This website uses cookies to ensure you have the best experience. Learn more

Incident Response Plan Example Essay

1230 words - 5 pages

Incident Response Plan Example
This document discusses the steps taken during an incident response plan. To create the plan, the steps in the following example should be replaced with contact information and specific courses of action for your organization.
1)The person who discovers the incident will call the grounds dispatch office. List possible sources of those who may discover the incident. The known sources should be provided with a contact procedure and contact list. Sources requiring contact information may be:
a)Helpdesk
b)Intrusion detection monitoring personnel
c)A system administrator
d)A firewall administrator
e)A business partner
f)A manager
g)The security ...view middle of the document...

The staff member will call those designated on the list. The staff member will contact the incident response manager using both email and phone messages while being sure other appropriate and backup personnel and designated managers are contacted. The staff member will log the information received in the same format as the grounds security office in the previous step. The staff member could possibly add the following:
a)Is the equipment affected business critical?
b)What is the severity of the potential impact?
c)Name of system being targeted, along with operating system, IP address, and location.
d)IP address and any information about the origin of the attack.
6)Contacted members of the response team will meet or discuss the situation over the telephone and determine a response strategy.
a)Is the incident real or perceived?
b)Is the incident still in progress?
c)What data or property is threatened and how critical is it?
d)What is the impact on the business should the attack succeed? Minimal, serious, or critical?
e)What system or systems are targeted, where are they located physically and on the network?
f)Is the incident inside the trusted network?
g)Is the response urgent?
h)Can the incident be quickly contained?
i)Will the response alert the attacker and do we care?
j)What type of incident is this? Example: virus, worm, intrusion, abuse, damage.
7)An incident ticket will be created. The incident will be categorized into the highest applicable level of one of the following categories:
a)Category one - A threat to public safety or life.
b)Category two - A threat to sensitive data
c)Category three - A threat to computer systems
d)Category four - A disruption of services
8)Team members will establish and follow one of the following procedures basing their response on the incident assessment:
a)Worm response procedure
b)Virus response procedure
c)System failure procedure
d)Active intrusion response procedure - Is critical data at risk?
e)Inactive Intrusion response procedure
f)System abuse procedure
g)Property theft response procedure
h)Website denial of service response procedure
i)Database or file denial of service response procedure
j)Spyware response procedure.
The team may create additional procedures which are not foreseen in this document. If there is no applicable procedure in place, the team must document what was done and later establish a procedure for the incident.
9)Team members will use forensic techniques, including reviewing system logs, looking for gaps in logs, reviewing intrusion detection logs, and interviewing witnesses and the incident victim to determine how the incident was caused. Only authorized personnel should be performing...

Other Papers Like Incident Response Plan Example

Crisis Management Plan Military Essay

2637 words - 11 pages resources, internal and external, are coordinated and exercised before an incident. a. The EM Plan is essential to facilitating response ahead of an incident and expediting recovery actions post incident. The EM Plan provides the CONOPS for response to and recovery from all identified hazards based on a common EM and incident management construct. EM Plans must define the scope of preparedness activities and must actively align with other

Erp Emergeny Responce Plan Essay

3793 words - 16 pages . Basic overview on KIEV Emergency Response Capacities 1.3 Emergency Response Plans (Sites and Master) All Company sites (Field and Kiev) have their own Site Emergency Response Plans (ERPs) which detail the local emergency actions, including chain of command, alert and notification procedures plus practical instructions to deal with any Stage1, 2 or 3 incident. These are aligned with this Master Emergency Response Plan. The ‘Notification

Energy Crises

2525 words - 11 pages Safety and Security Response is the capability to reduce the impact and consequences of an incident or major event by securing the affected area, including crime/incident scene preservation| |issues as appropriate, safely diverting the public from hazards, providing security support to other response operations and properties, and sustaining operations from response through recovery. | |Public Safety and Security Response requires coordination

Cyber Forensics

5441 words - 22 pages Mandia & Prosise 2003 Preparation • What to do before the incident - Incident response plan • What to do in case of - User incident » User or customer reports problem - Application incident » Web page changed, etc. - System incident » Virus » Server down - Denial-of-service attack - Hostile code - Unauthorized access - Network probes Preparation • What to do before the incident - Incident response team â

