Premium Essay

Computer Incident Response Team Assembly

In: Business and Management

Submitted By syners
Words 2436
Pages 10
Computer Incident Response Team Assembly

By Alexander R Ward

November 11, 2012

In any organization preventative maintenance is strongly encouraged and sometimes mandatory. The reason for doing such actions is to prevent incidents. However, no matter how well your organization has prepared or tried to prevent an incident it will fail. Incidents happen no matter what. There is no changing that fact. But what makes and breaks organizations is how they react to the incident at hand. Planning and formulation of a team to handle incidents is something that can be difficult to do. For that reason management has to put together a team that is not only well educated, but seasoned. Putting together a team of junior professionals would be extremely detrimental to that organization, but that is not to say that a team shouldn’t consist of junior personnel. Each and every roll within an incident response team is vitally important. The Computer Security Incident Response Team (CSIRT) is designed to mitigate and handle the dangers that come with operating in a digital environment. Before we can delve into creating or assembling the CSIRT there are a few things that must be covered. By definition what is the purpose of a CSIRT? A CSIRT is there to outline the organizational structure and delineation of roles and responsibilities and to supplement an organization’s security infrastructure to investigate and minimize the threat of damage resulting from a breach of restricted/confidential or internal data (Gramm, 2012). Having a set of procedures to help minimize the occurrence of incidents or damage to the organization is necessary. Clearly establish and enforce all policies and procedures. Many security incidents are accidentally created by IT personnel who have not followed or not understood change management...

Similar Documents

Premium Essay

Securitymeasurespaperweek05

...and efficient backup systems. For these reasons, it is important to undertake an auditing process, which helps monitor the utilization and the performance of the security plan and the standard operating procedure. Further, there should be a high level of awareness already in place, before the implementation and deployment of an incident response squad (Ellis & Speed, 2001). This paper will discuss recommendations on the ways of minimizing or averting security incidences, the assembly of a CSIRT. Further, the paper will define the threat response plan. Minimizing the Severity and the Number of Security Breaches Indeed, the prevention of security incidents is a major milestone for the organization. However, it is not possible to eliminate all the security threats facing the organization. Further, after the incidence of a risk event, minimizing its impact should be a major priority. The process entails the following processes: establishing and enforcing all procedures and policies; upholding the support of incident mitigation and security policies from the management; assessing for organizational vulnerabilities continually and checking all computer networks and systems, to ensure that they are updated on threat elimination (Rhee, 2003). Other processes to be engaged include offering security coaching for end users and IT staffs, placing security tags that remind users of responsibilities and restrictions, and where necessary include a warning about the penal action......

Words: 994 - Pages: 4

Premium Essay

Disater Recovery Plan

...Key Personnel Contact Info Name Title Contact Option Contact Number | CEO – | Work: | Alternate: | Mobile: | Home: | Email: | Alternate Email: | | IT - | Work: | Alternate: | Mobile : | Home: | Email: | Alternate Email: | Plan Documentation Storage Copies of this Plan, CD, and hard copies will be stored in secure locations to be defined by the company. Each member of senior management will be issued a CD and hard copy of this plan to be filed at home. Each member of the Disaster Recovery Team and the Business Recovery Team will be issued a CD and hard copy of this plan. A master protected copy will be stored on specific resources established for this purpose. Backup Strategy Key business processes and the agreed backup strategy for each are listed below. The strategy chosen is for a fully mirrored recovery site at the company’s offices in _____. This strategy entails the maintenance of a fully mirrored duplicate site which will enable instantaneous switching between the live site (headquarters) and the backup site. KEY BUSINESS PROCESS | BACKUP STRATEGY | IT Operations | Fully mirrored recovery site | Tech Support - Hardware | Fully mirrored recovery site | Tech Support - Software | Fully mirrored recovery site | Facilities Management | Fully mirrored recovery site | Email | Fully mirrored recovery site | Purchasing | Fully mirrored recovery site | Disaster Recovery | Fully......

