Incident Response Planning 5.4

Question 1

Security Incidents

Answer 1

Users will click bad emails and execute malware. You may get DDoS’d, or confidential information will get stolen, or users will install peer-to-peer software and allow external access to internal servers.

Question 2

Roles and Responsibilities

Answer 2

Incident Response Team - Specialize group, trained and tested.

IT Security Management - Corporate support

Compliance Officers - Intricate knowledge of compliance rules

Technical Staff - Your team in the trenches

User Community - They see everything

Question 3

Incident Notification

Answer 3

Create a contact list of all the people who you need to be in touch with. There will be people in corporate, IT, non-IT, legal, public affairs, and external contacts.

Question 4

Cyber-Incident Response Team (CIRT)

Answer 4

Receives, reviews, and responds. This is a predefined group of professionals. Determine what type of events will require a CIRT response. The CIRT may not be part of the organizational structure. It is a team you pull together on an as need basis. It focuses on incident response, analysis, and reporting.

Question 5

Exercises

Answer 5

Test your team during exercises before an actual event occurs. Use well-defined rules of engagement. Do not touch your production systems. Make the scenario very specific. This will be a tabletop exercise. Evaluate and discuss after.