CIS 608 Logo

CIS 608 Logo
CIS 608 - Information Security Management

Friday, September 30, 2011

Post 021 - CIS 608




Incident Response Plans

The cover of an excellent Emergency Response Plan is shown at the right. The document comes from the website of the Illinois Institute of Technology located here in Chicago. The IIT Emergency Response Plan is avalailble here: http://www.iit.edu/departments/pr/emergency/Emergency_Flip_Chart_022405.pdf .

For the Week 4 and Week 5, we have looked closely at Incident Response Plans, Disaster Recover Plans, and Business Continuity Plans.

On Wednesday, September 28, 2011, I had to write a critique of the Incident Response Plan that I wrote last week. That critique is shown below. Please excuse how long it was. I found that in retrospect, there were a lot of obvious issues with my original version of my Incident Response Plan. But look closely and you will see a pattern, such as referring to practices and documents that don't yet exist. (At least it was an honest critique.)

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Regarding these issues that I discussed with my wife, after careful review, I found that the following parts of my Incident Response plan had issues and /or vulnerabilities and were not presently viable:

Parts of Incident plan

Virus Attack
(not caught by anti-virus software)

Before Attack

Area(s) with issues

Backups

Reason for Issues

Backups are not done as regularly as assumed by the Incident


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Virus Attack
(not caught by anti-virus software)

Before Attack

Area(s) with Issues

Virus or Security Awareness plan

Reason for Issues

There is no Virus or Security Awareness plan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Virus Attack
(not caught by anti-virus software)

After an Attack

Area(s) with Issues

Virus or Security Awareness plan

Reason for Issues

There is no Virus or Security Awareness plan

Reason for Issues

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Virus Attack
(not caught by anti-virus software)

After an Attack

Area(s) with Issues

Lessons Learned Plan

Reason for Issues

There is no Lessons Learned Plan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Virus Attack
(not caught by anti-virus software)

After an Attack

Area(s) with issues

Backups

Reason for Issues

Backups are not done as regularly as assumed by the Incident

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Power Failure

Before Attack

Area(s) with issues

Backups

Reason for Issues

Backups are not done as regularly as assumed by the Incident

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Power Failure

Before Attack

Area(s) with Issues

Security Awareness plan

Reason for Issues

There is no Security Awareness plan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Power Failure

After an Attack

Area(s) with Issues

Lessons Learned Plan

Reason for Issues

There is no Lessons Learned Plan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Fire

Before Attack

Area(s) with issues

Backups

Reason for Issues

Backups are not done as regularly as assumed by the Incident

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Fire

Before Attack

Area(s) with Issues

Lessons Learned Plan

Reason for Issues

There is no Lessons Learned Plan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Fire

Before Attack

Area(s) with Issues

Security Awareness Plan

Reason for Issues

There is no Security Awareness Plan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Fire

After an Attack

Area(s) with Issues

Security Awareness Plan

Reason for Issues

There is no Security Awareness Plan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Fire

After an Attack

Area(s) with Issues

Lessons Learned Plan

Reason for Issues

There is no Lessons Learned Plan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Fire

After an Attack

Area(s) with Issues

Backups

Reason for Issues

There are no current Backups

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Burst Water Pipe

Before Attack

Area(s) with Issues

Security Awareness Plan

Reason for Issues

There is no Security Awareness Plan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Burst Water Pipe

Before Attack

Area(s) with issues

Backups

Reason for Issues

Backups are not done as regularly as assumed by the Incident

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Burst Water Pipe

After an Attack

Area(s) with issues

Backups

Reason for Issues

Backups are not done as regularly as assumed by the Incident


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Burst Water Pipe

After an Attack

Area(s) with issues

Backups

Reason for Issues

Backups are not done as regularly as assumed by the Incident

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Burst Water Pipe

After an Attack

Area(s) with Issues

Security Awareness Plan

Reason for Issues

There is no Security Awareness Plan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

Burst Water Pipe

After an Attack

Area(s) with Issues

Lessons Learned Plan

Reason for Issues

There is no Lessons Learned Plan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

ISP Failure

Before Attack

Area(s) with Issues

Lessons Learned Plan

Reason for Issues

There is no Lessons Learned Plan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

ISP Failure

Before Attack

Area(s) with Issues

Security Awareness Plan

Reason for Issues

There is no Security Awareness Plan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

ISP Failure

After an Attack

Area(s) with Issues

Lessons Learned Plan

Reason for Issues

There is no Lessons Learned Plan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Parts of Incident Plan

ISP Failure

After an Attack

Area(s) with Issues

Security Awareness Plan

Reason for Issues

There is no Security Awareness Plan

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

References:

Whitman, M. E. and Mattford, H. J. (2010). Management of Information Security. Course Technology: Boston, MA.



1 comment:

  1. Very informative blog... Incident response plan is a set of instructions to help IT staff detect, respond to, and recover from network security incidents.

    ReplyDelete