IncidentResponseIRStrategicDecisions Essay

820 Words4 Pages
Assignment 3: Incident Response (IR) Strategic Decisions Strayer University Disaster Recovery Management CIS-359 June 02, 2014 Assignment 3: Incident Response (IR) Strategic Decisions Incident response begins with prevention and security awareness (figure 1). In the case of malware attacks such as viruses, worms or Trojan horses, defense-in-depth plays a large role in the defense and early detection of potential threats to information systems connected to the internet. Personnel utilizing these assets also play a large role in defending and protecting these assets. Authorized users should be aware of all policies and procedures pertaining to the proper use of all networks, applications, and systems within the organization. The…show more content…
Great emphasis should be placed on the importance of a containment plan and selecting the appropriate containment methodology. According to Cichonski et al., criteria for determining the appropriate containment strategy should include: Potential damage to and theft of resources Need for evidence preservation Service availability (e.g., network connectivity, services provided to external parties) Time and resources needed to implement the strategy Effectiveness of the strategy (e.g., partial containment, full containment) Duration of the solution (e.g., emergency workaround to be removed in four hours, temporary workaround to be removed in two weeks, permanent solution) (Cichonski et al., 2012, p. 35). Depending on the type and severity of the attack, containment procedures may require isolating the affected server, shutting down or disabling vital services that could impact the organization’s business processes or impact the mission. Upper level management will need to be notified prior to taking such extreme actions. Notification will most likely be accomplished via phone and/or intranet email if available to provide record documentation of notification. The next step is the eradication of the threat if possible, followed by recovery efforts once the threat has been contained or eradicated and the system is safe to operate. Incident recovery begins with implementing the back-up and recovery plan which should already be in place

    More about IncidentResponseIRStrategicDecisions Essay

      Open Document