Incident Response Team, Research Paper Example

Incident Response

Incident handling procedures are not similar as they vary on different business processes of the organization. Network dictionary defines incident handling as “Incident Handling is an action plan for dealing with intrusions, cyber-theft, denial of service, fire, floods, and other security related events. It is comprised of a six-step process: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned”. Depending on the nature of business, processes can be associated with law enforcement agencies, government institutions, public information providers, information technology etc. in order to handle security incident within the organizations, teams are created that are called as incident response teams. As per network dictionary, “Incident response team refers to a group of people who are responsible for handling information security incidents when they occur”. Incident handling is an essential process as security incidents that are initiated in organizations, breach data servers containing confidential and mission critical data and disrupt business processes. The impact of these incidents provides severe losses in terms of organization reputation in the market, trust in customers and credibility.

This proposal is constructed on the basis of a questionnaire and will highlight solutions for minimizing incident handling and security breaches in an organization. The effective incident management approach will minimize issues related to security breaches and other possible threats. The information provided in this proposal is handled with strict confidence. The objectives for this research proposal demonstrate:

• Research and studies conducted to improve incident management and security breaches
• highlighting security management issues with the aid of questionnaires

In this decade, Security management has become far beyond advanced as compared to simple security techniques. The factors that are increasing demands on security management are:

• Attacks on information systems have significantly increased
• Legal regulations in order to standardize audits and security functions
• Interest of management to gain control for the security of business functions along with cost

These three factors need to be handled to provide better security. In order to tackle all three factors, Christian Frühwirth, recommended an event based intrusion detection system in 2008. The system will support these three factors by:

• Advanced tools incorporated with IDS to detect intrusions and eliminate attacks
• Standardized frameworks to handle legal compliance
• Efficient security management application tools to handle the management.

Moreover, an article was published related to compromise recovery and incident handling. The article highlighted mishaps from concerned security administrators for installing default programs from a compact disc. These stored programs on a compact disc facilitates hackers to breach security by storing porn contents, configuring an illegal server, initiating attacks on other information assets and breaching server on the network. In order to eliminate all these threats and vulnerabilities, reviewing and learning the functionality of threats is essential. This will certainly reduce the probability of security incident in organizations. One more research was conducted related to a Proposed Integrated Framework for Coordinating Computer Security Incident Response Team. Conventionally, computer security incident response teams (CSIRT) are responsive for viruses, hacking and unauthorized access of employees.

IPS/IDS Actions

As threats are detected within and from an external source, network administrator will follow these steps until the threats are detected and eliminated. However, these procedural steps can be replicated.

References

Incident Response Team. (2007). Network Dictionary, , pp. 242-242.

Incident Handling. (2007). Network Dictionary, , pp. 342-342.