Designing a incident response for my compacyPaper Details
First, you need to assemble a security incident response team (SIRT). This team will be responsible for determining whether intrusions are legitimate or false positives, determining how to escalate responses as needed, and deciding whether prosecution is viable or necessary. The team should be drawn primarily from current staff of your company. Include IT staff members, an upper management representative, a financial representative, and a human resources representative. Also, designate a person to handle public relations. Include contact information for the company’s legal counsel, and identify a local law enforcement officer to contact if the police need to be notified. Follow these steps to help plan your company SIRT:

1. List who should be included in the SIRT, and explain briefly why you selected each member. It doesn’t need to be a specific list of names, but a general guide for selection (including information such as skill sets needed, responsibilities the member is especially suited for, and so forth). For example, you might list the human resources director because she’s familiar with all employees and can handle staff notification, if needed. You might also have the HR director handle public relations. This list is intended for the company’s upper management, which will coordinate organizing the team with your guidance.

2. Plan the general agenda for the team’s first meeting. The team must select a team leader, discuss how responsibilities should be divided, and design a plan for developing, testing, and maintaining incident response procedures. (As a consultant, you can’t design these procedures. It’s an ongoing task the SIRT must do. Your job is to offer guidance.) Prepare a short list of “talking points” the team must address.

3. Instruct the SIRT leader to develop an Initial Response Checklist that includes responsible parties, contact information, and notification and escalation procedures. This checklist should be posted for employees but not available for the general public (to protect team members’ privacy). Develop a sample document the SIRT leader could use to organize this information.

Now that you have guided your company in developing an incident response strategy, you need to begin integrating it into the disaster recovery plan. At this stage of development for a company such as yours, you should also begin planning who will handle ongoing maintenance of policies and begin preparing that person or group to take over the job. Because your company is a small company, it can’t hire staff to take care of this task full-time. Someone within the company needs to take care of it.

Assume that the IT director, Jon Smith, will be handling the task of security policy and procedures maintenance. Develop a checklist of tasks he needs to do and a tentative schedule. Write a brief agenda for a meeting with him covering the key points of the disaster recovery plan maintenance, including the risk analysis cycle, security awareness training, and resources for monitoring current threats that might affect the company or its policies. Also, plan to review the policies and procedures manual with him and answer his questions, explaining how you developed each part of the manual.

After you have developed your list for upper management, the SIRT meeting agenda and talking points, the sample Incident Response Checklist, and your draft plan for ongoing maintenance, proofread all documents carefully and submit them to the instructor via the assignments tab for this project.

Students should have:

1. A list of people who should be considered for membership in the SIRT, including a brief rationalization for each potential member. This list shouldn’t be a list of names; instead, it should be a list of positions internal and external to the company. It must include at least one IT member, a representative from upper management, a public relations/employee liaison, and a representative of regular employees.

2. The agenda should include provisions for selecting a team leader, specify which responsibility roles must be assigned, state how the workload must be divided, and include a point about ongoing maintenance and testing. Other topics students can include: updating, security awareness programs, on-call assignments, responsibilities and escalation procedures for regular business hours and off hours, and regular team meetings. The risk analysis cycle, updating the business continuity plan, disaster recovery plan and response procedures, and local law enforcement notification could also be important points. Students can include other items; assess them based on relevance to the design and structure.

3. The checklist should include spaces for team member name, responsibilities, contact information, and escalation procedure (brief).