Computer Security Incident Handling Guide develop an Incident Response Plan (IRP) that will address one or more of your security risks that you identified in your Risk Assessment.
Computer Security Incident Handling
A) Complete and submit the following completed table
B) Prepare a presentation in which your team presents 1) overview 2) summary of findings 3) drill down on the high risks – discuss why you felt they presented a greater risk to the agency 4) Recommendations for all of your significant findings (don’t worry about the low ones). 5) Research a technical solution (a product), that can help the agency “get healthy”. Describe (in your own words, not the vendor’s words) how the tool can help solve the risk it is intended to address
Using NIST’s SP 800-61 “Computer Security Incident Handling Guide), develop an Incident Response Plan (IRP) that will address one or more of your security risks that you identified in your Risk Assessment. Google and find other actual IRPs on the Internet and review to see what type of information is included. At a minimum, your plan should include the following sections:
· Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP?
· Training: specify a training frequency
· Plan testing: How (and how often) will you test the plan?
· Incidents: What defines an “incident”? Define some security incidents that you may encounter on your network.
· Incident Notification: What happens when an incident is detected?
· Reporting/tracking: How will you report and track incidents? What about capturing “lessons learned”?
· Procedures: Select one of your security risks identified in your Risk Assessment. Prepare procedures for addressing the incident in the event that the incident actually happens. In this section, address the following subsections specific to your risk that you are identifying.
o Detection and Analysis
o Recovery and Post-Incident Activity (see Appendix A)