IR Planning Committee

Create a list of stakeholders for the IR planning committee.

 

Assume that you have been tasked by your employer to develop an incident response plan. Create a list of stakeholders for the IR planning committee. For each type of stakeholder, provide the reasons for inclusion and the unique aspects or vision that you believe each of these stakeholders will bring to the committee

Make sure to follow APA style. Please make sure your submission is 2 – 3 pages in length and meet the minimum APA formatting guidelines:

•    12-pt, Times New Roman font
•    Double-spaced
•    1” margins on all sides
•    Please provide a title page including your Name, Course Number, Date of Submission, and Assignment name.
•    Paraphrasing of content – Demonstrate that you understand the case by summarizing the case in your own words. Direct quotes should be used minimally.
•    Reference Section (A separate page is recommended.) Please cite the source using APA formatting guidelines. If you need guidance or a refresher on this, please visit: https://owl.english.purdue.edu/owl/resource/560/10/ (link is external) Be sure to include at least three reference sources.
•    In-text citations – If you need additional guidance, please visit: https://owl.english.purdue.edu/owl/resource/560/02/ (link is external)

Solution

IR planning committee

  1. Q) Assume that you have been tasked by your employer to develop an incident response plan. Create a list of stakeholders for the IR planning committee. For each type of stakeholder, provide the reasons for inclusion and the unique aspects or vision that you believe each of these stakeholders will bring to the committee.

Incident Response is a vital component of every organization’s security.  Typically it provides safety when some incident occurs. A good IR team will also have subject matter experts who can guide your entire organization’s security strategy. However, even the best CSIRT team needs help. Handlers may be experts but want them spending time on the incident, not constantly refreshing their knowledge of the ins and outs of your environment. This can be solved by interacting with stakeholders in the business. Every organization is different. However, CSIRT must find a way to engage with equivalents of following groups.

  • IT Services: IR team needs to establish a relationship with all parts of IT Services organization. This includes networking, databases, developers, Hosting & Service providers team.
  • Security Management: We need more than CSIRT. The incident responders can be expected to own every aspect of security. we need to ensure they have a route to engage others parts of security and especially security management/ leadership teams.
  • Legal: Incident opens the door for lots of legal considerations. To make decisions about what to report and how significant an event may be. IR team should be technical experts, not legal experts. This means handlers must have a way of seeking guidance from real lawyers.
  • Human Resources: IR team need to able to handle these in the correct way. To enable this, the CSIRT needs to engage with HR.
  • Public Relations: It is vital that IR team engage with Public relation before and during incidents. The PR team is experts in making sure the IR message is the right one or not.

Reference:

http://www.halkynconsulting.co.uk/a/2015/12/incident-response-key-stakeholders/

A system administrator

The IT    member  will refer  to  their contact  list  for   management personnel to be contacted, incident response members to be contacted. The staff member will call those designated on the list. He or she  will contact the incident response  manager  using both phone and email and messages while being  sure of the other appropriate and  backup personnel  and designated managers  are  contacted. The member   will log in the information received with the same format as the grounds  security  officer. 

Should List all sources and also  check out  whether they  have contact  information and procedures . normally  each one of the  sources would contact one  reachable entity  like  grounds security office.

               The security department or a security person.

 On The grounds security office it will refer on to the IT emergency contact list and effected department contact lists and call all the designated  numbers on the  order on the list. This office will  will log:

  1. a) The names of the caller.
  2. b) Time the call had been made.
  3. c) Contacts of the
  4. d) The nature and type of the incident.
  5. e) What equipments or persons that were involved?
  6. f) Location of persons involvement.
  7. g) How incident was 
  8. h) When the event was first noticed

 Helpdesk

For  providing the   end user with the information and support regarding the report of the   The purpose of a help desk  will be  to troubleshoot  problems and  provide guidance about the report that the committee came up with     

Manager

He has to be there to know the progress of the committee and also give some guidelines on what should be done about the incidence. He is the overall boss of the committee and every thing that committee sees it is good for implementation the the manager is there to confirm whether is is possible or not.

firewall administrator

To help in the administration of the system together with the system administrator and to Consider whether the  procedure and  policy was  followed which allowed the intrusion, and also consider what could  have been  changed to ensure that the procedure or policy was followed even in the future

How to Conduct a Risk Analysis and Security Survey to Protect Your Assets

Technology changes but the basics remain.