Words: 1478 - Pages: 6

Premium Essay

Disaster Recovery Plan

...these processes is to minimize any negative impacts to company operations. The IT disaster recovery process identifies critical IT systems and networks; prioritizes their recovery time objective; and delineates the steps needed to restart, reconfigure, and recover them. A comprehensive IT DR plan also includes all the relevant supplier contacts, sources of expertise for recovering disrupted systems and a logical sequence of action steps to take for a smooth recovery (Kirvan, 2009). The following Disaster Recovery Plan has been put together for the mock company which will be named ABC Technologies. The information contained in the DRP is partially real information from my current employer and other parts are made up. This is in response to my current firm’s policy against the dissemination of proprietary information. Information Technology Statement of Intent This document delineates our policies and procedures for technology disaster recovery, as well as our process-level plans for recovering critical technology platforms and the telecommunications infrastructure. This document summarizes our recommended procedures. In the event of an actual emergency situation, modifications to this document may be made to ensure physical safety of our people, our systems, and our data. Our mission is to ensure information system uptime, data integrity and availability, and business continuity. Policy......

Words: 2966 - Pages: 12

Premium Essay

Position Paper Summary

...SWUPLMUN 2013 – GA Position Paper Summary Committee: GA Topic: Development in the field of information and telecommunication in the context of information security Dear delegates, After reading your position papers, we made a summary as follows. Please read it and may it help you. Country Name Argentina Basic Position Argentina is focusing on cracking down the ill-using of ICTs. Past Actions Reached a ‘Tunisia commitment’ with many countries to make the commitment in advancing the development of information technology and accelerate the national exchange. Proposed Solutions (1) Introduce a law named" Information security law "to promote the protection of the domestic information security. (2) Call upon national institutions and social organizations to corporate to promote the maintenance of information security. (3) Call for regional organization to implement technology exchange. (1) Normalize laws and standards on cyber perpetration and ICT intelligence use and supply. (2) Promote a comprehensive collaboration framework based on critical regional cyber security organizations. (3) Elaborate common terms and definitions and exchange national views on the use of ICTs in conflict for the sake of confidence-building. Australia Australian government calls for international collaboration to cope with information perpetration and to establish constricting norms on the state use of ICT, relieving international instability and enhancing the freedom of information.......

Words: 4012 - Pages: 17

Premium Essay

Computer

...Computer Crimes Computer Crimes Computer Crimes Advances in telecommunications and in computer technology have brought us to the information revolution. The rapid advancement of the telephone, cable, satellite and computer networks, combined with the help of technological breakthroughs in computer processing speed, and information storage, has lead us to the latest revolution, and also the newest style of crime, "computer crime". The following information will provide you with evidence that without reasonable doubt, computer crime is on the increase in the following areas: hackers, hardware theft, software piracy and the information highway. This information is gathered from expert sources such as researchers, journalists, and others involved in the field. Computer crimes are often heard a lot about in the news. When you ask someone why he/she robbed banks, they world replied, "Because that's where the money is." Today's criminals have learned where the money is. Instead of settling for a few thousand dollars in a bank robbery, those with enough computer knowledge can walk away from a computer crime with many millions. The National Computer Crimes Squad estimates that between 85 and 97 percent of computer crimes are not even detected. Fewer than 10 percent of all computer crimes are reported this is mainly because organizations fear that their employees, clients, and stockholders will lose faith in them if they admit that their computers have been attacked.......

Words: 1814 - Pages: 8

Premium Essay

Planning

...On site and offsite emergency plans on chemical disaster Why Emergency Planning is required? After the incident of Bhopal gas disaster, the Factories Act has been amended and a new chapter i.e. Chapter IVA – provision relating to hazardous processes has been added to the Factories Act with addition of new provisions sec 41A, 41B, 41C, 41D, 41E, 41G & 41H covering all hazardous process industries. Under the provision of Sec 41B(4) every occupier shall with the approval of the Chief Inspector of Factories draw up an On-site Emergency Plan and detailed disaster control measures for his factory and make known to the workers employed therein and to the general public living in the vicinity of the factory the safety measures required to be taken in the event of an accident taking place. This is the statutory provision laid down in the act for preparation of On-site Emergency Plan to control disaster in the factories. Major accidents may cause emergency and it may lead to disaster, which may cause heavy damage to plant, property, harm to person and create adverse affects on production. Many disasters like Bhopal gas tragedy, Chernobyl nuclear disaster etc. have occurred at many places in the world causing heavy loss of life and property. Emergency situation arises all on a sudden and creates havoc and damage to person, property, production and environment. Therefore such situations and risks should be thought in advance and it should be planned before hand to......

