StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Incident response policy - Essay Example

Cite this document
Summary
When Incidents occur it proves much costly to an organization. Proper incident response should be an integral part of your overall security policy and risk mitigation…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.1% of users find it useful
Incident response policy
Read Text Preview

Extract of sample "Incident response policy"

Incident response policy for Gem Infosys Incident response policy for Gem Infosys Introduction In the existing IT environment, incidents are common and appropriate measures should be taken to tackle them. When Incidents occur it proves much costly to an organization. Proper incident response should be an integral part of your overall security policy and risk mitigation strategy.There are clearly direct benefits in responding to security and other incidents. However, there might also be indirect financial benefits.

For a software company like Gem Infosys, a formal incident response plan might help win business, because it shows that you take seriously the process of good information security.This document will provide you with a recommended process and procedures to use when responding to incidents identified in a small- to medium-based network environment such as Gem Infosys. The value of forming a security incident response team with explicit team member roles is explained, as well as how to define a disaster recovery process and business continuity plan.

Development of Incident Response Team (IRT)The IRT is the focal point for dealing with computer security incidents in your environment. The team should consist of a group of people with responsibilities for dealing with any incident. The responsibilities of IRT team:Monitor systems for network breaches.Serve as a central communication point, both to receive reports of security incidents and to disseminate vital information to appropriate entities about the incident.Document and catalog network incidents.

Promote security awareness within the company to help prevent incidents from occurring in the organization.Support system and network auditing through processes such as vulnerability assessment and penetration testing.Learn about new vulnerabilities, malware, and attack strategies employed by attackers.Research new software patches.Analyze and develop new technologies for minimizing vulnerabilities and risks.Provide security consulting services.Continually hone and update current systems and procedures.

Establishing Team RolesThe IRT team consists of several key members.IRT Team Leader: The IRT must have an individual in charge of its activities. The IRT Team Leader will generally be responsible for the activities of the IRT and will coordinate reviews of its actions. This might lead to changes in polices and procedures for dealing with future incidents.IRT Incident Lead: In the event of an incident, one individual responsible for coordinating the response is assigned. The IRT Incident Lead has ownership of the particular incident or set of related security incidents.

IRT Incident Lead works as representative to the outside when an incident occursIRT Associate Members: Besides the core IRT team, you should have a number of specific individuals who handle and respond to particular incidents. Associate members will come from a variety of different departments in Gem Infosys. They should specialize in areas that are affected by security incidents but that are not dealt with directly by the core IRT. The following member can be appointed depending on the incident;IT Contact: - This member is primarily responsible for coordinating communication between the IRT Incident Lead and the rest of the IT group.

Legal Representative: - Apart from accidental virus attack, intruders may also launch attacks. Legal representative comes in to action in such incidents. This member is a lawyer who is very familiar with established incident response policies. The Legal Representative determines how to proceed during an incident with minimal legal liability and maximum ability to prosecute offenders.Public Relations Office: - Generally, this member is part of the public relations department and is responsible for protecting and promoting the image of the organization.

Management: - Depending on the particular incident, you might involve only departmental managers, or you might involve managers across the entire organization. Disaster recovery processTo be able to recover effectively from an incident, it is needed to determine how seriously the systems have been compromised. This will determine how to further avoid and minimize the risk, how to recover, how quickly and to whom that should communicate the incident.The initial steps that should be carried out in the recovery process Determine the nature of the incident (this might be different than the initial assessment suggests).

Determine the point of origin.Determine the incident is intentional or not. Was an attack is specifically directed at the organization to acquire specific information, or was it random.Identify the systems that have been compromised.Identify the files that have been accessed and determine the sensitivity of those files.To help determine the severity of the incident the following procedures should be practiced:Contact other members of the response team to inform them of the incident. Determine whether unauthorized hardware has been attached to the network or whether there are any signs of unauthorized access through the compromise of physical security controls.

Examine key groups (domain administrators, administrators, and so on) for unauthorized entries.Search for security assessment or exploitation software. Cracking utilities are often found on compromised systems during evidence gathering.Look for unauthorized processes or applications currently running or set to run using the startup folders or registry entries to identify the malware.Search for gaps in, or the absence of, system logs.Review intrusion detection system logs for signs of intrusion, which systems might have been affected, methods of attack, time and length of attack, and the overall extent of potential damage.

Compare systems to previously conducted file/system integrity checks. This enables you to identify additions, deletions, modifications, and permission and control modifications to the file system and registry. Search for sensitive data, such as credit card numbers and employee or customer data that might have been moved or hidden for future retrieval or modifications. Match the performance of suspected systems against their baseline performance levels. This of course presupposes that baselines have been created and properly updated.

By acting quickly to reduce the actual and potential effects of an attack can be a minor and a major one. 1. Protect classified and sensitive data. As part of your planning for incident response, you should clearly define which data is classified and which is sensitive. This will enable you to prioritize your responses in protecting the data.2. Protect other data, including proprietary, scientific, and managerial data. Other data in your environment might still be of great value. You should act to protect the most valuable data first before moving on to other, less useful, data.3. Protect hardware and software against attack.

 This includes protecting against loss or alteration of system files and physical damage to hardware. Where damaged systems can result in costly downtime.4. Minimize disruption of computing resources (including processes). Although uptime is very important in most environments, keeping systems up during an attack might result in greater problems later on. Business continuity planningThe BCP focuses on sustaining an organization’s business functions during and after a disruption. Three main activitiesThe recovery of the system will generally depend on the extent of the security breach.

It should be determined, whether the existing system can be restored while leaving intact as much as possible, or if it is necessary to completely rebuild the system.An incident could potentially corrupt data for many months prior to discovery. It is, therefore, very important that as part of your incident response process, you determine the duration of the incident. (File/system integrity software and intrusion detection systems can assist.) In some cases, the latest or even several prior backups might not be long enough to get to a clean state.

