The corporate world has successfully set elaborate measures in a bid to expanding its status as a successful field. As concerns this issue therefore, every organization should include an Incident Response Policy (IRP) as part of its overall business continuity plan (BCP). In the face of the dynamic alterations that have characterized the events of the business field, it has become a critical requirement for companies through its BCP to know how to minimize security vulnerabilities and respond to security incidents in a well organized and thorough manner. A security incident in any adverse event or threat could affect the organization’s information systems. Incidents could be unauthorized access, malicious code (e.g. viruses), network probes and defiance of service attacks.
It is therefore necessary that the organization maintains a proper information security system. Keeping managerial information assets secure in today’s interconnected computing surroundings is a challenge. There is no one solution for securing data and thus a multi-layer security strategy is required, which include, Computer Security Incident Response Team (CSIRT). Although they will differ on how they operate depending on the available staff, expertise, budget and recourses, steps involved in developing a CSIRT include the following:
Obtaining management support which must be shown in many ways including provision of resources, funding and time to the team for implementing CSIRP, the team could comprise executive and business or departmental managers and their staffs. Management’s support will also sustain CSIRT operations and authority for long term as once the team is established; it requires backing by management to prevent its long term success from jeopardy. (Kirvan 2009)
In addition to the steps, the company needs to determine the CSIRT development of strategic plan. This will involves administrative issues such as timeframes involved, the project group, its members, stakeholders’ representation in the group, how to record and communicate the information especially if the team is geographically dispersed. The third step involved is gathering relevant information to determine the incident response and service needs that the organization has. This helps determine the type of service to offer and skills and expertise the CSIRT staff will need. For instance, if the organization has been a victim of computer virus or worm activity, it will need staff with virus experience to handle the response in a very effective way. (Hoog 2011)
Thereafter, the company should design a CSIRT vision. The information gathered brings to the forefront the incident: response needs of the constituency and as the organization builds its understanding of management expectations, it begins to identify key components of CSIRT. This allows it to define the vision of CSIRT, its goals and functions. It is imperative that there be a clear understanding on the definition, expectation of CSIRT as to what the staff thinks, what the team will do, and what the managers and general constituency think the CSIRT will do. All these thoughts are varied and special in their own way. (Hanna 2009)
In creating a vision, the company needs to identify its constituency i.e. it’s are of operation to basically identify what the CSIRT supports and services, define its mission, goals and objectives, select service to provide, determine organizational model, required resources and estimate the funding required. Afterwards, the CSIRT vision and operational plan needs to be passed on to the management, your constituency and others who need to know and understand its operations.
After communicating the vision, the company has to start putting in place the relevant measures once the management and constituency’s buy-in is obtained. This is done by hiring and training of initial CSIRT staff, buying of equipments and building necessary framework and infrastructure to support the team. It also involves setting of initial CSIRT policies and procedures to support their services, defining of specifications and building of incident tracking system and finally development of guidelines and forms for your constituency finally announce the CSIRT and makes an analysis of its effectiveness. (Tipton 2007)
The composition of the Incident recovery policy can be expanded to involve a disaster recovery (DR) process and effective planning processes that define policies and procedures involved in recovering disrupted systems and networks and in this way helping them to resume normal operations. It is a subset of a larger process known as business continuity planning (BCP) While BCP involves keeping all aspects of a business functional in the midst of disruptive events; disaster recovery focuses on the technology supporting the business function. The process should minimize the disruption of operations and ensure some level of organizational stability and a systematic improvement after a disaster.
The development will entail; identifying potential intimidation to your IT infrastructure, determine which infrastructure elements are most vital to the performance of the company’s business and prioritize their recovery time objective thereafter delineate the steps required to restart, recover and reconfigure them. (Hiatt 2000) A comprehensive DR includes all relevant suppliers’ contacts, source of expertise and a logical sequence of action steps for a smooth recovery.
In consideration to the investments businesses make in their IT infrastructures, they should also invest sufficient time and resources to protect those investments from unplanned and potentially destructive events which may be disastrous to the company’s prosperity. [IT Disaster recovery, Plan Template] Kirvan. Without an incident response policy, an organization will be unable to control, monitor information systems, and respond to electronic incidents which may consequently lead to loss of money, bad public relations and even additional security risks.