Expert answer:New Incident Response Policy for Organization?
Solved by verified expert:You will need to complete the following: 1. Develop an Incident Response Policy for ACME Company that will be used as your reference for your evaluation of this potential data incident (this is an attachment that should be included in your paper and referenced in your presentation).2.Upon developing ACME Company’s Incident Response Policy, evaluate the incident described above:(Research Paper) Summarize the data incident and potential level of risk, include why? Upon identifying the types of data that could potentially be impacted and what laws/regulations could be in violation of non-compliance if this data was breachedDevelop your action plan to evaluate this data incident (include your rationale for why the steps were necessary)Describe how the Incident Response Policy supported your actions Identify any issues that made the evaluation more difficultIdentify areas of future risk mitigation actions should a similar incident occur (look at the gaps or issues with this scenario)Close the incident (NOTE: The outcome of the incident did not surface any major risks or data breach to the company but it took the evaluation to get to this conclusion)Note/Imp: This presentation must be supported by the research paper. Please note the following criteria: Research paper: Research Paper must be in APA Style Research Paper must have at least 5 works cited of which 2 must be peer reviewed works/articles (note your book can be included as a reference) Must be at least 6 double-spaced pages with standard 1 inch margins. The Policy will be an Attachment and not count toward the 6 Page requirement Graphs, illustrations and spreadsheets are allowed, but will not count toward the 6 Page requirement Total report should be 4-6pages
chapter_12.pptx
research_description.docx
Unformatted Attachment Preview
Security Policies and
Implementation Issues
Chapter 12
Incident Response Team (IRT) Policies
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Learning Objective
Describe the different information security
systems (ISS) policies associated with
incident response teams (IRTs).
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 2
Key Concepts
▪ Incident response policies
▪ Team members associated with incident response
▪ Emergency services related to IRTs
▪ Policies specific to incident response support services
▪ Policies associated with handling the media and what to
disclose
▪ Business impact analysis (BIA) policies
▪ Business continuity plan (BCP) policies
▪ Disaster recovery plan (DRP) policies
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 3
Incident Response Team (IRT)
▪ Cross-functional team
▪ Organized and coordinated
▪ Various skills
▪ Usually only responds to major incidents
− Minor incidents considered part of normal
operations
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 4
Definition of an Incident
▪ Any event that violates security policy
− Unauthorized access to data
− Unauthorized modification of data
− Disruption of service
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 5
Classifying Breach by Attack Vector
Attack
Vectors
SQL injection
Improperly segmented network environment
Malicious code or malware
Insecure remote access
Insecure wireless
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 6
Classifying an Incident
▪ Develop a classification system
− Varies by industry type
− Should meet legal and regulatory obligations
▪ Common approach is to use categories that assess threat
level
− Malicious code
− Denial of Service
− Unauthorized access
− Inappropriate usage
▪ Major vs. minor
− Major incidents are significant
− Determination based on risk to organization
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 7
Forming an Incident Response Team
▪ Develop a charter
− Determine IRT Model
− Set goals (e.g., response time)
▪ Identify Team Members
Security Policies and Implementation Issues
Charter Sections
• Summary
• Mission Statement
• Goals
• Team responsibilities
• Incident Declaration
• Definitions
• Declaration process
• Organizational Structure
• Team alignment
• Member management
• Roles & Responsibilities
• For team members
• Information Flow
• Communications
• Methods
• How goals are achieved
• Authority & Reporting
• Level of authority
• Source of authority
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 8
IRT Models
On-Site
Response
Full authority
to contain
breach
Security Policies and Implementation Issues
Supporting
Role
Coordination
Technical
assistance
to local team
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Coordinates
several local
teams
Page 9
Roles and Responsibilities
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 10
Incident Response Support
Services
▪ This is a broad category to mean any team
that supports the organization’s IT and
business processes
• Example: The help desk is a support services
team
▪ During an incident, the help desk may be in
direct contact with the customer who is
impacted by the attack
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 11
Incident Response Support
Services (Continued)
▪ The help desk, at that point, becomes a
channel of information on the incident
▪ It’s vital that the helpdesk during an incident
is providing a script of key talking points
about the incident
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 12
The Incident Response Process
Plan and
Train
Discover and
Report
Incident
Contain
Clean Up
Analyze and
Prevent
Report
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 13
BIA Policies
Identifies assets required for business to recover
and continue doing business
BIA may be based on multiple worst-case
scenarios
BIA should contain security breach scenarios
Key assets include critical resources, systems,
facilities, personnel, and records
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 14
BIA Policies (Continued)
Identifies recovery times
Used for information security and non–
information security purposes
Identifies adverse effects on the organization
Identifies key components
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 15
Key Objectives of the Business
Impact Analysis (BIA) Policy
Identify resources required to recover each
component
Identify human assets needed to recover
these components
Identify dependencies, such as other BIA
components
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 16
Business Continuity Planning
Policies
Creates a road map for continuing business
operations after a major outage or disruption of
services
Establishes the requirement to create and maintain
the plan
Provides guidance for building a plan
Includes key assumptions, accountability, and
frequency of testing
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 17
Business Continuity Planning
Policies (Continued)
Must clearly define responsibilities for creating
and maintaining a BCP plan
Identifies responsibilities for its execution
Covers the business’s support structure
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 18
BIA, BCP, and DRP
• Drives the
requirements
for the BCP
BCP
• Drives
requirements
for the DRP
BIA
Security Policies and Implementation Issues
• Policies needed
to recover IT
assets after a
major outage
DRP
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 19
Best Practices in Incident
Response
▪ Effectiveness of the IRT and its related
policies needs to be measured
▪ Measurement should be published annually
with a comparison to prior years
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 20
Best Practices in Incident
Response (Continued)
▪ Measurements should include the goals in
the IRT charter, plus additional analytics to
indicate the reduction of risk to the
organization, such as:
• Number of incidents
• Number of repeat incidents
• Time to contain per incident
• Financial impact to the organization
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 21
Summary
▪ Incident classifications
▪ Roles and responsibilities associated with
incident response team policies
▪ Incident support services
▪ Best practices to create an incident
response team policies
▪ BIA, BCP, and DRP policies
Security Policies and Implementation Issues
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company
www.jblearning.com
All rights reserved.
