Discussions And Research Paper Discussion 1:
Support services is a broad category that refers to any team that supports an organization’s IT and business processes. The help desk, for example, is a support services team. Support services are vital when an incident impacts the operational performance of an organization. Answer the following question(s):
What are five types of support services in a typical large organization?
Should the same or different support services be available when an incident impacts the operational performance of an organization? Explain your answer.
Fully address the questions in this discussion; provide valid rationale for your choices, where applicable; and respond to at least two other students’ views.
Discussion 2 :
A simulated disaster and comprehensive recovery test may involve many of an organization’s key personnel for several days: is this a reasonable burden to place on a busy, competitive company? How would you argue against the inevitable tendency to shortcut the procedure? ***Standard for all discussion posts: Please make your initial post and two response posts substantive. A substantive post will do at least two of the following:
Ask an interesting, thoughtful question pertaining to the topic
Answer a question (in detail) posted by another student or the instructor
Provide extensive additional information on the topic
Explain, define, or analyze the topic in detail
Share an applicable personal experience
Provide an outside source (for example, an article from the UC Library) that applies to the topic, along with additional information about the topic or the source (please cite properly in APA 7)
Make an argument concerning the topic
At least one scholarly source should be used in the initial discussion thread. Be sure to use information from your readings and other sources from the UC Library. Use proper citations and references in your post. Lab :
Part 1: Research Incident Response Plans (0/2 completed)
Note: In this part of the lab, you will research incident response teams to form a basis for their purpose and usage. Understanding the reason behind an incident response team is key to understanding the related policies and procedures.
1. Using your favorite search engine, search for a sample incident response plan.
2. Review the plan.
3. Describe the key components within the incident response plan you identified. Be sure to cite the plan by including a link.
4. In your browser, navigate to “A Six-Stage Methodology for Incident Response,” at http://my.safaribooksonline.com/book/networking/incident-response/1578702569/a-methodology-for-incident-response/ch03lev1sec2 .
5. Review the six steps listed on the website.
6. Outline the six-step methodology for performing incident response. List each step and its purpose. How closely does the plan that you reviewed follow this methodology?
Note: It is impossible to know at the beginning of any incident whether the case might become a court case. A good incident response team should approach every incident assuming that evidence documentation is required.
Part 2: Create an Incident Response Policy (0/7 completed)
Note: There are many types of incident response plans. Remember that a plan is different from a policy. A policy is a high-level document that describes the organization’s stance on the particular topic and how it will comply with related governance and laws. A plan, on the other hand, is how the policy will be executed. An incident response plan should be generic enough to cover a variety of scenarios but also specific enough that an organization can quickly mobilize during an incident. Names of specific people should never be used in an incident response plan. Rather, roles and titles should define who is responsible for what portion(s) of the plan.
1. Navigate to “Security Policy Templates” at https://www.sans.org/information-security-policy/, then locate and review the “Security Response Plan Policy”.
2. Describe how this policy would be associated with an incident response plan.
Note: When responding to an incident, remember who the provider of information is and who the consumer is. Senior management approves the response policy and budget, but it does not possess the subject matter expertise to handle the incident. Meanwhile, the incident response team should make only recommendations to management, not make decisions that might impact business. It is up to senior management to either give or deny approval. Management remains the consumer and chief decider, based on information provided to it by the experts.
3. Review the following characteristics of the fictional Bankwise Credit Union:
· The organization is a local credit union that has several branches and locations throughout the region.
· Online banking and use of the internet are the bank’s strengths, given its limited human resources.
· The customer service department is the organization’s most critical business function.
· The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees.
· The organization wants to monitor and control use of the internet by implementing content filtering.
· The organization wants to eliminate personal use of organization-owned IT assets and systems.
· The organization wants to monitor and control use of the e-mail system by implementing e-mail security controls.
· The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into its annual security awareness training.
· The organization wants to create an incident response team to deal with security breaches and other incidents if attacked and provide full authority for the team to perform whatever activities are needed to maintain chain of custody in performing forensics and evidence collection.
· The organization wants to implement this policy throughout the organization to provide full authority during a crisis to the incident response team over all physical facilities, IT assets, IT systems, applications, and data owned by the organization.
4. Create an incident response policy that grants team members full access and authority to perform forensics and maintain a chain of custody for physical evidence containment. Create this policy for the Bankwise Credit Union.
Bankwise Credit Union
Incident Response Team – Access and Authorization Policy
Policy Statement Insert policy verbiage here.
Purpose/Objectives Insert the policy’s purpose as well as its objectives; use a bulleted list for the policy definition. Define the incident response team members and the authorization and authority granted to them during a crisis or while securing an incident situation.
Scope Define this policy’s scope and whom it covers. What elements, IT assets, or organization-owned assets are within the scope of this policy? What access and authority are granted to the incident response team members that may be outside of standard protocol?
Standards Does this policy point to any hardware, software, or configuration standards? If so, list them here and explain the relationship of this policy to these standards
Procedures Explain how you intend to implement this policy across the organization. Also, define and incorporate the six-step incident response approach here along with how the chain of custody must be maintained throughout any evidence collection process.
Guidelines Explain any roadblocks or implementation issues that you must address in this section and how you will overcome them per defined policy guidelines.