Week 10 Term Paper
Intro
Large organizations have several resources and services that they use to make sure that their assets are secure. However even those organizations can be victim to a security incident that can cause the system to have an outage.
Declaring a Disaster Incident
The disaster declaration explains the process for when a DRP is activated. For a large organization like this one, some events can occur each month and would not require the DRP to be activated. The disaster declaration will determine which ones require the DRP to be activated.
Security Assessments
When an incident occurs, one of the main priorities is to make sure that there is an assessment of the security. Knowing where there are vulnerabilities can help stop an incident from causing further damage.
Natural Causes
FireFloodHurricaneTornado
Security Incidents
Malware or virusUnauthorized access to systemInternal user related incidentsLoss or deletions of files
Incident Scenarios
Recovery Process
Managers should notify the emergency response team to let them know.The ERT is activatedThe ERT will collect information from managersA statement is provided to customers if they inquire about the system outage. ERT will determine the allocation of resourcesResources are allocated to the hot site*During this process the ERT will provide updates on downtime to managers.*
Incident Response Summary
here will eventually be a time where system will do down due to a natural disaster or some type security problems. Businesses need to be prepared in case the events occur. Security problems can be due to human error or a security breach. Natural disasters happen and we have no way to prevent them. However, we can still activate a business continuity plan (BCP) if an outage occurs. Large organizations like ourselves need to create an incident response team (IRT). The IRT will be responsible for identifying the incident and contain it.
Mission Statement
The IRT is a cross- functional group of people that respond to major security incidents. The IRT seeks to minimize the amount of damage cause by the security incident. Damages could be loss of data, money, physical equipment, or property. The IRT will also provide a final report of the details of the incident and recommend ways to prevent it in the future.
Incident Declaration
Any violation of the organization’s security policy is considered an incident. Once and incident is detected the IRT will be activated. Security incidents include natural disasters like fire or flood. They also include things like malicious code or malware, insecure remote access and wireless, and SQL injections.
Organizational Structure
The core members of the IRT are the security representative, IT representative, HR representative, legal representative, public relations representative, and business continuity representative. Each have their own duties to helping IRT leadership. The IRT leadership members include the IRT manager who is at the top of the tier. They are responsible for key-decision-making and the upper management is responsible for the results.
Roles & Responsibilities
The core members of the IRT are the security representative, IT representative, HR representative, legal representative, public relations representative, and business continuity representative. Each have their own duties to helping IRT leadership. The IRT leadership members include the IRT manager who is at the top of the tier. They are responsible for key-decision-making and the upper management is responsible for the results.
Flow Chart and Methods of Communicating
The IRT “Provides management with information as to what has occurred and what actions are being taken” (Johnson, 2015, pg.336). The security and IT reps will be responsible for collection of information and analyzing it.
IRT Methods and Services
The first point of contact to report an incident is the help desk. The help desk will also provide customers with a script from the public relations representative regarding the incident The helpdesk will also notify the security and IT representatives when an incident occurs.
Reporting Procedures
The IRT manager is the lead of the team. They make key decisions during the incident process. They communicate with management and have the final decision on how the IRT should respond to an incident. The IRT coordinator will record all the events that occur during the incident response.
Conclusion
In conclusion having a DRP and an IRT can help an organization recover from a security incident . With the team in place downtime can be minimized and the organization can save money when they have an effective DRP in place.
Place an Order
Plagiarism Free!
Create an Account
Create an account at Top Tutor Online
- Allows you to track orders.
- Receive personal messages.
- Send messages to a tutor.
Post a Question/ Assignment
Post your specific assignment
- Tutors will be notified of your assignment.
- Review your question and include all the details.
- A payment Link will be sent to you.
Wait for your Answer!
Make payment and wait for your answer
- Make payment in accordance with the number of pages to be written.
- Wait for your Answer as a professional works on your paper.
- You will be notified when your Answer is ready.