Report on Information Security Incident Handling for Marriott
VerifiedAdded on 2022/12/30
|14
|4482
|23
Report
AI Summary
This report delves into the critical realm of information security incident handling, focusing on the specific case of Marriott International. It begins by researching various frameworks, including ISO/IEC 27035-2:2016, NCSC, NIST 800-61, and CERT, to address data breaches. The report selects NIST 800-61 as the foundation for a customized incident handling model for Marriott. This model encompasses the definition of events and incidents, leading to the creation of an incident response policy, plan, and detailed procedures. The report also examines the integration of incident response with other security processes, the role of audit in ensuring effectiveness, and the governance and compliance issues. The report concludes with recommendations for management, emphasizing the need for robust cybersecurity processes, a flexible security plan, and employee training to mitigate future risks and data breaches. The report provides a comprehensive overview of the frameworks and the development of an incident handling model tailored for Marriott International.
Security, Audit and
Compliance
1
Compliance
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Executive Summary
This report is aimed at researching various models and frameworks of handling
information security incidents within a company. Marriott International Inc. is taken as company
for projecting an information security incident handling model in the wake of recent data security
breach in the company. This report includes discussion on the frameworks including ISO/IEC
27035-2:2016: Information Security Incident Management, National Cyber Security Centre
(NCSC), NIST 800-61: Computer Security Incident Handling Guide, CERT: Handbook for
Computer Security Incident Response Teams (CSIRTs) that company can adopt to handle
information security incidents. Then, NIST 800-61: Computer Security Incident Handling Guide
is chosen out of all and a model is developed for the company on its basis to handle the incidents.
Events and Incidents are defined to initiate the plan and based on the incidents defined, Incident
Response Policy, Plan and procedure are created. In it, incident response policy, incident
response plan, procedure elements, sharing information with related outside parties and incident
response team structure are discussed. Then, relationship of the information security incident
response with other information security processes are discussed. Along with a discussion on
role of audit in providing assurance about the effectiveness of incident handling process and the
governance and compliance issues raised and the professional roles involved in managing them.
In the final part, concluding summary of the report is provided followed by the recommendations
made to management regarding regular cyber security processes required to observe and the
flexible cyber security plan it needed to develop and should also provide training to its
employees so that they are able to identify that information of company is being compromised.
2
This report is aimed at researching various models and frameworks of handling
information security incidents within a company. Marriott International Inc. is taken as company
for projecting an information security incident handling model in the wake of recent data security
breach in the company. This report includes discussion on the frameworks including ISO/IEC
27035-2:2016: Information Security Incident Management, National Cyber Security Centre
(NCSC), NIST 800-61: Computer Security Incident Handling Guide, CERT: Handbook for
Computer Security Incident Response Teams (CSIRTs) that company can adopt to handle
information security incidents. Then, NIST 800-61: Computer Security Incident Handling Guide
is chosen out of all and a model is developed for the company on its basis to handle the incidents.
Events and Incidents are defined to initiate the plan and based on the incidents defined, Incident
Response Policy, Plan and procedure are created. In it, incident response policy, incident
response plan, procedure elements, sharing information with related outside parties and incident
response team structure are discussed. Then, relationship of the information security incident
response with other information security processes are discussed. Along with a discussion on
role of audit in providing assurance about the effectiveness of incident handling process and the
governance and compliance issues raised and the professional roles involved in managing them.
In the final part, concluding summary of the report is provided followed by the recommendations
made to management regarding regular cyber security processes required to observe and the
flexible cyber security plan it needed to develop and should also provide training to its
employees so that they are able to identify that information of company is being compromised.
2
Table of Contents
Executive Summary.........................................................................................................................2
Introduction......................................................................................................................................4
Main Body.......................................................................................................................................4
Proposed model – model selection..............................................................................................4
Proposed model – explanation....................................................................................................7
Discussion and evaluation of security incident response with other processes of the company
...................................................................................................................................................10
Conclusion and recommendations.................................................................................................11
References......................................................................................................................................13
3
Executive Summary.........................................................................................................................2
Introduction......................................................................................................................................4
Main Body.......................................................................................................................................4
Proposed model – model selection..............................................................................................4
Proposed model – explanation....................................................................................................7
Discussion and evaluation of security incident response with other processes of the company
...................................................................................................................................................10
Conclusion and recommendations.................................................................................................11
References......................................................................................................................................13
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Introduction
In today's age, almost data and information of an organisation are maintained on
computer system and data servers over internet. Information security is therefore, critical to the
company to maintain (Sabillon, R. and et.al., 2017). This report is aimed at researching,
proposing, evaluating and applying a suitable model for handling information security incidents
within a company. Marriott International Inc. is taken as company for projecting an information
security incident handling model in the wake of recent data security breach in the company. It is
an American multinational hospitality company which operates and franchises hotels and other
lodging facilities. This report includes discussion on the frameworks that company can adopt to
handle information security incidents. Then, an appropriate framework is chosen out of all and
developed for the company to handle the incidents. Also, discussed below are the relationship of
the information security incident response with other information security processes such as risk
management, role of audit in providing assurance that the incident handling process is effective
and the governance and compliance issues raised and the professional roles involved in
managing them. In the final part, strengths and weaknesses of the model are presented as
conclusion along with the recommendations to the management and the impact of any likely
developments in next few years.