There can be little doubt that security has changed over the recent years. We face a radically new threat landscape and huge technology leap realised by the internet of things (IoT). IP-enabled security has clearly brought many advantages, transforming security systems into a more integral operational role rather than just a security tool, thus raising client expectations and attracting IT departments and new security providers from the IT sector.

That said, the strength of the security professional is in understanding security and risk and the fundamental role of electronic security measures remain the same: the protection of assets. So the process for defining appropriate security measures and their suitability and fitness for purpose for a facility has changed little, revolving around undertaking a risk analysis and security survey, which should be methodical, systematic and thorough.

The protection level for a building primarily depends on risk. The risk analysis identifies probable targets – people, property, information, and the probability and impact of an attack, while the security survey ensures that all pertinent information to design and implement commensurate security systems and measures is obtained.

Stage one is about intelligence gathering: collecting information on the organisation, its operations and objectives, followed by a risk assessment to identify assets requiring protection and their value/attractiveness. As well as defining the threats – break ins, robbery, arson, trespass, insider attack etcetera – and the type of adversary likely to be encountered.

Stage two, involves obtaining details of the facility, including the location – whether inner city, commercial rural, etcetera – previous history, boundary, building structure and condition and any existing protective measures such as alarms, bolts, bars. This should be a structured process undertaking observations, interviews with key employees, crime prevention officers and, if possible, insurance assessors.

It should be supplemented with historic data, crime records, site plans and drawings, where available. A survey checklist ‘Location Survey Checklist’ based on the BS EN 50131-7 standard is also advisable as a useful aid memoire.

The final stage is the site walk through, or the survey. In the journal task, this would involve assessing the physical vulnerabilities, current security measures and their condition, and the types of system and devices to further mitigate the threat. The survey leads to the system design stage, which takes into account people, processes and the technology that needs integrating to meet objectives.

Starting with the ABC of risk, area, boundary, contents, is good practice, so the site survey begins at the boundary working towards the core to ensure a layered security approach. The shell of the building consists of all parts of the boundary of the structure: walls, floor, roof, including moveable parts such as doors and windows.

The shell needs viewing from outside as well as inside to ascertain any weak points. As well as the outer shell, there may be further shells within that require protection, for example a storeroom containing high value goods.

As the survey progresses through the building, there needs to be a careful assessment of the type of security device required and its deployment. It must take into account any influencing factors that may compromise the level of security, such as specifying the wrong device, or lead to potential sources of false alarms relevant to each technology type, such as water pipes, HVAC systems, lighting, electromechanical interference, extraneous noise, draughts, animals, signs and stock movement and other special considerations.

Once concluded the survey notes/information leads to the system design document, which also needs to incorporate adherence to the relevant standards and NSI/SSAIB codes of practice.

Reference material

BICSI (July 2012). Electronic Safety and Security Design Reference Manual, Third edition. BICSIÒ ISBN 1-928886-60-4

Mary Lynn Garcia (2008). The Design and Evaluation of Physical Protection Systems, Second Edition.

List of stakeholders for the IR planning committee

 

Create a list of stakeholders for the IR planning committee.

Assume that you have been tasked by your employer to develop an incident response plan. Create a list of stakeholders for the IR planning committee. For each type of stakeholder, provide the reasons for inclusion and the unique aspects or vision that you believe each of these stakeholders will bring to the committee

Make sure to follow APA style. Please make sure your submission is 2 – 3 pages in length and meet the minimum APA formatting guidelines:

•    12-pt, Times New Roman font
•    Double-spaced
•    1” margins on all sides
•    Please provide a title page including your Name, Course Number, Date of Submission, and Assignment name.
•    Paraphrasing of content – Demonstrate that you understand the case by summarizing the case in your own words. Direct quotes should be used minimally.
•    Reference Section (A separate page is recommended.) Please cite the source using APA formatting guidelines. If you need guidance or a refresher on this, please visit: https://owl.english.purdue.edu/owl/resource/560/10/ (link is external) Be sure to include at least three reference sources.
•    In-text citations – If you need additional guidance, please visit: https://owl.english.purdue.edu/owl/resource/560/02/ (link is external)

Is this question part of your Assignment?

We can help

Our aim is to help you get A+ grades on your Coursework.

We handle assignments in a multiplicity of subject areas including Admission Essays, General Essays, Case Studies, Coursework, Dissertations, Editing, Research Papers, and Research proposals

Header Button Label: Get Started NowGet Started Header Button Label: View writing samplesView writing samples

Custom Written Work

Guaranteed on Time

Achieve the Grade You ordered