Incident Response PlanningIncident response planning deals with the identification of, classification of, and response to an incident. Attacks are only classified as incidents if they are directed against an information asset; have a realistic chance of success; or could threaten the confidentiality, integrity, or availability of information resources. Incident response (IR) is the set of activities taken to plan for, detect, and correct the impact of an incident on information resources. IR consists of the planning, detection, reaction, and recovery. Planning for an incident requires a detailed understanding of the scenarios developed for business continuity. Predefined responses enable the organization to react quickly and effectively to the detected incident. The IR team consists of those individuals who must be present to handle the systems and functional areas that can minimize the impact of an incident as it takes place. The designated IR teams act to verify the threat, determine the appropriate response, and coordinate the actions necessary to deal with the situation.Incident DetectionIndividuals sometimes notify systems administrators, security administrators, or their managers of an unusual occurrence. The most common occurrence is a complaint about technology support, which is often delivered to the help desk. The mechanisms that could potentially detect an incident include host-based and network-based intrusion detection systems, virus detection software, systems administrators, and even end users. Only by carefully training the user, the help desk, and all security personnel on the analysis and identification of attacks can the organization hope to quickly identify and classify an incident. Once an attack is properly identified, the organization can effectively execute the corresponding procedures from the IR plan. Incident classification is the process of examining a potential incident, or incident candidate, and determining whether the candidate constitutes an actual incident.Possible indicators of incidents are presence of unfamiliar files, presence or execution of unknown programs or processes, unusual consumption of computing resources, unusual system crashes, activities at unexpected times, presence of new accounts, reported attacks, etc.Incident reaction consists of actions outlined in the IR plan that guide the organization in attempting to stop the incident, mitigate the impact of the incident, and provide information for recovery from the incident. In reacting to the incident, there are actions that must occur quickly, including notification of key personnel and documentation of the incident. Most organizations maintain alert rosters for emergencies. An alert roster contains contact information for the individuals who should be notified in an incident. There are two types of alert rosters: sequential and hierarchical. A sequential roster is activated as a contact person calls each and every person on the roster. A hierarchical roster is activated as the first person calls a few other people on the roster, who, in turn, call a few other people, and so on. The incident is documented as an incident to ensure that the event is recorded for the organization’s records in order to know what happened, how it happened, and what actions were taken. A critical component of incident reaction is to stop the incident or contain its scope or impact. Before an incident can be contained, the affected areas of the information and information systems must be determined. In general, incident containment strategies focus on two tasks: stopping the incident and recovering control of the systems. The organization can stop the incident and attempt to recover control through different strategies. If the incident originates outside the organization, the simplest and most straightforward approach is to cut the affected circuits. Compromised accounts or server(s) should be disabled. Only as a last resort should there be a full stop of all computers and network devices in the organization. The bottom line is that containment consists of isolating the channels, processes, services, or computers and removing the losses from that source of the incident.To recover from the incident, people must stay focused on the task ahead and make sure that necessary personnel begin recovery operations as per the IR plan. Incident damage assessment determines the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just after an incident. Related to the task of incident damage assessment is the field of computer forensics. Computer forensics is the process of collecting, analyzing, and preserving computer-related evidence. Evidence is a physical object or documented information that proves an action that has occurred or identifies the intent of a perpetrator. Computer evidence must be carefully collected, documented, and maintained to be acceptable in formal or informal proceedings.Case AssignmentAssume that you have been tasked by your employer to develop an incident response plan. Create a list of stakeholders for the IR planning committee. For each type of stakeholder, provide the reasons for inclusion and the unique aspects or vision that you believe each of these stakeholders will bring to the committee.1. Incident Response Plan Template – The Essential Elements: http://www.acunetix.com/blog/web-security-zone/incident-response-plan-template/2. Incident response planning: Are you ready for the Big One? http://www.securitybistro.com/blog/?p=1732Assignment ExpectationsAfter reviewing the above materials or other materials you find helpful, write a 3- to 5-page paper describing the stakeholders on the IR planning committee. Provide a detailed discussion for the skills needed for each of these members of the IR planning committee and why these skills are needed to have a successful IR plan.
We value our customers and so we ensure that what we do is 100% original..
With us you are guaranteed of quality work done by our qualified experts.Your information and everything that you do with us is kept completely confidential.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.Read more
The Product ordered is guaranteed to be original. Orders are checked by the most advanced anti-plagiarism software in the market to assure that the Product is 100% original. The Company has a zero tolerance policy for plagiarism.Read more
The Free Revision policy is a courtesy service that the Company provides to help ensure Customer’s total satisfaction with the completed Order. To receive free revision the Company requires that the Customer provide the request within fourteen (14) days from the first completion date and within a period of thirty (30) days for dissertations.Read more
The Company is committed to protect the privacy of the Customer and it will never resell or share any of Customer’s personal information, including credit card data, with any third party. All the online transactions are processed through the secure and reliable online payment systems.Read more
By placing an order with us, you agree to the service we provide. We will endear to do all that it takes to deliver a comprehensive paper as per your requirements. We also count on your cooperation to ensure that we deliver on this mandate.Read more