Disaster Recovery Management
June 02, 2014
Assignment 3: Incident Response (IR) Strategic Decisions
Incident response begins with prevention and security awareness (figure 1). In the case of malware attacks such as viruses, worms or Trojan horses, defense-in-depth plays a large role in the defense and early detection of potential threats to information systems connected to the internet. Personnel utilizing these assets also play a large role in defending and protecting these assets. Authorized users should be aware of all policies and procedures pertaining to the proper use of all networks, applications, and systems within the organization. The frequency of incidents can be greatly reduced through user awareness (Whitman, Mattord, & Green, 2014).
Preventive measures and a properly trained staff will not in itself prevent the occurrence of an incident. Therefore, it is imperative that an organization have an Incident Response Plan in place to effectively respond to incidents that may occur. When an incident has occurred and the incident response leader has been notified, specific actions need to be taken to put the incident response plan into effect.
The first step in the process is the assessment of the situation. It is during this process that the determination is made whether there is an actual incident or a false positive and notifications are made (figure 2). Correctly assessing type of incident will determine the appropriate reaction strategy. This is accomplished by conducting internal scans of the systems, checking all logs, including IDPSs and host log files (Cichonski, Miller, Grace, & Scarfone, 2012). Once the incident has been correctly identified, the Chief Information Officer (CIO) and the Chief Information Security Officer (CISO) shall be notified of the incident. The next step is implement containment procedures to limit or stop the spread of the
References: Cichonski, P., Miller, T., Grace, T., & Scarfone, K. (2012). Computer Security Incident Handling Guide . Retrieved from http://csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf Mistakes of Incident Responders. Retrieved from http://www.mcafee.com/us/resources/white-papers/foundstone/wp-10-common-mistakes-incident-responders.pdf Steps for Recovering from a UNIX or NT System Compromise. (2001). Retrieved from http://www.auscert.org.au/render.html?it=1974&cid=1920 Whitman, M. E., Mattord, H. J., & Green, A. (2014). Principles of Incident Response & Disaster Recovery (2nd ed.). [Adobe Digital Editions version]. Retrieved from http://1285712625.reader.chegg.com/reader/book.php?id=2122ff3348c4b5c605e72941d860c544