Incident Command System

581 words - 3 pages adopted by the Los Angeles Fire Department. During the 1980’s it was realized that the ICS could be used on many different large scale incidents to manage personnel and so all responders used the same terminology to create easier communications between responding agencies. Characteristics of the ICS include: • Common Terminology • Modular Organization • Management by Objectives • Reliance on an Incident Action Plan • Manageable Span

Lyndon Johnson And The Tonkin Gulf Resolution

2362 words - 10 pages increasing its overt military pressure against the North.”5 For example, as early as January 1964, Johnson had approved Operations Plan (OPLAN) 34-A, which expressly stated that “by the use of ‘progressively escalating pressure’…[the plan] would seek ‘to inflict increasing punishment upon north Vietnam…’”6 The actions of the United States prior to the Gulf of Tonkin incident show that the U.S. had been conducting clandestine combat and sabotage

National Response Plan

2307 words - 10 pages emergency managers at the NRF Resource Center, and eventually rests within the realm of the Federal Emergency Management Agency or FEMA. NRF is generally held to have been the much-needed modification to American disaster response, ultimately superseding what was known as the National Response Plan (2004, under HSPD-5)… in the wake of publicly perceived failures within the United States government’s ability to respond and coordinate incident response

Incident Report Administration

3635 words - 15 pages incident report or in follow-up investigation. d. An employee fails to respond to educational efforts/fails to participate in the education or other preventive plan. 9. Employees who meet any of the exceptions listed in section #8 above will be subject to disciplinary action in accordance with human resources policy and procedures. 10. All employees, patients, staff members, visitors

Evidence Collection

2876 words - 12 pages . It is part of preemptive measures that every organization should have in place. For example, a warning banner such as “Your actions are being monitored” eliminates any expectation of privacy and cautions the employee against inappropriate activity, intentional or inadvertent. Having an incident response team that is forensically trained and ready ensures that proper procedures are followed and that any evidence of wrongdoing will be

Case Study

2465 words - 10 pages own negligence or misadventure. Often, a situation is created which cannot be blamed on the company - but the company finds out pretty quickly that it takes a huge amount of blame if it fumbles the ball in its response. One perfect example of this is that of Johnson & Johnson, and their response to the Tylenol poisoning back in the year 1982 when the company’s Tylenol medication commanded 35 per cent of the US over-the-counter analgesic market

Management Crisis

2381 words - 10 pages had been laced with cyanide, Johnson and Johnson reacted in such an effective way that the case is now well-documented as an example of successful crisis management. The factor that determines how a company will withstand a crisis is its ability to respond to the crisis. “The public forgives accidents, but it doesn’t forgive a corporation if its response to the public is inadequate.” Once a crisis occurs, the company is suddenly a target for

Related Essays

Preparedness And Mitigation Plan Analysis

741 words - 3 pages organization because of a job working at a campus with the security department. Having mitigation plan can be very important because of the amount of students that are on the campus they need to feel safe in their environment. In the critical incident management plan that the campus defines the authority, defines the terminology used in plan and in critical incidents, it also defines procedures for the delivery of timely response to incidents

Fxt2 Task2 Essay

2188 words - 9 pages that will allow the attacker to gain root access to the host, allowing the creation of a backdoor entry path into the target system. A2.Notification When an incident is analyzed and prioritized, the incident response team needs to notify the appropriate individuals so that all who need to be involved will play their roles. Incident response policies should include provisions concerning incident reporting—at a minimum, what must be

Incident Response Policy Essay

837 words - 4 pages Incident-Response Policy Rami Asad DeVry University SEC – 280-19780: Security Submitted to: Professor: Jack Sibrizzi Date: [ 2/12/2015 ] Incident-Response Policy This security incident response policy will explain the list of procedures that need to be taken after a malware attack that made the network operation shuts down for Gem Infosys. The policy plan will have multiple phases that include defining what comprises the security

Disaster Recovery Plan Term Paper

1590 words - 7 pages and then come up with corrective actions that return the company to full operations with the minimum of down time. We as a company find that we need to have an Incident Response Team established to handle the company’s needs in the event of this disaster. The IRT will consist of several members including management. We will be creating a charter to cover the following: Executive summary On December 16, 2012, Strategic Business