstatement of repaired systems. The following recovery measures should be embraced for the events:
Malicious Codes or Malware
- Assessing insurance coverage as well as claims payment
- Ensuring the point of penetration for the attacker along with any related vulnerabilities are eliminated
- Data should be backed-up and security measures such as robust passwords, firewall, and antispyware installed
- Operations of all systems should be restored and data recovery software installed.
- Assessing payment for insurance coverage and claim
- Assessment of the facility for safety
- Securing of property
- Damage assessment
- Prevention of extra damages
- Cleaning up
Water Pipe Bursts
- Arranging payments for insurance coverage and claims
- Skilled plumbers should be consulted or hired to perform necessary repairs and ensure that plumbing works well again.
· Coordinating repairs and restorations
· Containing and cleaning up hazardous material
· Assessing insurance coverage as well as claims payment
· Moving printers and computers, and helping in the replacement of damaged equipment
· Moving furniture and equipment
· Notifying of change by patrolling for vacant and new location
· Assessing control at new site
· Cleaning up and removing water
- Assessing claims, as well as insurance coverage claims for losses incurred
- The network should be made more redundant by:
- Establishing numerous routes
- Ensuring fibre connection is fault tolerant
- Implementing robust Border Gateway Protocol (BGP) to deter route leaks
- Ensuring route switching can occur automatically
- Establishing agreements with several carriers to ensures that the company can switch to a different carrier when one is unavailable
- Assessing insurance coverage and claims compensation or payment for losses incurred
- Backing up of data
- Installation of data recovery software
- Installation of an alternative power supply such as solar power, and standby generators
Voice of Internet Protocol (VoIP) Telephone System Failure
· Assessing claims and insurance coverage payment
· Damage assessment
· Coordinating repairs
· Seeking for alternative service providers
Periodic Testing and Remediation
· The department of information technology has the responsibility of testing and reviewing the incident response plan for the events outlined in this document on a quarterly basis. When testing is performed, every system should be subjected for scanning for open vulnerability prior to remediation after which the scanning is performed again following the remediation. Such an undertaking ensures that that all vulnerabilities are eliminated.
· Regular trainings will also be conducted to organizational employees to ensure effective response to events discussed in the document.
Alexander, D. (2016). How to Write an Emergency Plan. Edinburgh: Dunedin Academic Press.
Hagen, R., Statler, M., & Penuel, K. B. (2013). Encyclopedia of Crisis Management. Los Angeles, Calif: SAGE Publications, Inc.