Page 22
Security Incident – Student Handout
Summary:
ACME Company is a manufacturing company that produces new technology that sells online directly to customers
and retailers. The system they use is a core transactional Enterprise Resource Planning system called NEDS. NEDS
is similar to many core systems that provide integrated applications on a common platform for financials,
managing materials, sales distribution, and production planning (similar to Oracle or SAP). NEDS is located in the
Netherlands, while ACME Company is located in Florence, Kentucky. On June 15, 2017, James Hurd (ACME’s
Global Security Director) was notified that NEDS was burglarized during business hours involving individuals
stealing equipment including blackberries, iPhones, laptops and hard drives. Local police were notified and the
incident was reported on that date. A police report only included identification of specific hardware that was
stolen and several bicycles.
The burglary notification that was mailed was sent to a branch office of ACME Company in Mexico. James Hurd
was notified by the Mexico office via email which included an attached electronic version of the burglary
notification and police report on June 20, 2017. James Hurd recognized that the incident actually occurred 5 days
earlier.
The letter contained the following information about the incident:
•
•
•
The incident occurred in the application area that provides custom application development and
reporting for the ACME Company.
The area that was impacted involved “potential data” used for sales analysis. Data from the ACME
Company had been placed on laptops while some diagnostics were being carried out.
Compromised data could have included customer or retailer information from 2002-2014 consisting of
names, address, bank account data or credit card numbers, SKU product numbers, descriptions,
quantities, Purchase Order numbers, and purchase price.
You are James Hurd and need to respond to this incident by taking action immediately.
You will need to complete the following:
I.
Develop an Incident Response Policy for ACME Company that will be used as your reference for
your evaluation of this potential data incident (this is an attachment that should be included in your
paper and referenced in your presentation).
II.
–
Upon developing ACME Company’s Incident Response Policy, evaluate the incident described
above:
Summarize the data incident and potential level of risk, include why?
Upon identifying the types of data that could potentially be impacted and what laws/regulations
could be in violation of non-compliance if this data was breached
Develop your action plan to evaluate this data incident (include your rationale for why the steps were
necessary)
Describe how the Incident Response Policy supported your actions
Identify any issues that made the evaluation more difficult
Identify areas of future risk mitigation actions should a similar incident occur (look at the gaps or
issues with this scenario)
Close the incident (NOTE: The outcome of the incident did not surface any major risks or data breach
to the company but it took the evaluation to get to this conclusion)
Security Incident – Student Handout
This presentation must be supported by the research paper.
Please note the following criteria:
Research paper:
• Research Paper must be in APA Style
• Research Paper must have at least 5 works cited of which 2 must be peer reviewed works/articles (note
your book can be included as a reference)
• Must be at least 6 double-spaced pages with standard 1 inch margins.
• The Policy will be an Attachment and not count toward the 6 Page requirement
• Graphs, illustrations and spreadsheets are allowed, but will not count toward the 6 Page requirement
• Total report should be 10 – 12 pages
Grading criteria will include the following as this represents 40% of your grade:
Presentation will be 100 points and based on the following:
Completeness of the Topic (Policy, Processes, Action, Conclusion)
Presentation Delivery
Alignment of policy
Paper will be 100 points:
–
–
Meets Standard Criteria
Completeness/content
Incident Risk Policy as Attachment
Logic of Processes and Actions (Thoroughness)
Alignment of the Incident Risk Policy components in completing and supporting the evaluation
Security Incident – Student Handout
…
Purchase answer to see full
attachment
How it works
- Paste your instructions in the instructions box. You can also attach an instructions file
- Select the writer category, deadline, education level and review the instructions
- Make a payment for the order to be assignment to a writer
- Download the paper after the writer uploads it
Will the writer plagiarize my essay?
You will get a plagiarism-free paper and you can get an originality report upon request.
Is this service safe?
All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades