Incident Response Policy Essay

837 words - 4 pages

Incident-Response Policy
Rami Asad
DeVry University
SEC – 280-19780: Security
Submitted to:
Professor: Jack Sibrizzi
Date: [ 2/12/2015 ]
Incident-Response Policy
This security incident response policy will explain the list of procedures that need to be taken after a malware attack that made the network operation shuts down for Gem Infosys. The policy plan will have multiple phases that include defining what comprises the security incident and the response phases. The response phases would include defining roles and responsibilities, assessment of the incident, and procedures explaining in detail what actions taken during the incident. Although the incident was caused by a ...view middle of the document...

Also, Gem Infosys has a professional security consultant.
Cyber incident response team is responsible for the following steps:
1. Determine the cyber attack: This step might take awhile and could be challenging. The most important part is to be aware of how the company’s network designed and how much bandwidth users have been utilizing compared to their bandwidth usage on a regular basis. Also warnings such as computers are suddenly crashing or huge transfer of data to weird IP addresses would help identify the attack.
2. Investigate the scope of the compromise: This step is to inventory all the machines that got affected by the attack. At this point the professional consultant would need to do a network and malware analysis to:
a. See which machines and files got affected such as customer records, databases, individual files, and financial data. Assess what business information was stolen or damaged.
b. Collect information from network logs and any software error reports.
c. Determine where the malware entered the network.
3. Control the attack: After the cyber attack is determined, contain the attack.
d. Pull offline all affected systems simultaneously.
e. Check the firewall and make sure it is configured to its maximum security. While doing assessment, disable packets traveling between the LAN and the Internet, then enable packet filtering.
f. Disable network ports such as port 80 to block any data transmition while doing the assessment.
g. Repair the affected systems. Either re-images the machine or reinstall all software from master disk and restore files and databases from backup.
h. Check the anti-virus software and...

Other Papers Like Incident-Response Policy

National Response Plan Essay

2307 words - 10 pages domestic incident response roles, responsibilities and relationships in order to respond more effectively to any type of incident. General administrators of NRF-specific guidance will typically be policy-level personnel or heads-of-agencies, who directly or strategically coordinate echelon and subordinate agencies at all eventual layers of government emergency response. It is guided mainly by the data and regulatory information offered to

Incident Report Administration

3635 words - 15 pages reported and will serve as a basis for adverse patient trends, patient safety issues, or other risks and hazards to be identified, and risk reduction programs implemented. In order to promote a culture that promotes patient safety, the hospital’s Incident Reporting Policy is based upon a foundation of nonpunitive approach to incident/occurrence reporting. The hospital leadership will encourage open and honest reporting of injuries and


567 words - 3 pages | MEMORANDUM 9/25/13 TO: Refinery Operations Department FROM: Trevor L. White SUBJECT: Overtime Policy Guidelines Revisions The overtime policy in which Shell put into place last January has affected all of us tremendously over the past year. Together with Shell and the Union we have put together a team to mandate revisions that will have the best interest of the employees. The overtime policy was developed by BP in a response to

Crisis Management Plan Military

2637 words - 11 pages Military’s Role in Domestic Crisis Management, 2003) Crisis management is predominately a law enforcement function that manages the resources necessary to prevent or resolve a terrorist incident. Current U.S. government terrorism response policy is contained in presidential directives. Among other matters, these directives address National Security Council structure and federal agency crisis response roles when responding to a domestic terrorism

Sec280 Disaster Recovery - Case Study

1010 words - 5 pages Considering the recent attack it is imperative for Gem Infosys to have a plan in place for incident-response / operational readiness in the event of an info security breach. This policy is to coincide with our current group and policies and procedures while expanding on how Gem Infosys will develop an incident-response team (interchangeably IRT), disaster recovery process (interchangeably DRP)and business-continuity plan (interchangeably BCP

Lyndon Johnson And The Tonkin Gulf Resolution

2362 words - 10 pages months prior to the incident, while the Johnson administration perpetuated the lie that the Resolution was written in response to North Vietnamese aggression. In addition, this paper will argue that the Gulf of Tonkin Resolution itself and the rhetoric of President Johnson and his advisers show that the top officials in the U.S. government had an attitude of insincerity toward South Vietnam as an independent country. The stepping-up of

Denial of Service

716 words - 3 pages be made accessible to every user. One method to do this would be to display the policy when a user logs in or direct them to where they can read the document. (Glenn, 2003.) Develop Incident Response Procedures The incident response procedures should identify the following: ← Define who the respondents are and what each individual's responsibility is ← Specify what data is to be collected and what actions are expected

Evidence Collection

2876 words - 12 pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10 Security Incident Response (Detailed Form) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-10 Incident Response Policy

Comparision Pape

1865 words - 8 pages each entities job responsibilities. Both private security and public policing personnel must adhere to the policies and procedures set forth by its organization. Private security organizations have 10 essential policies that the agency must follow. Those essential policies are as follows: acceptable use policy, privacy policy, password policy, disposal and destruction policy, storage and retention policy, incident response policy

It Audit Guide

4838 words - 20 pages | | | | |Not Effective | | | |Comments: | 3 Information Security Documentation | Documentation Framework | Information Security Policy | Security Risk Management Plan | System Security Plan | Standard Operating Procedures | Incident Response Plan


2589 words - 11 pages that all our inspections will be of consistently high quality and proceed smoothly and without incident. We recognise that occasionally concerns may arise about some aspects of our work or the conduct of our staff. This policy sets out our approach and procedures for handling complaints about Ofsted’s work. Our definition of a complaint is any expression of dissatisfaction about our actions that needs a response. We take complaints very

Related Essays

Incident Response Plan Example Essay

1230 words - 5 pages preventative steps so the intrusion can't happen again. a)Consider whether an additional policy could have prevented the intrusion. b)Consider whether a procedure or policy was not followed which allowed the intrusion, and then consider what could be changed to ensure that the procedure or policy is followed in the future. c)Was the incident response appropriate? How could it be improved? d)Was every appropriate party informed in a timely

Preparedness And Mitigation Plan Analysis

741 words - 3 pages gaining control of a situation with so many people and also keeping an open line of communication. In this case they have covered all the bases of this type of incident. One other strength is that they immediately point out who would be in command during a critical incident. “The BCIT Critical Incident Response Policy (BCIT Policy 7515), authorizes the development of a CIMP. The Director of Safety and Security is the Critical Incident Response Team

Is4560 Lab9 Essay

730 words - 3 pages you think it is a good idea to have a security policy defining incident response process in your organization? The organization should have a security policy defining the roles, responsibilities, and processes for performing an incident response for the organization. This should include the process, security incident response team members, goals and objectives, and the scope of the policy. This policy will help streamline authorizations and define

The Significance Of The Columbine High School Events

1054 words - 5 pages and that incidents that occur in schools should be dealt with swiftly and harshly. Schools now focus on security, bullying, and response to these type incidents. Topic I – Security A. Zero Tolerance in Schools B. Preventive Measures Topic II- Bullying A. Profiling B. Communication C. Anti-Bullying Laws Topic III- Incident Response A. School System Response B. Emergency Responder Response C. Post Response I. Security