Security Incidence Response Plan

[et_pb_section fb_built="1" specialty="on" _builder_version="4.9.3" _module_preset="default" custom_padding="0px|0px|0px|||"][et_pb_column type="3_4" specialty_columns="3" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_row_inner _builder_version="4.9.3" _module_preset="default" custom_margin="|||-44px|false|false" custom_margin_tablet="|||0px|false|false" custom_margin_phone="" custom_margin_last_edited="on|tablet" custom_padding="28px|||||"][et_pb_column_inner saved_specialty_column_type="3_4" _builder_version="4.9.3" _module_preset="default"][et_pb_text _builder_version="4.9.3" _module_preset="default" hover_enabled="0" sticky_enabled="0"]
  1. Question

  2. Paper Details     
    First, you need to assemble a security incident response team (SIRT). This team will be responsible for determining whether intrusions are legitimate or false positives, determining how to escalate responses as needed, and deciding whether prosecution is viable or necessary. The team should be drawn primarily from current staff of your company. Include IT staff members, an upper management representative, a financial representative, and a human resources representative. Also, designate a person to handle public relations. Include contact information for the company’s legal counsel, and identify a local law enforcement officer to contact if the police need to be notified. Follow these steps to help plan your company SIRT:

    1. List who should be included in the SIRT, and explain briefly why you selected each member. It doesn't need to be a specific list of names, but a general guide for selection (including information such as skill sets needed, responsibilities the member is especially suited for, and so forth). For example, you might list the human resources director because she's familiar with all employees and can handle staff notification, if needed. You might also have the HR director handle public relations. This list is intended for the company's upper management, which will coordinate organizing the team with your guidance.

    2. Plan the general agenda for the team's first meeting. The team must select a team leader, discuss how responsibilities should be divided, and design a plan for developing, testing, and maintaining incident response procedures. (As a consultant, you can't design these procedures. It's an ongoing task the SIRT must do. Your job is to offer guidance.) Prepare a short list of "talking points" the team must address.

    3. Instruct the SIRT leader to develop an Initial Response Checklist that includes responsible parties, contact information, and notification and escalation procedures. This checklist should be posted for employees but not available for the general public (to protect team members' privacy). Develop a sample document the SIRT leader could use to organize this information.

    Now that you have guided your company in developing an incident response strategy, you need to begin integrating it into the disaster recovery plan. At this stage of development for a company such as yours, you should also begin planning who will handle ongoing maintenance of policies and begin preparing that person or group to take over the job. Because your company is a small company, it can't hire staff to take care of this task full-time. Someone within the company needs to take care of it.

    Assume that the IT director, Jon Smith, will be handling the task of security policy and procedures maintenance. Develop a checklist of tasks he needs to do and a tentative schedule. Write a brief agenda for a meeting with him covering the key points of the disaster recovery plan maintenance, including the risk analysis cycle, security awareness training, and resources for monitoring current threats that might affect the company or its policies. Also, plan to review the policies and procedures manual with him and answer his questions, explaining how you developed each part of the manual.

    After you have developed your list for upper management, the SIRT meeting agenda and talking points, the sample Incident Response Checklist, and your draft plan for ongoing maintenance, proofread all documents carefully and submit them to the instructor via the assignments tab for this project.

    Students should have:

    1. A list of people who should be considered for membership in the SIRT, including a brief rationalization for each potential member. This list shouldn’t be a list of names; instead, it should be a list of positions internal and external to the company. It must include at least one IT member, a representative from upper management, a public relations/employee liaison, and a representative of regular employees.

    2. The agenda should include provisions for selecting a team leader, specify which responsibility roles must be assigned, state how the workload must be divided, and include a point about ongoing maintenance and testing. Other topics students can include: updating, security awareness programs, on-call assignments, responsibilities and escalation procedures for regular business hours and off hours, and regular team meetings. The risk analysis cycle, updating the business continuity plan, disaster recovery plan and response procedures, and local law enforcement notification could also be important points. Students can include other items; assess them based on relevance to the design and structure.

