Incident Response Research Paper

An incident is any clearly identified attack on the organization’s information assets that would threaten the assets’ confidentiality, integrity, or availability. The response plan deals with the identification, classification, response, and recovery from an incident.

49). In order for all of the leaders of the different infrastructures to be successful at eliminating or mitigating such attacks they will need a common form of communication as all of their systems have been proven to affect each other. One tool to help eliminate such communication barriers is the National Incident Management System (NIMS). This system “is a standardized management plan that provides a core set of concepts for incident command and multi-agency coordination during emergency response” (Kamien, 2012, p. 486). With such systems as NIMS the government realized that no one system can work without the other and if one fails they all fail causing wide spread panic and various other hurdles for emergency responders to respond to. It is up to the government to realize that our world is no longer ran manually, but rather digitally so that we can better prepare for possible cyber attacks on our key critical infrastructures.

Incident response is written as a policy to ensure correct handling of an incident such as lost or stolen technology resources and gives the appropriate procedures on what to do if an incident happens.

Will be reviewing professional and scholarly publications to find additional and current research on cyber-incidents. However, most seem to be focused on incident response which might be advantageous to improve the process of updating centralized incident database.

Incident information disclosure is an important, circuitous concern that requires acceptable centralized procedures in place to facilitate incident response processes and do not cause more harm for the organization and its audiences. Keeping information and operations secured, appropriately is of basic importance for any organization, which becomes the assignment of cyber

Security planning for any data system should always include an incident response plan. “An incident response (IR) plan is a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets” (Whitman, 2006, pg. 92). The institution of such a plan will hopefully reduce down time should any incidents occur.

At this point of the incident, it has not been classified as an incident until human resources determines that an incident had occurred. Then the most appropriate incident reporting method will be used to notify the incident response team, preferably a telephone communication method should be used instead of email to avoid tipping the attacker off. The incident response team will assume the responsibility to alert and assemble required resources needed to begin incident handling

The investigation after an incident allows the organization to identify the attacker, tools used in the attack, the vulnerability that was exploited, and the damage caused by the attack. This post-mortem

Abstract— In business, disasters can happen anytime if information security is compromised at some point. In most of the disaster caused by humans, small incidents happened before can be prevented with some careful planning. Proper incident response should be integral part of overall security policy and risk mitigation strategy. This paper provides steps forming and operating Incident Response Plan.

Incident response is critical to any organization and time is of the essence. The organization would use NIST 800-61incident handling guide and its’ four major phase approach as a template to handle all identified incidents. Once the alert for the event was triggered a member of the CIRT would respond and begin the initial steps of incident management; detection and identification.

Regardless of how vigilant an organization is, security incidents are inevitable. To minimize the impact of a disaster, an incident-response policy is needed to outline the recovery processes to be implemented after an attack has occurred (Conklin, 516). The incident-response policy aids in establishing an incident-response team, defining when operations should be resumed, and ensuring that operations will resume.

The information security incident management policy of Blyth’s Books was created in 2010 and has been reviewed four times in five years. Those covered by its scope are clearly stated. It stresses the importance of incident management to the organisation and has the support of upper level management.

Mitigate - C3J recommends AAE to use the defense in-depth approach to security to mitigate the risk of a cyber-attack. Essentially, defense in-depth involves employing multiple security systems to protect company data. The concept works on the premise that if one system fails, another will be in place to protect the data. Examples of defense in-depth safeguards include using encryption to protect data confidentiality, implementing solutions to detect an attack, implementing solutions to backup and recover data, managing log files, and implementing a strong security awareness program. If a breach occurs the Director of IT will notify the Executive Director and any affected parties before activating the AAE incident response plan (IRP).

- Cyber Incident Response Plan focuses on cyberattacks against the organization. It provides procedures for identification and recovery from an attacks such as viruses, worms, Trojan horses, DoS, MITM, etc.

(Muhanty & Rao, (2008)) Describe the act of computer intrusion as any unauthorized attempt to access or damage or malicious use of information resources (Muhanty & Rao, (2008)). According to (Muhanty & Rao, (2008)), Intrusion detection deals with fast detection of unwanted violations in system 's normal behavior due to illegal actions (attacks) carried out by malicious users (Muhanty & Rao, (2008)). Individuals and organizations who use computers and the internet will need to have protection to keep their personal computers,