Development of Incidence Response Team
- Details
- Hits: 27689
Thesis Statement
Incident-response policy is able to reduce network down time in case of an occurrence of an incident in the organisation.
Introduction
Securing systems against malware attack in an interconnected organization environment may prove to be difficult and challenging with each day intrude or new product. There is no sole panacea for data and system security but a multi-layered security strategy. The strategies Gem Company includes in the strategy for securing their system include the development of an incident-response team, disaster-recovery Processes, and business-continuity planning
Development of Incidence Response Team
It is advisable that an organization should not wait for a security breach to occur in order to realize its unpreparedness but should make its staff prepared with incidence response plan detailing their roles and responsibilities, procedures and communication means. Without a clear tested plan, information security breach is almost an obvious occurrence, which in turn is costly and severe. For Gem to have an effective incident response in place, it should determine best strategy for putting the structure in place and most probably consider what has worked for others. It should also consider the malware attack as the reason for establishing the strategy and clearly establish what should be achieved. This person may assume the title of the response officer.
When developing the team, there is, need to have a member at the top most level of the management of the organization, who is responsible for the function of the team and accountable for the actions. There should be a person who leads the efforts of the team and coordinating all the activities of the groups within the team. This is the team’s manager responsible for managing all parts and processes, activation of the team and receiving all the alerts. This person reports to the response officer. An assessment team consisting of representatives from all the areas serviced by the team is also necessary who will update the manager with details of areas affected so that he may track and document and then activate the assessment team so as to discuss the incident and present the manager with the report. Response coordinators or leads from respective geographic areas and the response custodians who are technical experts are necessary stakeholders to the team.
It is important for the team to obtain the management support and establish their strategic plan. This should be followed by gathering relevant information to the team and then designing their vision. Thereafter the vision and the operation plan of the team should be communicated followed by implementation of the team then lastly announcing the operational team to the organization.
Disaster Recovery Process (DCP)
Disaster recovery is more than a plan but a process detailing procedures on how the Gem business information technology infrastructure can be protected and recovered in the event of an incident. According to Disaster Recovery Institute (2012), this is the area of business continuity that deals with technology recovery as opposed to recovery of business operations. Through this process, the organization should be able to recover data, information assets and facilities. It should also outline the time within which a business must be recovered in case of an incident in order to avoid unacceptable consequences because of break in business operations. This process should also detail recovery point objective in order to specify the age of files to be recovered from the backup storage so that the normal business operations may resume in the event of an incident. This helps establishing the maximum amount of data loss acceptable over time.
Business Continuity Planning (BCP)
This is a comprehensive organizational planning intertwined with the disaster recovery plan as the DCP is a component of interest to information technology and revolves around planning on business resumption, occupant emergency, incident management, disaster recovery and continuity of operations (Chad 2003). However, the business continuity planning may revolve around the five components, incident management planning is the only component that captures the information technology structure of the organization, which establishes procedures of addressing attacks against the organization’s information system.
Conclusion
There is never sole disaster recovery plan that may be singled out to be the right type and that may fit all disaster recovery in the event of an incident. All disaster recovery plans should however entail the three strategies of preventive measure, detective measure, and the corrective measure. This will assist the company to alleviate disaster occurrence, identify and reduce risks to mitigate incident from happening. Routine inspection of systems and offsite data backup is important for an organization.