Professional Documents
Culture Documents
Incident ResponseWA
Incident ResponseWA
Incident ResponseWA
Williams Armah
Incident Response
Capella University
Abstract
The disruptive, deceptive cyberattacks and damaging malicious code which have become
diverse and advanced in affecting information security of the organization. Which is handle with
the preventive security controls from the mitigation risk assessment by reduction in the network
system security incidents, preventable incidents and incident response events for a real-time
detecting network system incident, reducing the impact it will have on the organization
information system, dealing with any network system vulnerabilities in processes and restoration
This paper will “evaluate the different elements of incident response framework. this
paper, we will further discuss the roles and duties from the quality incident response in any
organization. The paper will also state the framework for any incident response in an
organization by given detailed attack scenario, there is also further analysis of concepts and ways
of ensuring that first responder in the complaint of chain of custody rules where evidence is
gathered in much-secured way of documentation, collection, and storage of legal evidence for
Table of Content
Cover Page,
Abstract.
Table of Content.
Introduction/ Body
Conclusion
References
INCIDENT RESPONSE 4
Introduction
constantly these threats mitigated by incident response plan. To establish the incident response
plan which will allow any organization corporate effective procedures for their enterprise
information system security. These enterprise information system security workflow for incident
response consist of the organization and the information system technology from a single plan
view. Michelle (2001) states that the incident response concepts are from acting on what we can
manage in the network system to is who responsible for the effective mitigation of incident.
What are our security monitoring of the network system by the incident response? With define
framework for incident response plan is the operation will organization has in dealing with any
security incident, detection of malicious cyber attacks to the information system, examination of
gathered malicious security incidents, how to mitigate, eliminate and containment of security
incident and what will be the post-incident events. By preparation, the organization laid downs
the needed foundation for the preparation of incident response procedure. In this foundation of
incident response by stating in the information security governance and compliance procedure
document. Some of the procedure that will be found in the policy document is Tech support for
around the clock support in the organization and by who, establishment network system security
monitoring and technologies for operations. Awareness by continuous training of the employees
responders with all the needed equipment’s, network system protocol management skills, having
secure email communication for handling incident response and testing the incident responding
INCIDENT RESPONSE 5
policy and intrusion detection from precursor’s and indicators alerts (Michelle, 2001, p 4-7).
Detection and examination of a security incident and how the employees are notified by
automated alerts system for the operations of employee’s incident hunting incidents and further
analysis of the administrative security tools for detecting and alerting security incidents. Paul,
20012 says that administrator seeks to find any abnormal network system behaviors events from
the incident hunting tools, further review of security incident email alerts on a constant basis.
What are in the alerts reports detailing and further communication the alert communication with
rest of the incident response team. Security incident mitigation, containment and recovery where
location, using application and malicious software in the containment or rebuilding of the host
network system. Finally, the post-incident response activities are for all responder to review and
discussed the security incident and restructuring and improvement of security incidents. Also, for
the metrics performance updates of incident response. Retainment of evidence by define timeline
The roles and responsibilities in the incident response team, they are responsible for the
identification and suspects of any security incidents which happens in an organization network
system. Since these incident administrators examine security incident data, what will be the
impacts to organization information system, the employees available for security incident
mitigation, the incident response team structure is made of the Central incident response team is
the main team for the mitigation of security incident, distributed IRT which is multiple IRT duty
charge of logical and physical needs of the organization and Administration team who are
responsible for advisory to the other teams in IRT. The staffing of IRT is made of employees of
the organization, partial or full outsourced members of staff. The incident response personnel are
INCIDENT RESPONSE 6
made of Team manager, assistant manager, technical leads with excellent skills in network
IRT have dependencies with organization structure such as the organization management,
information assurance, IT support, legal, HR, public affairs and BCP. Who are offering services
of the organization network system intrusion detection, advisory, awareness and information
The roadmap for incident response is through the organization information security
governance “incident response life cycle- Preparation, detection and analysis, containment
eradication and recovery, post-incident activity (Paul, Tom, Tim, Karen, 2012, p 18)”.
such as the preparations to the handling of a security incident from the contact information, on-
call data, incident reports data, incident issues tracking system, an encryption application, war
room, secure storage facility, digital forensic workstation/ secure storage facilities/devices.
Incident examination resources such as any port list, database documentation of network system
infrastructure diagram, network system baseline and application, and OS products. Michelle says
that the procedure (2001) in the preparation consisting of how to prevent security incident, risk
assessments, host and network security, malware and attack vectors security defense, Awareness,
and training.
The incident examination is from the intrusion detection by creating profiles of any
expected and unexpected activities, understanding of the network system normal or abnormal
behavior. Lo retention procedure creation and also, the event correlation. Baseline information
network system maintenance, constant network system monitoring by packet sniffing, filtration
of data. The security incident is prioritized base on its functionality, impact, and recovery. The
INCIDENT RESPONSE 7
notification of security incident to the appropriate employees to respond to the incident such as
CIO, Manager for Information Security, the different incident response teams through media,
Containment, mitigation, and recovery are where the administrator choose the best
strategy that works for them in the containment, mitigation, and recovery for a security incident,
with containment is the need for legal evidence preservation, network system service availability,
and recovery are where the organization information security managers do away with any
security incident detected malware, disabling any user accounts on user management (Paul, Tom,
Chain of custody is basis pillars of any digital forensic of how legal evidence were handle
show who and who handles this legal evidence throughout investigation days and time from the
evidence from hardware, applications and other media devices are tagged, store and documented
References
Capella University, 2019, Course room, unit 8, Incident response, Date Retrieved 02/28/ 2019,
https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_
162482_1&content_id=_7268977_1&mode=reset
ACSC, 2017, Strategies to Mitigate Cyber Security Incidents – Mitigation Details, Date
details.htm
Michelle Borodkin, (2001), SANS, Computer Incident Response Team, Date retrieved
03/02/2019, https://www.sans.org/reading-room/whitepapers/incident/computer-incident-
response-team-641
Paul Cichonski, Tom Millar, Tim Grance, Karen Scarfone, (2012) Computer Security Incident
https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf
INCIDENT RESPONSE 9