Incident Response Plan Incident Response Plan

A system administrator

  • Helpdesk
  • Intrusion detection monitoring personnel
  • A system administrator
  • A firewall administrator
  • A business partner
  • A manager
  • The security department or a security person.
  • An outside source.

The IT member will refer to their contact list for management personnel to be contacted, incident response members to be contacted. The staff member will call those designated on the list. He or she will contact the incident response manager using both phone and email and messages while being sure of the other appropriate and backup personnel and designated managers are contacted. The member will log in the information received with the same format as the grounds security officer.

The security department or a security person.

  • Should List all sources and also check out whether they have contact information and procedures . normally each one of the sources would contact one reachable entity like grounds security office.

On The grounds security office it will refer on to the IT emergency contact list and effected department contact lists and call all the designated numbers on the order on the list. This office will will log:

The names of the caller.

Time the call had been made.

Contacts of the caller.

The nature and type of the incident.

What equipments or persons that were involved?

Location of persons involvement.

How incident was detected.

When th event was first noticed

Intrusion detection monitoring personnel

He or she will be reviewing of the intrusion detection logs, and interviewing witnesses with and the incident victim to determine whether and how the incident was caused. Only and only the authorized personnel should be performing interviews or examining evidence, and the authorized personnel may also vary by situation and the organization.


For providing the end user with the information and support regarding the report of the The purpose of a help desk will be to troubleshoot problems and provide guidance about the report that the committee came up with


He has to be there to know the progress of the committee and also give some guidelines on what should be done about the incidence. He is the overall boss of the committee and every thing that committee sees it is good for implementation the the manager is there to confirm whether is is possible or not.

firewall administrator

to help in the admistration of the system tongether with the system adminstartor.and to Consider whether the procedureand policy was followed which allowed the intrusion, and also consider what could have been changed to ensure that the procedure or policy wasfollowed even in the future

outside source

to check and confirm that the information given to the committee is true and that the event took place or the incidence at the scene. This is the eye witness and gives the full information of all what he or she witnessed in the committee. Damage was done at the scene of the incidence.

A business partner

If in the incidence they occurd a certain loss of whichever percentage then the bissiness patner is there to bring out the allegations of the damage that was incurred.