bout Incident response plan? The Incident response plan is defined as the cluster of information which are used at the time of incident. The incidents can be of any type like cyber-attacks, breaching into firewalls, planting virus. Most of the organizations have the incident response plan to avoid losing the information and organization shutdowns.
Do we really need Incident response plan? Yes, the incident response plan plays an important role in organizations structure. The incidents are unexpected and to tackle these incidents the organization must have a strong incident response plan. Without the incident response plan the organizations can become an easy target to the cyber-attacks or breaching into firewalls by which the valuable information of the organization is compromised.
How many types of incidents are there? There are two types of incidents one is natural incidents and the other one is organizational incidents. The natural incidents include hurricanes, earthquakes, floods, fire and tsunamis. Whereas the organizational incidents include failure of a software part, virus plantation, theft, cyberterrorist attacks and firewall breaches. With all these incidents keeping the organizations members prepare a strong effective incident response plan to make sure the organization is safe and secure.
Goal of Incident response plan? The goal of incident response plan is to avoid the incidents striking the organization in an effective way. The incident response plan reduces the incident from occurring it again and reduces the risk to organizations investors and staff members. It is prepared in such a way that an organization can handle the damage from the incident and resurgence to its normal position in no time. The incident response plan limits the damage occurred from the incident and reduces the time of getting back on its feet and falls into organizations budget.
Progression of an incident response plan
Groundwork. To tackle the incidents striking the organization, the staff members and security team should take watchful procedures like endpoint protection is installed on all workstations, strong and encrypted firewall, accessing the internet only through the organizations virtual private network(VPN).
Spotting threats. In this phase the security team must find the pieces of data that show possibly suspicious activity on the entire system or network. There are incident causes that shows the actual existence of the threats in the network and the security team must be conscious of it.
Suppressing the threats. In this phase the security team identifies the threat infected networks and compromises it before the further damage of the organizations network. The security team must update the configurations of the network security policies at once after the attack as this prevents the threat spreading to the valuable information.
Annihilation of threats. The threats which are compromised are the removed from the network in this phase. All the infected networks or systems are replaced depending upon the damage occurred by the incident. After removing the threats, the networks or systems are roll backed to the normal position with the updated security policies and further investigation is processed for any left-out traces of the viruses.
Incident recovery. After the incident strikes the organization and the security team manages it and all the things are back to normal operation. The security team will often update the security policies of the network to avoid next incident striking back and make sure the threat or virus is completely removed from the network. The incident log files and damage report are maintained by the security team for future avoidance of threats to the organization.
Incident response planning committee
The incident response planning committee is structured in such a way that it consists of important and typical stakeholders of the organization. Stakeholders are the chief decision makers during the planning process. They play an important role in forming the incident response planning committee. Stakeholders are chosen based on standing for the entire group including their individual concerns and can act as a decision maker.
General manager. The general manager handles profit and loss of the organizations. The duties of general manager include operative planning, verdict making and directing.
Data owners. Data owners are responsible for valuable information and are the important ones in discovering and reporting the breach and serve as a middlemen between the company and breach.
Peoples operations. Peoples operation work with the organization area to avoid further exposure to private information breaches and to identify the extent of the breach.
Location manager. Location managers duty is to secure the area of the breached private information of the organization and give updated information to the security team.
Online System support. The staff of online system support will notify the security team about that incident response plan has been implemented and will look for the suspicious activity on the systems.
Security team. Investigates the breach and decides whether to implement the incident response plan or not. The team is responsible for all the documentation consisting the cause of breach and notify the higher management of the organization.