Incidence Response Policy
Incidence Response Policy
Gemini Info Systems (GIS), a small software company, has decided to better secure its computer systems after a flood in the area just missed their offices. If the flood would have hit GIS, all of their computer assets would have been destroyed forcing them to go out of business. The organization has on-site a hardware firewall, ten file servers, two web servers, one network-attached storage system with 60 TB of storage, one Windows 2012 Active Directory server for user access and authentication, 45 high-quality PCs, and a broadband connection to the Internet.
The management at GIS needs you to formulate an Incident-Response Policy. Its purpose is to eliminate (or greatly reduce) down time if future incidents occur. The Incident-Response Policy must stipulate the need to update or create the following:
Business-Continuity Plan (BCP) – list some of the elements a BCP includes,
Disaster-Recovery Plan (DRP) – list some sources to use as a template,
Incident-Response Team (IRT) – list the titles of its members, and
selection of an alternative site as part of the BCP – describe the merits of a hot, warm, and cold site.
Remember, policies are high level and NOT overly detailed. Don’t go down the rabbit hole of creating any of these plans. Your job is to create the policy statement that authorizes the creation of these plans and the IRT.
Incident-response policies are organized approaches that are formulated by companies after they identify or experience a threat. Some of the strategies include upgrading or creating plans that respond to incidents, help in recovery and continuity of organizational functionality.
Business Continuity Plan (BCP)
A BCP focuses on elements such as governance, impact analysis, steps to execute the BCP, and readiness of the organization to implement the BCP. Selections of alternative sites are also considered with choices ranging from hot, warm, and cold sites (Segue, 2013). Gemini Info Systems will adopt:
• Hot sites – backup centers that run concurrently with the main database.
• Cold sites – office spaces that can be used by an organization in case their headquarters are compromised.
• Warm sites – alternative office spaces with preinstalled servers ready for installation of company hardware.
Disaster Recovery Plan (DRP)
A DRP is a documented and structured approach that will direct GIS in the event of an incident. Such an approach will enable GIS to resolve data loss and recover functionality hence resuming back to work quickly. The following template may be used:
Incident-Response Team (IRT).
There is need for a team to manage the situation and it shall include:
• A public relations expert – to handle all media related scenarios
• A legal expert – will defend the organization against liabilities since they have the capability to inform decision-makers before and during incidents (Henri, 2018).
• A computer security incident response team (CSIRT) – a group of individuals responsible for the detection, retention, and elimination of cyber threats.
Through the implementation of these strategies, GIS may rest assured that future incidents will be handled swiftly to regain full control of operations.
Henri, V. (2018). Key Roles and Responsibilities for your Incident Response Team. Retrieved from https://www.hitachi-systems-security.com/blog/roles-responsibilities-incident-response-team/#:~:text=NIST’s%20publication%20800%2D64%20proposes,and%20escalading%20procedures%20when%20necessary.
Sugue. (2013). The Three Stages of Disaster Recovery Sites. Retrieved from https://www.seguetech.com/three-stages-disaster-recovery-sites/