CIS 462 Week 10 Term Paper

Week 10 Term Paper

Intro

Large organizations have several resources and services that they use to make sure that their assets are secure.  However even those organizations can be victim to a security incident that can cause the system to have an outage.

Declaring a Disaster Incident

The disaster declaration explains the process for when a DRP is activated. For a large organization like this one, some events can occur each month and would not require the DRP to be activated. The disaster declaration will determine which ones require the DRP to be activated.

Security Assessments

When an incident occurs, one of the main priorities is to make sure that there is an assessment of the security. Knowing where there are vulnerabilities can help stop an incident from causing further damage. 

Natural Causes

FireFloodHurricaneTornado

Security Incidents

Malware or virusUnauthorized access to systemInternal user related incidentsLoss or deletions of files

Incident Scenarios

Recovery Process

Managers should notify the emergency response team to let them know.The ERT is activatedThe ERT will collect information from managersA statement is provided to customers if they inquire about the system outage. ERT will determine the allocation of resourcesResources are allocated to the hot site*During this process the ERT will provide updates on downtime to managers.*

Incident Response Summary

here will eventually be a time where system will do down due to a natural disaster or some type security problems. Businesses need to be prepared in case the events occur. Security problems can be due to human error or a security breach. Natural disasters happen and we have no way to prevent them. However, we can still activate a business continuity plan (BCP) if an outage occurs.  Large organizations like ourselves need to create an incident response team (IRT). The IRT will be responsible for identifying the incident and contain it.

Mission Statement

The IRT is a cross- functional group of people that respond to major security incidents. The IRT seeks to minimize the amount of damage cause by the security incident. Damages could be loss of data, money, physical equipment, or property. The IRT will also provide a final report of the details of the incident and recommend ways to prevent it in the future.

Incident Declaration

Any violation of the organization’s security policy is considered an incident. Once and incident is detected the IRT will be activated.  Security incidents include natural disasters like fire or flood. They also include things like malicious code or malware, insecure remote access and wireless, and SQL injections. 

Organizational Structure

The core members of the IRT are the security representative, IT representative, HR representative, legal representative, public relations representative, and business continuity representative. Each have their own duties to helping IRT leadership. The IRT leadership members include the IRT manager who is at the top of the tier. They are responsible for key-decision-making and the upper management is responsible for the results.

Roles & Responsibilities

The core members of the IRT are the security representative, IT representative, HR representative, legal representative, public relations representative, and business continuity representative. Each have their own duties to helping IRT leadership. The IRT leadership members include the IRT manager who is at the top of the tier. They are responsible for key-decision-making and the upper management is responsible for the results.

Flow Chart and Methods of Communicating

The IRT “Provides management with information as to what has occurred and what actions are being taken” (Johnson, 2015, pg.336). The security and IT reps will be responsible for collection of information and analyzing it. 

IRT Methods and Services

The first point of contact to report an incident is the help desk. The help desk will also provide customers with a script from the public relations representative regarding the incident The helpdesk will also notify the security and IT representatives when an incident occurs.

Reporting Procedures

The IRT manager is the lead of the team.  They make key decisions during the incident process. They communicate with management and have the final decision on how the IRT should respond to an incident. The IRT coordinator will record all the events that occur during the incident response. 

Conclusion

In conclusion having a DRP and an IRT can help an organization recover from a security incident . With the team in place downtime can be minimized and the organization can save money when they have an effective DRP in place. 

Place an Order

Plagiarism Free!

Scroll to Top