Incident Response Policy
Incident Response Policy
Incident response team is the team responsible for dealing with the IT incidents and also managing its impact to the company. The company should assemble a proper team then identify roles and responsibilities of the team members. Incident response team should include, Incident response Team leader who is responsible for directing and organizing the incident response team. The foremost duty is to manage incident response processes, policies and procedure updates that will deal with the future incidents. This person should be well conversant with risk management and IT security.
Then Incident Lead who is responsible for coordinating responses to any IT security incidences. Should be well conversant with IT security and also the types of IT equipments like networks, servers and firewall that incidents may occur. All the information concerning incidences must pass through this person first before it leaves the team then passed to the company leadership.
Incidence Support Members, these members include the following. IT Contact, this person should be highly conversant with company’s IT infrastructure. Management Representative, this person will be interfaced to the management staff and will be responsible for expressing concerns and ideas to and from this team, involving the management is exceedingly crucial when dealing with the incidences that may cause grave effect on operations of the company. Legal representation, this person will be responsible for legal procedures and ramification against the individuals that may cause IT security incident. Communications will be responsible for communicating details of the security incidences and how should be dealt with to save the business.
Disaster recovery process involves the creation of comprehensive details that will help the company in recovering from catastrophic events. There are some key phases in development of an effective disaster recovery process. The first one is data collection. Business impact analysis should be done regularly. Risk assessment should also be conducted regularly, offsite and onsite backup and the recovery procedures must be reviewed and also an alternative site location must be identified and ready for use. The second phase is plan development, and testing, this involves the development of disaster recovery plan and testing the plan. The third phase is monitoring and maintenance. This aspect involves periodic inspection of disaster recovery plan, maintenance of the plan through review and updates and also documentation of changes.
Business continuity planning helps the company recover exceptionally fast, in case, of any attack. Information technology systems require software, hardware data, and continuity. If there is a component is missing, then the system may not run. Also, it may cause some business applications to fail. Some of the business continuity planning includes internal recovery strategies, hardware at the alternative facility should be configured to run similar software and hardware applications. This will help in backing data offsite and this data can be restored in case of any failure in the company premises.
There should also be the use of vendor-supported recovery strategies. The company should have vendors to provide hot sites for IT disaster recovery. Data security servers, data streams, and applications can be hosted. They can also be managed by the vendors, and this information can be accessed at an alternative site using a web browser. When any outage is detected, at the company by the vendor, there will be automatic holding of data until the clients systems are fully restored. They can also provide detection of malware threats and data filtering which will enhance the security.
Developing an IT recovery plan by compiling an inventory of software, data and hardware applications, this will ensure that all critical information is backed up. Critical data, software applications and hardware required to run them should be identified. Standardized hardware should be used because it will help in reimaging and replication of the new hardware. This will ensure that copies of the software are available and will enable reinstallation on the replaced equipment.
References
Travelers. (2014). Create a business continuity plan. Retrieved 9th June 9, 2014 from <https://www.travelers.com/prepare-prevent/protect-your-business/business-continuity/create-plan.aspx>
Rothstein, P.. (2007). Disaster recovery testing: Exercising your contingency plan. Brookfield: Rothstein Associates.
Wilson T. (2011). Creating a Computer Security Incident Response Team. Retrieved 9th June 2014 from <http://blog.pluralsight.com/it-security-incident-response-plan>
Snedaker, S. (2007). Business continuity & disaster recovery for IT professionals. Burlington: Syngress Publishing, Inc.