IS4550 Security Policies and Implementation Unit 8 Incident Response Team Policies
Class Agenda 8/4/16 Lesson Covers Chapter 12 Learning Objectives 12/3/2018 Class Agenda 8/4/16 Lesson Covers Chapter 12 Learning Objectives Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Break Times as per School Regulations. Try to read the text book before class. (c) ITT Educational Services, Inc.
Learning Objective Describe the different information security systems (ISS) policies associated with incident response teams (IRT).
Key Concepts Incident response policies Team members associated with incident response Emergency services related to IRT Policies specific to incident response support services Policies associated with handling the media and what to disclose
EXPLORE: CONCEPTS
What is an incident? Any event that violate organization security policies. Example: Unauthorized access of computers Sever clashing Data stolen or deleted from a database System compromised internally or externally.
Incident Classification Malicious code attacks Denial of service (DoS) Unauthorized access/theft Network reconnaissance probe
EXPLORE: ROLES
Roles and Responsibilities Users - May have supporting role in IRT as data owner representatives System Administrators - The subject matter experts (SMEs) chosen for each incident response effort will vary depending upon the type of incident and affected system(s)
Roles and Responsibilities (Continued) Information Security Personnel - These team members may also have specialized forensic skills needed to collect and analyze evidence Management - Ultimately, management is held accountable for the outcome of the incident response effort
Roles and Responsibilities (Continued) IRT Manager - This individual makes all the final calls on how to respond to an incident, they are the interface with management IRT Coordinator - They act as the official scribe of the team. All activity flows through this person who maintains the official records of the team
EXPLORE: CONTEXT
Incident Response Support Services This is a broad category to mean any team that supports the organization’s information technology (IT) and business processes The helpdesk for example would be a support services team During an incident, the helpdesk may be in direct contact with the customer who is impacted by the attack
Incident Response Support Services (Continued) The helpdesk, at that point, becomes a channel of information on the incident It’s vital that the helpdesk during an incident is providing a script of key talking points about the incident
Best Practices in Incident Response The effectiveness of the IRT and its related policies needs to be measured The measurement should be published annually with a comparison to prior years
Best Practices in Incident Response (Continued) The measurements should include the goals in the IRT charter, plus additional analytics to indicate the reduction of risk to the organization, such as: Number of incidents Number of repeat incidents Time to contain per incident Financial impact to the organization
Summary In this presentation, the following were covered: Incident classifications Roles and responsibilities associated with incident response team policies Incident support services Best practices to create an incident response team policies
Unit 7 Assignment Discussion 8.1 Support Services Assignment 8.3 Create an Incident Response Policy
Unit 8 Lab Activities Lab is in the lab manual on line Lab 8.2 Craft a Security or Computer Incident Response Policy – CIRT Response Team Reading assignment: Read chapter 12