So regularly archive data backups in a secure off-line location are needed.When determining the damage to the organization, both direct and indirect costs should be considered. Incident damage and costs will be important evidence needed if you decide to pursue any legal action. These could include:Costs due to the loss of competitive edge from the release of proprietary or sensitive information.Labor costs to analyze the breaches, reinstall software, and recover data.Costs relating to system downtime (for example, lost employee productivity, lost sales, replacement of hardware, software, and other property).

Costs relating to repairing and possibly updating damaged or ineffective physical security measures (locks, walls, cages, and so on).Other consequential damages such as loss of reputation or customer trust.Once the documentation and recovery phases are complete, you should review the process thoroughly. Determine with your team which steps were executed successfully and which mistakes were made. In almost all cases, you will find some processes that need to be modified so you can better handle future incidents.

ConclusionIt true that, just because of the policy of the, organization the incidents can always be prevented. The purpose of this policy is to prevent and if some how it fails, then to minimize the damage as much as possible. In the case Gem Infosys having a long network downtime will always be costly since they are a software developing company. References Microsoft Coperation, (2010). Security and Updates. Retrived from http://technet.microsoft.com/en-us/library/

Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Incident response policy Essay Example | Topics and Well Written Essays - 500 words”, n.d.)
Incident response policy Essay Example | Topics and Well Written Essays - 500 words. Retrieved from https://studentshare.org/miscellaneous/1575375-incident-response-policy
(Incident Response Policy Essay Example | Topics and Well Written Essays - 500 Words)
Incident Response Policy Essay Example | Topics and Well Written Essays - 500 Words. https://studentshare.org/miscellaneous/1575375-incident-response-policy.
“Incident Response Policy Essay Example | Topics and Well Written Essays - 500 Words”, n.d. https://studentshare.org/miscellaneous/1575375-incident-response-policy.
  • Cited: 0 times

CHECK THESE SAMPLES OF Incident response policy

Leaks and Hacks. When Is It Illegal To Get Hacked

Hacking basically refers to the breach of computer security.... On the other hand, hacking can be used to describe smart or quick fix to computer problems or an awkward and inelegant resolution to a problem, this is according to computer science and technology way of definition.... hellip; Hacking basically refers to the breach of computer security....
13 Pages (3250 words) Essay

Gem Infosys Incident-Response Policy

The following coursework under the title "Gem Infosys Incident-response policy" dwells on the network security.... Formulate an incident-response policy to reduce network down in Gem Infosys Company A well-defined incident response plan for Gem Infosys Company should have the following policies.... department should have an incident response plan so that they can successfully respond to any future incidents of network breakdown.... This may be done via a number of ways such as: reducing the number of systems severity, integrating the activities of Computer Security incident response Team (CSIRT)....
1 Pages (250 words) Coursework

Policies and Procedures of the Greiblock Credit Union

The paper "Policies and Procedures of the Greiblock Credit Union" states that incident response policy aims to measure the incidents that occur in the firm.... The team will also develop the response plan and advising the management responsibly in relation to the incident itself and incident response (Odera et al.... hellip; The policy will be enforced by the five- expert team in place.... The metrics are discussed in relation to what is to be measured in the policy, how it is to be measured and the kind of action to be performed with the information....
10 Pages (2500 words) Case Study

An Analysis of Security Breaches and Incident Handling

incident response relies on particular business, corporate functions, public information, information technology, data types, law enforcement, etc.... For instance, a server printing service can stop working or else server can response rather slowly.... This research paper presents a comprehensive analysis of some of the main aspects of incident handling in case of some security breaches.... This paper will assess and analyze some of the main aspects of incident handling methods along with the ways to manage and corroborate the business continuity… This report has presented a deep analysis of some of the main aspects of security breaches and incident handling....
20 Pages (5000 words) Assignment

Network Architecture and Security Considerations in IISC

The purpose of this policy is to offer protection to confidential information as well as integrity and availability of the wireless network infrastructure.... However, persistent violation of this policy requirement will be regarded as a violation of Acceptable Use policy and can attract disciplinary action that may include, but not limited to, a legal action.... However, users making use of the internet service shall be subject to terms and conditions stipulated in the Acceptable Use policy....
15 Pages (3750 words) Term Paper

Response of the New York City Police Department during an Active Shooter incident at Penn Station

The research will also give the findings and recommendations of what should have been done to prevent the incident from taking place… The most efficient way of dealing with any incident of crime is by preventing it from taking place.... The main aim of the research is to ascertain whether the New York Police responded appropriately to the Penn station shooting....
14 Pages (3500 words) Research Paper

Computer Networks and Security

The policy concerning firewalls States issues on management and updating of the firewall.... In creating a firewall's policy, considerations include analysis of the risks, choosing applications in the network, and pinpointing vulnerabilities in the applications.... This assignment "Computer Networks and Security" discusses the purpose of firewalls that is to act as an intermediary between the servers of the company and the outside community accessing the Internet....
11 Pages (2750 words) Assignment

The Importance of Effective Incident Command System for Large Scale Incidents like Buncefield

… The paper "The Importance of Effective incident Command System for Large Scale Incidents like Buncefield" is a worthy example of a case study on management.... nbsp;The incident command system (ICS) has become a routine word in fire service circles.... It is rare to read an article or watch a fire service video about a major fire or emergency incident without ICS being mentioned (Buck, 2006; 1-27).... The paper "The Importance of Effective incident Command System for Large Scale Incidents like Buncefield" is a worthy example of a case study on management....
9 Pages (2250 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us