Words: 3353 - Pages: 14

Premium Essay

Tinab Ennett

... | | | Table of Contents Information Technology Statement of Intent 5 Policy Statement 5 Objectives 5 Key Personnel Contact Info 6 Notification Calling Tree 7 External Contacts 8 External Contacts Calling Tree 10 1 Plan Overview 11 1.1 Plan Updating 11 1.2 Plan Documentation Storage 11 1.3 Backup Strategy 11 1.4 Risk Management 11 2 Emergency Response 12 2.1 Alert, escalation and plan invocation 12 2.1.1 Plan Triggering Events 12 2.1.2 Assembly Points 12 2.1.3 Activation of Emergency Response Team 12 2.2 Disaster Recovery Team 13 2.3 Emergency Alert, Escalation and DRP Activation 13 2.3.1 Emergency Alert 13 2.3.2 DR Procedures for Management 14 2.3.3 Contact with Employees 14 2.3.4 Backup Staff 14 2.3.5 Recorded Messages / Updates 14 2.3.7 Alternate Recovery Facilities / Hot Site 14 2.3.8 Personnel and Family Notification 14 3 Media 15 3.1 Media Contact 15 3.2 Media Strategies 15 3.3 Media Team 15 3.4 Rules for Dealing with Media 15 4 Insurance 15 5 Financial and Legal Issues 16 5.1 Financial Assessment 16 5.2 Financial Requirements 16 5.3 Legal Actions 16 6 DRP Exercising 16 Appendix A – Technology Disaster Recovery Plan Templates 17...

Words: 4679 - Pages: 19

Premium Essay

Contingency Plan

...DREAMZ TELECOMMUNICATIONS, INC. Charleston, S.C. Operations Contingency Plan Torey A. Shannon Dreamz Security Plan I. Overview 2.1 Objectives The operative objectives of this security plan is to provide employees with a safe and secure work environment that implements efficient security controls that protect the confidentiality of employees’ and clients information while employing efficient protocol to thwart and/or counteract potential security threats. To protect employees and clients from threats from unauthorized personnel and foreign agents, physical and technical security will be strategically placed within the organization through employee policy and technical support. Dreamz Incorporated will create security education, training, and awareness programs to further safeguard against potential threats and minimize loss from security intrusions. 2.2 Strategic Corporate Officers CEO - Raymond Williams (PH) 678-873-9087, (Email)Rwilliams@dreamz.org CIO - MarciaCamos (PH) 678-873-9088, (Email)Mcamos@dreamz.org CISO - James Korve (PH) 678-873-9089, (Email)Jkorve@dreamz.org 2.3 Information Security Governance Assignments CEO * Oversee Corporate Security policy * Brief board, customers, and public on corporate activities and policies. CIO, CISO * Set security policy, procedures, programs and training for the organization. * Respond to security breaches and coordinate independent audits. *......

Words: 4878 - Pages: 20

Premium Essay

Student Needing Help

...of extended service outages caused by factors beyond our control (e.g., natural disasters, man-made events), and to restore services to the widest extent possible in a minimum time frame. All TnA sites are expected to implement preventive measures whenever possible to minimize network failure and to recover as rapidly as possible when a failure occurs. The plan identifies vulnerabilities and recommends necessary measures to prevent extended service outages. It is a plan that encompasses all TnA system sites and operations facilities. Scope The scope of this plan is limited to . This is a business continuity plan, not a daily problem resolution procedures document. Plan Objectives 0 Serves as a guide for the TnA recovery teams. 1 References and points to the location of any data that resides outside this document. 2 Provides procedures and resources needed to assist in recovery. 3 Identifies vendors and customers that must be notified in the event of a disaster. 4 Assists in avoiding confusion experienced during a crisis by documenting, testing and reviewing recovery procedures. 5 Identifies alternate sources for supplies, resources and locations. 6 Documents storage, safeguarding and retrieval procedures for vital records. Assumptions 7 Key...

Words: 5176 - Pages: 21

Premium Essay

Case Study: Creating an Ids Policy.

