Project Part 2 Task 3Victor SabaniITT
Project Part 2 Task 3
Victor Sabani
ITT Technical Institute
1. Introduction
2. The creation of this Computer Incident Response Team (CIRT) will provide the necessary tools and experience needed for when an incident occurs. Due to the sensitive nature of the information contained herein, this manual is available only to those persons who have been designated as members of one or more incident management teams, or who otherwise play a direct role in the incident response and recovery processes.
3. Unless otherwise instructed, each plan recipient will receive and maintain two copies of the plan, stored as follows:
One copy at the plan recipient 's office
One copy at the plan recipient 's home
4. It is the responsibility of each manager and employee to safeguard and keep confidential all corporate assets.
5. The following teams will appear throughout this plan:
Threat Assessment Center
Executive Incident Management Team
Incident Management Team
6. Preparation
7. This phase as its name implies deals with the preparing a team to be ready to handle an Incident at a moment’s notice. An incident can range from anything such as a power outage or hardware failure to the most extreme incidents such as a violation of organizational policy by disgruntled employees or being hacked by state sponsored hackers (Beijtlich).
8. There are specific elements in this section that help this team against any potential issues where their performance maybe hindered in as a result;
9. a. Policy – Written policies are one of the first steps in the inception of this team. A policy provides a written set of principles, rules, or practices within an organization; Policies are one of the keystone elements that provide guidance as to whether an Incident has occurred in an organization. It can also show management buy-in and support of the team. A simple login banner can be one way to ensure that individuals attempting to log into an organization’s network will be aware of what is expected when
Victor Sabani
ITT Technical Institute
1. Introduction
2. The creation of this Computer Incident Response Team (CIRT) will provide the necessary tools and experience needed for when an incident occurs. Due to the sensitive nature of the information contained herein, this manual is available only to those persons who have been designated as members of one or more incident management teams, or who otherwise play a direct role in the incident response and recovery processes.
3. Unless otherwise instructed, each plan recipient will receive and maintain two copies of the plan, stored as follows:
One copy at the plan recipient 's office
One copy at the plan recipient 's home
4. It is the responsibility of each manager and employee to safeguard and keep confidential all corporate assets.
5. The following teams will appear throughout this plan:
Threat Assessment Center
Executive Incident Management Team
Incident Management Team
6. Preparation
7. This phase as its name implies deals with the preparing a team to be ready to handle an Incident at a moment’s notice. An incident can range from anything such as a power outage or hardware failure to the most extreme incidents such as a violation of organizational policy by disgruntled employees or being hacked by state sponsored hackers (Beijtlich).
8. There are specific elements in this section that help this team against any potential issues where their performance maybe hindered in as a result;
9. a. Policy – Written policies are one of the first steps in the inception of this team. A policy provides a written set of principles, rules, or practices within an organization; Policies are one of the keystone elements that provide guidance as to whether an Incident has occurred in an organization. It can also show management buy-in and support of the team. A simple login banner can be one way to ensure that individuals attempting to log into an organization’s network will be aware of what is expected when
References: 267. Beijtlich, R. (n.d.). The Practice of Network Security Monitoring: understanding incident detection and response. [Books24x7 Version. 268. Creating a Computer Security Incident Response Team: A process for getting Started. (2006, Febuary 27). Retrieved January 2014, from Cert.org: http://www.cert.org/csirts/Creating-A-CSIRT.html 269. Incident Response Best Practices. (2008, September 25). Retrieved January 2014, from security.tennessee.edu: http://security.tennessee.edu/pdfs/IRPBP.pdf 270. Kirvan, P. (n.d.). Incident Response Plan Template. Retrieved January 2014, from SearchDisasterRecovery: http://www.SearchDisasterRecovery.com/ 271. Kral, P. (2011, December 5). Incident handlers Handbook. Retrieved January 2014, from Sans.org: http://www.sans.org/security-training/The incident Handlers Handbook 272. Newman, R. (2007). Computer Forensics: Evidence Collection and Managment. Boca Raton FL: Taylor & Francis Group. LLC. 273. Responding to IT Security Incidents. (2011). Retrieved january 2014, from Technet.Microsolf: http:// technet.microsoft.com/en-us/library/cc70825.aspx 274. UFIT Security Incident Response Procedures, Standards and Guidelines. (n.d.). Retrieved January 2014, from UF Information Technology University of Florida: http://www.it.ufl.edu/policies/security/incident-response/ 275.