Incident Response Plan
- Topics: Incident
- Words: 478
- |
- Page: 1
- This essay sample was donated by a student to help the academic community. Papers provided by EduBirdie writers usually outdo students' samples.
Download
Download
Incident response plan presents a list of responses to an intrusion and a series of actions to stop an intrusion before it will cause damage an action plan has to include all possible result of analysis as well as actions it has too to cover critical and informational alerts and it should of course be accessible to all employees in the workplace..
Preparation presents how employees should be trained to respond to incidents in the workplace, an employee should contact the IT Help Desk immediately after discovering an incident. The Help Desk will store information about an incident like the name of the employee who calls him, the source of the incident, the time, the location of equipment.Next; he has to contact the responsible employee referring to the contact list of the Incident Response team. He has to log the information received and add information to the report like the name of the attacked systems, IP address.
The incident response team members contacted will meet to discuss the situation and assure that the event is a security incident, and discuss the response strategy that they will apply for example installation of security information and event management (SIEM), so that even logbooks can be proactively analyzed and acted upon or using a honeypot system to log all the attackers’ activities and study their behavior which is nothing but a server that offers any kind of services to the attacker with critical vulnerabilities, the type of incident (high, medium or Low),kind of incident because computer incidents require specific Incident Response Team activation.
Here they try to limit the damage and isolate the affected systems to avoid probable damage, so usually, they shut down the systems so they stop the attack and assure preserving evidence.
It’s time to do a root cause analysis to find out why the incident occurred and how to prevent it from occurring again. Act immediately to get the investigation started before valuable evidence is deleted including reviewing of system logs, reviewing intrusion detection or firewall logs, collection, and revision of log files, Reports from network monitoring programs, Detection of unauthorized services installed, any changes in the password file..
In this phase they will restore the affected systems to be sure that all vulnerabilities have been removed, the vulnerability must be analyzed on each system before any correction.
The IT team will revise the incident response plan they should update it according to what they learn from the incident, and improve future response so the incident doesn’t happen again. They must complete an incident report and outline it. they should make sure that the logs have been configured to be sent to a commercial log collection, and that their analysis product runs various logs summaries like trends to observe the big picture(Most Attacked Ports, Main Event Types) As well as Previously Invisible Events to discover rare but critical events in newspapers..
Abstract In this research, we are going to evaluate the breach and the theft held with Smith hospital in Kentucky. We have identified the policy, evaluating the risk and figure out the solution to mitigate the risk. We have identified the severity of the breach...
On December 1, 2019, at 08:30 PM, workers suffered benzene inhalation while working in the Tilray production factory in Petrolia. Follow up investigations are required. Background At the time, the workers were as usual working there shift in the production department; workers were following the...
This essay regards a significant incident that occurred during my first social work placement in an educational setting. The incident involves a child who holds negative feelings towards social workers, and how this has affected my practice. Gibbs (1988) suggests a “reflective cycle” which underpins...
EduBirdie considers academic integrity to be the essential part of the learning process and does not support any violation of the academic standards. Should you have any questions regarding our Fair Use Policy or become aware of any violations, please do not hesitate to contact us via support@edubirdie.com.