...small software company, has decided to secure their computer systems. The organization uses ten PCs and a broadband connection to the Internet. The management at Gem needs to formulate an IDS policy. We need to identify the steps to be performed when formulating the IDS policy. One of the best ways to protect company networks and data from attackers is to have an Intrusion Detection System in place. Today, IDS’s are an integral part of many organizations’ network infrastructure. But having the IDS in place and not understanding why it’s in place, how it works or who will deploy and run it or how to respond in the event of an attack is counter-productive to its existence. This is why we need to formulate the IDS policy. Before the IDS is deployed, we will create a basic outline of what we are trying to accomplish with the IDS and from there, devise a strategy. So, what are we protecting the network from and how strict will we make accessibility? Sometimes beginning with the end in mind is a good way to execute the first step of any plan or strategy. Knowing how tightly or loosely you want to allow traffic to flow on the network in order to have better control over it is a good start. We obviously know that we do not want intrusions of any kind. Who will write the policy and deploy it? With that question being posed, I would assign a project leader to the task of formulating the IDS policy and letting that person put a small team together for assistance. The leader should be......

Words: 831 - Pages: 4

Premium Essay

Crime

...http://en.wikipedia.org/wiki/Counter-terrorism Counter-terrorism (also spelled counterterrorism) is the practices, tactics, techniques, and strategies that governments, militaries, police departments and corporations adopt to prevent or in response to terrorist threats and/or acts, both real and imputed. The tactic of terrorism is available to insurgents and governments. Not all insurgents use terror as a tactic, and some choose not to use it because other tactics work better for them in a particular context. Individuals, such as Timothy McVeigh, may also engage in terrorist acts such as the Oklahoma City bombing. If the terrorism is part of a broader insurgency, counter-terrorism may also form a part of a counter-insurgency doctrine, but political, economic, and other measures may focus more on the insurgency than the specific acts of terror. Foreign internal defense (FID) is a term used by several countries[citation needed] for programs either to suppress insurgency, or reduce the conditions under which insurgency could develop. Counter-terrorism includes both the detection of potential acts and the response to related events. Anti-terrorism versus counter-terrorism Further information: Detentions following the September 11, 2001 Terrorist Attack The concept of anti-terrorism emerges from a thorough examining of the concept of terrorism as well as an attempt to understand and articulate what constitutes terrorism in Western terms. In military contexts, terrorism is a...

Words: 6044 - Pages: 25

Free Essay

Computer Forensics

...computer forensics Background of Computer forensics: What is most worth to remember is that computer forensic is only one more from many forensic subdivisions. It’s not new, it’s not revolution.. Computer forensics use the same scientific methods like others forensics subdivisions. So computer forensics is not revolution in forensic science! It’s simple evolution of crime techniques and ideas. Forensic origins: Forensic roots from a Latin word, “forensic” which generally means forum or discussion. In the reign of the Romans, any criminal who has been charged with a crime is presented before an assembly of public folks. Both of the complainant and the defendant are to present their sides through their own speeches. The one who was able to explain his side with fervent delivery and argumentation typically won the case. It is important to realize that computer forensics is only one subdivision of forensic science. It is digital, it includes most advanced computer science but still it is only branch of forensic science, an its main goal is  submission of the proven claims of scientific methods and strategies to recover any significant digital traces. Computer Forensic Timeline: 1970s • First crimes cases involving computers, mainly financial fraud 1980’s • Financial investigators and courts realize that in some cases all the records and evidences were only on computers. • Norton Utilities, “Un-erase” tool created • Association of Certified......

