Incident Response Plan, Research Paper Example

Introduction

An incident response plan is a systematic organizational approach to a dressing and managing the aftermath of a security breach in case of an attack or incident whose aim is to manage the circumstances in a way that reduces or eliminates damage and reduces costs and recovery time. It includes a policy that outlines the constituents of an incident and provides a step-by-step procedure that needs to be adhered to in case an incident occurs. This response plan is conducted by a computer incident response task force team that’s carefully selected from different departments in the organization in addition to the security and computer information technology staff (Lucas & Moeller, 2004). This strategic plan can be done following the following six steps.

1. Preparation
2. Identification
3. Containment
4. Eradication
5. Recovery
6. Lessons learnt and Recommendations

These steps if followed carefully should enable the organization not only deal with the incident without raising another one but also help in reducing future attacks significantly since after the incident, not only is the staff aware but it is also alert and ready in case of a future attacks. It also brings to light the loop holes that had initially been overlooked hence create a thorough security to ensure no future attacks. The task force team created should be from every department that comes into direct contact with the computer systems. This will ensure that there is a representative from every department that’s vulnerable to attacks. The representative will then disseminate the knowledge to the rest of the staff in the respectable departments. Snedaker (2007) insinuates that the general purpose of incident response plan is therefore to identify whether the event is in fact an incident then contain the incident thus avoiding further incidents while eradicating the present one by discovering its root cause and removing it and in the process restoring any data lost in the incident from the back up then analyzing the incident, how it was handled and making recommendations for better future response and recurrence prevention.  While on the process, the plan also includes a preparation package which involves educating the users and the technology department staff on the benefits of restructured security procedures and trains them on quick and correct response to computer and network security incidents (Lucas & Moeller, 2004).

Recommended Process for Wireless Devices

To prevent theft or unauthorized access of a wireless network, it must always be secure from the public and others in the organization. The host computer and the server should be safely kept out of reach and workstations shouldn’t be left unattended. There are many default settings of the servers that make them vulnerable to hacking therefore, all settings should be carefully evaluated and altered starting with the SSID, encryption, SNMP and clock settings. Whitman & Mattord  (2010) postulate that disabling the SSID broadcasting and closing all unnecessary applications, ports, and protocols are also among other measures to take.

It is also important that any unofficial devices that are detected must be quickly disabled. The IDS/IPS should be able to perform all the three functions namely Rogue AP detection, unsafe configuration detection and malicious activity detection.  “Its logs must be carefully configured and reviewed. The log file prefix, level of logging and the log auto-roll settings must also be configured such that if there’s something abnormal found, it must be investigated” (Wilding, 2006). Data passing over the network should be encrypted using SSLv3/TLS or IPSEC. It is highly recommended to treat wireless networks as open networks, even when using WPA or WPA2 encryption hence the best encryption to implement on the wireless connection. The organization must also put together some acceptable usage policies and procedures. This requirement recommends a policy regarding access of data from wireless devices which include prohibiting transfer or caching of data to local hard drives or removable electronic media (Lucas & Moeller, 2004).

Recommended Process for Wired Devices

The organization is already running on a wired network hence the recommendations to be put across are in addition to the ones already in place. Currently the organization is using the wired equivalence privacy (WEP). The two methods of authentication used with WEP are open system authentication and shared key authentication. These methods are not very secure hence I recommend use of encrypted tunneling protocols such as IPSec and Secure Shell protocols that provide secure data transmission over an insecure network (Whitman & Mattord, 2010). The organization should also use firewall software and anti spywares that are kept up to date and always on to ensure no external access to the network. Data should be backed up in case of an incident and the backup kept out of the network.

Difference between the Wireless/Wired Devices

With wireless connection, the connection is made and transmitted through waves that do not go through no wire or chords. The connection is made using radio waves and the data packets are transmitted as the waves. With wired connection, the connection is made using chords otherwise known as network cables and the data is transmitted through the cables as electric signals. The devices are connected through cables and there will be no connection without the cables. The difference between a wireless and wired connection is that in wireless there is no cable required to connect the devices while in wired the cable is the only way to connect the devices. In terms of data transmission, in wireless connection data is sent and received as radio waves while in wired connection data is sent and received as electric signal pulses. Wireless connection is less secure compared to the wired connection hence tougher measures are taken to ensure safe connection (Wilding, 2006).

Conclusion

An incident report plan is crucial to organizations continuity in case of a security breach. Hacking is becoming a day to day event in the modern world. Hackers seek to gain access to networks with diverse reasons but in most cases it is to gain access to information with which they use against the respective organization. Organizations go to great heights in ensuring that their information is not only secure but also kept away from their rivals and enemies (Lucas & Moeller, 2004). In business people play dirty games in the name of competition and so this will always see companies paying huge sums of money to hackers for information. It is therefore necessary to have contingency plans to safeguard the well being of the organization and be ready to absorb the shock and continue with work after an attack or incident.

Most incidents render an organization dysfunctional and so the main purpose of an incident response plan is to guarantee the fact that that even after the occurrence, the organization will be able to pick up its pieces and continue with its operations (Snedaker, 2007). In short, the incident response plan in addition to measures that are taken to ensure security in an organization are contingency plans that an organization cannot afford to do without.

References

Lucas, J., & Moeller, B. (2004). The Effective Incident Response Team. Upper Saddle River, NJ Addison-Wesley Professional.

Snedaker, S. (2007). Business Continuity & Disaster Recovery for IT Professionals. New York, NY: Syngress.

Whitman, M. E., & Mattord, H. J. (2010). Management of Information Security. Atlanta, GA: Cengage Learning.

Wilding, E. (2006). Information Risk and Security: Preventing and Investigating Workplace Computer Crime. New York, NY: Gower Publishing, Ltd.