Computer Incident Response

Posted: August 26th, 2021

Computer Incident Response

Name

Institutional Affiliation

Computer Incident Response

Question 1: Logistical Consideration in Incident Response Team

The incident response involves enacting preemptive measures to help an organization or government be well prepared in case of an occurrence or attack. The actions undertaken include planning, equipping staff with the right tools, training employees to react to different scenarios, evaluation of protocols put in place, and necessary mitigation measures(Van der Kleij, Kleinhuis & Young, 2017).In this case, the computer security incident response team (CSIRT) is tasked with responding to computer-related security breaches by unauthorized personnel (Alsmadi, 2019). With the ever-increasing adoption of Internet services in organizations, incidence response is growing in popularity because of the need to address threats posed by exposure to cyber-attacks(Prasad & Rohokale, 2020). Thus, there are emerging logistical challenges, especially when trying to integrate the different factions of organizations to deal with data breaches.

Notably, the incident response team should undertake various preparations that include incidence identification, containment of the event, eradication, recovery, and documentation of the lessons learned. The team should be well-versed with these steps to adequately ensure the smooth handling of any emerging threat(Van der Kleij, Kleinhuis & Young, 2017). Besides, there should regular internal audits are done to authenticate an organization’s threat preparedness. Moreover, proper documentation of procedures to be embraced during a disruptive event should be enforced to capture all the details in an incidence occurrence (Alsmadi, 2019). More so, triggers and signals such as missing information, which can result in an incident need to be well defined and documented. Also, all organization members should be well trained on strategies to identify threat indicators, and conduct investigation systems should be introduced and work with collaboration from external resources(Van der Kleij, Kleinhuis & Young, 2017). Therefore, a triage process should be set up to aid in the classification and prioritization of incidents and assigning of tasks to different personnel.

Consequently, recovery of lost data and system control should be a priority in the aftermath of an incident. The recovery manual should entail the necessary steps to transition from an actual data breach to the resumption of standard procedures(Prasad & Rohokale, 2020). Besides, the benefits of reporting should not be understated as it aids in the satisfactory revision of incidents, which results in the implementation of better coping measures in the future (Prasad & Rohokale, 2020). Hence, reviewing the processes should be performed regularly to keep up with emerging trends and technologies as the team endeavors for perfection(Alsmadi, 2019). Thus, to ensure there are no hiccups in the response procedure, regular practice sessions should be carried out until all steps become second nature to the response team personnel.

Question 2: Parties in Managing Computer Incident Response

The CSIRT is the main body tasked with reacting to a security intrusion, though collaboration with outside parties is required to bring the situation under control. Therefore, experts in cybersecurity legal frameworks should be consulted to prevent or minimize lawsuits in the occurrence of a computer security breach by unauthorized persons (Van der Kleij et al., 2017). Also, information sharing agreement templates need lawyers to ensure compliance with the law. The lawyers would assist in evidence collection and documentation while watching out for possible lawsuits. The public relations (PR) officers are equally indispensable in the event of a security breach. They act as the first point of contact with the media delivering precise press releases (Van der Kleij et al., 2017; Alsmadi, 2019). Hence, the PR team is responsible for updating the media on the course of action by the CSIRT in case of an occurrence. Their main task involves protecting the organization’s reputation and business interests.

Moreover, the consultation with the legal experts is highly necessary to strike a balance between protection of confidentiality agreements, personal information, and public information. However, inadequate preparedness compounded with a slow and uncoordinated response in the occurrence of a security threat andincident can result in the loss of intellectual property worth millions, if not billions of dollars (Ioannou et al., 2019). As such, organizations that have risks on data liability should utilize incidence response war games in testing the robustness of their response teams(Alsmadi, 2019). Therefore, the incident response team plays an irreplaceable role in handling security threats in the foreseeable future. Hence, organizations should invest heavily in their security infrastructure to avert a security crisis.

References

Alsmadi, I. (2019). Incident Response. The NICE Cyber Security Framework (pp. 331-346). Springer, Cham.

Ioannou, M., Stavrou, E., & Bada, M. (2019, June). Cybersecurity Culture in Computer Security Incident Response Teams: Investigating difficulties in communication and coordination. In 2019 International Conference on Cyber Security and Protection of Digital Services.

Prasad, R., & Rohokale, V. (2020). Secure Incident Handling. In Cyber Security: The Lifeline of Information and Communication Technology (pp. 203-216). Springer, Cham.(Cyber Security) (pp. 1-4). IEEE.Prasad, R., & Rohokale, V. (2020). Secure Incident

Van der Kleij, R., Kleinhuis, G., & Young, H. (2017). Computer security incident response team effectiveness: a needs assessment—frontiers in psychology, 8, 2179.