Words: 4790 - Pages: 20

Premium Essay

Quality Control Plan

...Information 3 3 Contingency Plan Overview 4 3.1 Applicable Provisions and Directives 4 3.2 Objectives 4 3.3 Organization 5 3.4 Contingency Phases 8 3.4.1 Response Phase 8 3.4.2 Resumption Phase 8 3.4.3 Recovery Phase 8 3.4.4 Restoration Phase 9 3.5 Assumptions 9 3.6 Critical Success Factors and Issues 9 3.7 Mission Critical Systems/Applications/Services 10 3.8 Threats 10 3.8.1 Probable Threats 11 4 System Description 12 4.1 Physical Environment 12 4.2 Technical Environment 12 5 Plan 12 5.1 Plan Management 12 5.1.1 Contingency Planning Workgroups 12 5.1.2 Contingency Plan Coordinator 12 5.1.3 System Contingency Coordinators 13 5.1.4 Incident Notification 13 5.1.5 Internal Personnel Notification 13 5.1.6 External Contact Notification 13 5.1.7 Media Releases 14 5.1.8 Alternate Site (s) 14 5.2 Teams 14 5.2.1 Damage Assessment Team 14 5.2.2 Operations Team 15 5.2.3 Communications Team 15 5.2.4 Data Entry and Control Team 15 5.2.5 Off-Site Storage Team 15 5.2.6 Administrative Management Team 15 5.2.7 Procurement Team 15 5.2.8 Configuration Management Team 16 5.2.9 Facilities Team 16 5.2.10 System Software Team 16 5.2.11 Internal Audit Team 16 5.2.12 User Assistance Team 16 5.3 Data Communications 16 5.4 Backups 16 5.4.1 Vital Records/Documentation 17 5.5 Office Equipment, Furniture and Supplies 19 ......

Words: 17284 - Pages: 70

Premium Essay

Urban Outfitters

...Information 3 3 Contingency Plan Overview 4 3.1 Applicable Provisions and Directives 4 3.2 Objectives 4 3.3 Organization 5 3.4 Contingency Phases 8 3.4.1 Response Phase 8 3.4.2 Resumption Phase 8 3.4.3 Recovery Phase 8 3.4.4 Restoration Phase 9 3.5 Assumptions 9 3.6 Critical Success Factors and Issues 9 3.7 Mission Critical Systems/Applications/Services 10 3.8 Threats 10 3.8.1 Probable Threats 11 4 System Description 12 4.1 Physical Environment 12 4.2 Technical Environment 12 5 Plan 12 5.1 Plan Management 12 5.1.1 Contingency Planning Workgroups 12 5.1.2 Contingency Plan Coordinator 12 5.1.3 System Contingency Coordinators 13 5.1.4 Incident Notification 13 5.1.5 Internal Personnel Notification 13 5.1.6 External Contact Notification 13 5.1.7 Media Releases 14 5.1.8 Alternate Site (s) 14 5.2 Teams 14 5.2.1 Damage Assessment Team 14 5.2.2 Operations Team 15 5.2.3 Communications Team 15 5.2.4 Data Entry and Control Team 15 5.2.5 Off-Site Storage Team 15 5.2.6 Administrative Management Team 15 5.2.7 Procurement Team 15 5.2.8 Configuration Management Team 16 5.2.9 Facilities Team 16 5.2.10 System Software Team 16 5.2.11 Internal Audit Team 16 5.2.12 User Assistance Team 16 5.3 Data Communications 16 5.4 Backups 16 5.4.1 Vital Records/Documentation 17 5.5 Office Equipment, Furniture and Supplies 19 ......

Words: 17323 - Pages: 70

Premium Essay

Advance Manufacturing

...Advanced Manufacturing Competency Model Updated April 2010 Employment and Training Administration United States Department of Labor 1 www.doleta.gov Updated April 2010 Advanced Manufacturing Competency Model Table of Contents About the Model 3 Tier One: Personal Effectiveness Competencies 4 Interpersonal Skills 4 Integrity 4 Professionalism 4 Initiative 4 Dependability & Reliability 4 Lifelong Learning 4 Tier Two: Academic Competencies 6 Science 6 Basic Computer Skills 6 Mathematics 7 Reading 7 Writing 7 Communication—Listening and Speaking 8 Critical & Analytical Thinking 8 Information Literacy 8 Tier Three: Workplace Competencies 10 Business Fundamentals 10 Teamwork 10 Adaptability/Flexibility 11 Marketing and Customer Focus 11 Planning and Organizing 12 Problem Solving and Decision Making 12 Working with Tools and Technology 13 Checking, Examining, and Recording 13 Sustainable Practices 14 Tier Four: Industry-Wide Technical Competencies 15 Entry-Level 15 Manufacturing Process Design/Development 15 Production 15 Maintenance, Installation, and Repair 17 Supply Chain Logistics 17 Quality Assurance and Continuous Improvement 18 Sustainable and Green Manufacturing 19 Health, Safety, Security, and Environment 19 Technician Level 21 Manufacturing Process......

Words: 6430 - Pages: 26