    3. The checklist should include spaces for team member name, responsibilities, contact information, and escalation procedure (brief).

[/et_pb_text][et_pb_text _builder_version="4.9.3" _module_preset="default" width_tablet="" width_phone="100%" width_last_edited="on|phone" max_width="100%"]

 

Subject Law and governance Pages 7 Style APA
[/et_pb_text][/et_pb_column_inner][/et_pb_row_inner][et_pb_row_inner module_class="the_answer" _builder_version="4.9.3" _module_preset="default" custom_margin="|||-44px|false|false" custom_margin_tablet="|||0px|false|false" custom_margin_phone="" custom_margin_last_edited="on|tablet"][et_pb_column_inner saved_specialty_column_type="3_4" _builder_version="4.9.3" _module_preset="default"][et_pb_text _builder_version="4.9.3" _module_preset="default" width="100%" custom_margin="||||false|false" custom_margin_tablet="|0px|||false|false" custom_margin_phone="" custom_margin_last_edited="on|desktop"]

Answer

Security Incidence Response Plan

  • The Team

The Security Incidence Response Team (SIRT) will comprise of the persons listed below, who shall alert the teams office in case of incidence. The nature of intrusion may constitute of blockage of access controls. Insiders or outsiders may cause such blockages. The harm caused by insiders may not be malicious as those caused by outsiders.  The prevention intended may not be complete control of the system, rather a strategy to minimize intrusion. The team will be responsible for creating, managing, and implementing plans of action for any incident that may hypothetically intimidate the privacy, reliability, or accessibility of information in the system.

Further, team members shall aid in the development of policies and procedures for the deterrence, identification, investigation, control, and extinction of security threats. They shall also repair the information to an operational state. Team members shall also assist throughout the response process.

The team shall comprise of specialist and technological experts from the company charged with the analysis, prevention, containment, identification, and eradication of security incidents. The incidents are events that could adversely affect the company network resources or could cause loss of or damage to information resources flow.

The team shall comprise:

  1. ICT manager, who will act as the chair and head of the team. His expertise is crucial for coordination within the team. He shall also approve commencement of SIRT inquiry and SIRT accomplishments executed in support of the investigation. Besides, his key responsibilities shall include Summon SIRT; Conduct SIRT meetings; and Coordinate SIRT investigation. He will also ensure incidents classification according to severity class, define investigation objectives, outline resource requirements, communicate with external agencies, coordinate SIRT training and exercises, request support team resources, prepare SIRT management reports liaise with senior department managers regarding incident investigation status and arrange for responsibility coverage during temporary absences (Adopted from Stallings and Brown, 2008).
  2. Other members shall comprise of 5 people from IT department and each representative from every department in the company.

Team Responsibility

The principal duties of the SIRT are inquiry and reporting. To carry out these tasks, the subsequent support activities will be performed by the SIRT: Maintain communication access and incident response; assess the scope of incident damage; control and contain event; the collection of document and preserve incident evidence; maintain chain of custody of all incident evidence. The team shall also be entitled to interviewing individuals involved in the conflict; conduct an investigation to identify incident cause or source, the extent of damage, and recommended counteraction; consulting with law enforcement agencies, as authorized. Preparing reports describing incident investigations; develop recommendations to avoid future similar incidents; making recommendations to resolve the incident or reduce the impact of the event, and monitor recovery shall also be the responsibility of the team.

Agenda of the team

The primary objective of the team shall be controlling and manage the incidents, timely examination, and evaluation of the severity of the incident, well-timed recovery of the incident to normal operating conditions and prevention of likely events in the future.

ELEMENTS OF THE PLAN

Definition of an incident

An incident shall be an event that has definite or probable adverse effects on network resources resulting in misuse or abuse, compromising information, or damage of property or information (Adopted from Bandyopadhyay, 2010). Such events are directed towards a controlled computer, or network resources shall fall under the purview of the plan.

