The Security Incident Response Plan

1257 Words3 Pages

In the first place, many companies are currently on the same shape as International Produce, because they did not have a plan which can deal with confidentiality, integrity, and availability (CIA) related incidents. Not only, International Produce has no regulatory requirements that would have made incident response planning a priority, but also this company needs to understand that Incident response is not a standalone item, but must rest on a foundation of policies and an ability to properly determine what an incident is and when one has occurred. Furthermore, “The purpose of security incident response is to bring needed resources together in an organized manner to deal with an adverse event known as an “incident” that is related to the safety and or security of the information system. The security incident response process is centered on the preparation, detection and analysis, containment, investigation, eradication, recovery, and post incident activity surrounding such an incident” (Johnson, 2013). Moreover, planning and preparedness must come before the incident, but in the case of International Produce is too late since the increase in networking traffic was not perceived as problematic until it was noticed that the traffic was not coming from Mongolia to Boston but was instead traveling from Boston to Mongolia. Given these points, an incident response consultant should assist to review available resource to solve this incident, organize step to take in order to properly assess the situation, and mitigate all legal arrangements involving theft of intellectual property.
First, business practices required a computer incident response team (CIRT) to ensure that there is a capability to provide help to users when a security ...

... middle of paper ...

...ken offline and the physical disk(s) stored properly, but also time is of the essence for collection procedures. Another factor in forensic is the evidence Retention, CIRT should establish a chain of custody to document who has had custody from time of discovery to presentation in court. Additional evidence such as logs from firewalls, IDS, and sniffers are useful, and all systems should use Network Time Protocol or other form of authoritative time stamps. Additionally, accountability is the foundation for incident response and forensics, and logging is the way to produce full accountability in case of an incident. Also, the primary way of protecting logs is via file-system permissions, and the process writing the log should only be able to write. Then, administrators should only be able to read logs. Other approaches include WORM media such as CD-ROM and printers.

More about The Security Incident Response Plan

Open Document