Reporting incidents

An incident shall be reported via existing primary reporting mechanisms at the SIRT office, which may be an email or phone call. A company member or anyone affected by a corporation security incident should report a suspected incident by either mail of phone call to the SIRT office. The person(s) reporting the events shall have to provide date and time, user contact information, a brief description of the incident, and, if available, source and target network information.

Acknowledgment of a reported incident of SIRT office shall occur via an auto-generated response to email or web notifications. While, a telephone-reported incident will be acknowledged with a telephone call or email message from the SIRT. All user reports will be analyzed, classified by severity rating, and an appropriate response will be generated. The scope of SIRT response will be determined by the incident severity rating,

If the nature of the event cannot be reported via non-confidential methods, the incident may be directly reported to the SIRT office (Adopted from Chen et al. 2008).

Incidence Closure

Once the system operations have been normalized, SIRT will verify that all corrective and preventive tasks are complete and that services have been reinstated.

 

This question has been answered

References

Bandyopadhyay, T. (2010). Cyber Insurance and the Management of Information Security Risk. Readings & Cases in Information Security: Law & Ethics, 75.

 

Chen, R., Sharman, R., Rao, H. R., & Upadhyaya, S. J. (2008). Coordination in emergency response management. Communications of the ACM, 51(5), 66-73.

 

Stallings, W., & Brown, L. (2008). Computer security. Principles and Practice.

 

 

 

 
[/et_pb_text][/et_pb_column_inner][/et_pb_row_inner][et_pb_row_inner _builder_version="4.9.3" _module_preset="default" custom_margin="|||-44px|false|false" custom_margin_tablet="|||0px|false|false" custom_margin_phone="" custom_margin_last_edited="on|desktop" custom_padding="60px||6px|||"][et_pb_column_inner saved_specialty_column_type="3_4" _builder_version="4.9.3" _module_preset="default"][et_pb_text _builder_version="4.9.3" _module_preset="default" min_height="34px" custom_margin="||4px|1px||"]

Related Samples

[/et_pb_text][et_pb_divider color="#E02B20" divider_weight="2px" _builder_version="4.9.3" _module_preset="default" width="10%" module_alignment="center" custom_margin="|||349px||"][/et_pb_divider][/et_pb_column_inner][/et_pb_row_inner][et_pb_row_inner use_custom_gutter="on" _builder_version="4.9.3" _module_preset="default" custom_margin="|||-44px||" custom_margin_tablet="|||0px|false|false" custom_margin_phone="" custom_margin_last_edited="on|tablet" custom_padding="13px||16px|0px|false|false"][et_pb_column_inner saved_specialty_column_type="3_4" _builder_version="4.9.3" _module_preset="default"][et_pb_blog fullwidth="off" post_type="project" posts_number="5" excerpt_length="26" show_more="on" show_pagination="off" _builder_version="4.9.3" _module_preset="default" header_font="|600|||||||" read_more_font="|600|||||||" read_more_text_color="#e02b20" width="100%" custom_padding="|||0px|false|false" border_radii="on|5px|5px|5px|5px" border_width_all="2px" box_shadow_style="preset1"][/et_pb_blog][/et_pb_column_inner][/et_pb_row_inner][/et_pb_column][et_pb_column type="1_4" _builder_version="3.25" custom_padding="|||" custom_padding__hover="|||"][et_pb_sidebar orientation="right" area="sidebar-1" _builder_version="4.9.3" _module_preset="default" custom_margin="|-3px||||"][/et_pb_sidebar][/et_pb_column][/et_pb_section]
Our Benefits
  • High Quality Work
  • Experienced Experts
  • Overnight delivery option
  • Money Back Guarantee
  • 24/7 support
  • Free revisions
  • Great discounts
  • Paper Written from Scratch
  • Affordable prices
Our Services
Free Features
  • Unlimited Free revisions
  • Free email delivery
  • Free title page
  • Free references page
  • Free formatting
Request a Quotation