Main Body
Proposed model – model selection
An information security incident is an interference with standard information technology
operations of an organisation or in other words, it can be said as a significant violation of
responsible use of information management policy of an organisation (Donaldson and Aslam,
2015). It is a threat of unauthorised access, breach, modification or destruction of information
whether successful or only suspected and attempted. In March 2020, Marriott International
disclosed a security breach which had resulted in data compromise of more than 5.2 million hotel
guests using their loyalty applications (5 Biggest Data Breaches of 2020, 2020). It was assumed
that hackers had obtained credentials of company employees by phishing or credential stuffing to
steal personal information of guests like names, birth-dates, telephone numbers, travel
information, loyalty program information, etc. Even earlier in 2018, hotel had suffered a data
breach. This shows loopholes in information security management of the company.
4
In today's age, almost data and information of an organisation are maintained on
computer system and data servers over internet. Information security is therefore, critical to the
company to maintain (Sabillon, R. and et.al., 2017). This report is aimed at researching,
proposing, evaluating and applying a suitable model for handling information security incidents
within a company. Marriott International Inc. is taken as company for projecting an information
security incident handling model in the wake of recent data security breach in the company. It is
an American multinational hospitality company which operates and franchises hotels and other
lodging facilities. This report includes discussion on the frameworks that company can adopt to
handle information security incidents. Then, an appropriate framework is chosen out of all and
developed for the company to handle the incidents. Also, discussed below are the relationship of
the information security incident response with other information security processes such as risk
management, role of audit in providing assurance that the incident handling process is effective
and the governance and compliance issues raised and the professional roles involved in
managing them. In the final part, strengths and weaknesses of the model are presented as
conclusion along with the recommendations to the management and the impact of any likely
developments in next few years.
Main Body
Proposed model – model selection
An information security incident is an interference with standard information technology
operations of an organisation or in other words, it can be said as a significant violation of
responsible use of information management policy of an organisation (Donaldson and Aslam,
2015). It is a threat of unauthorised access, breach, modification or destruction of information
whether successful or only suspected and attempted. In March 2020, Marriott International
disclosed a security breach which had resulted in data compromise of more than 5.2 million hotel
guests using their loyalty applications (5 Biggest Data Breaches of 2020, 2020). It was assumed
that hackers had obtained credentials of company employees by phishing or credential stuffing to
steal personal information of guests like names, birth-dates, telephone numbers, travel
information, loyalty program information, etc. Even earlier in 2018, hotel had suffered a data
breach. This shows loopholes in information security management of the company.
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Identification of information security handling frameworks
There are various degree and sources to the IT security incidents which can be tracked to
both hardware and software being compromised. All the security lapses pose different potential
risk to the organisation (Johnson, 2015). In the incidents, where no information has been
compromised, only threatened, is known as security incident whereas a security breach is the one
in which there is confirmed access of protected data in an unauthorised manner. There are
various frameworks that are helpful in management of cyber information security incidents:
ISO/IEC 27035-2:2016: Information Security Incident Management – It is an
international information security incident management providing framework for all
organisations regardless of their type, size or nature (Shin, Son and Heo, 2015). These
guidelines are based on the “plan and prepare” and “Lessons learned” phase of the
“Information security incident-management phases” of the original model that was
brought in 2011 (ISO/IEC 27035-2:2016). It includes preparing information security
incident management policy and plan, along with its testing, with the commitment of top
management. It also included establishment of incident response team (IRT), technical
and other support, awareness briefings and training, etc.
5
Illustration 1: IT Security Framework Options, 2019
There are various degree and sources to the IT security incidents which can be tracked to
both hardware and software being compromised. All the security lapses pose different potential
risk to the organisation (Johnson, 2015). In the incidents, where no information has been
compromised, only threatened, is known as security incident whereas a security breach is the one
in which there is confirmed access of protected data in an unauthorised manner. There are
various frameworks that are helpful in management of cyber information security incidents:
ISO/IEC 27035-2:2016: Information Security Incident Management – It is an
international information security incident management providing framework for all
organisations regardless of their type, size or nature (Shin, Son and Heo, 2015). These
guidelines are based on the “plan and prepare” and “Lessons learned” phase of the
“Information security incident-management phases” of the original model that was
brought in 2011 (ISO/IEC 27035-2:2016). It includes preparing information security
incident management policy and plan, along with its testing, with the commitment of top
management. It also included establishment of incident response team (IRT), technical
and other support, awareness briefings and training, etc.
5
Illustration 1: IT Security Framework Options, 2019
National Cyber Security Centre (NCSC) – It is a UK government organisation that
provides cyber security advice and incidents handling support (Antonucci, 2017). It is
entrusted with management of cyber incidents which are of national importance and for
other incidents, Action fraud takes charge on being reported as it is UK's national fraud
and cyber crime reporting centre. Its main aim is to reduce the ill-effects of cyber
incidents to the victims. To manage such incidents, NCSC provides technical advice and
guidance. They identify attacker, their motivation, possibilities of other victims and
extension of likelihood of cyber information compromise. If needed, they also provide
coordination in cross-government bodies' responses and communication (Incident
management, 2020).
NIST 800-61: Computer Security Incident Handling Guide – This is published by
National Institute of Standards and Technology of US Department of Commerce. This
guide acts as as standard which lists all the necessary documents like policies, incident
response plans, etc. It collects information flow and defines ideal life cycle of the
incidents (Computer Security Incident Handling Guide, 2012). It focuses on creating an
incident response policy and plan along with developing procedures for incident
reporting, communication with outside parties and establishing relationships between
outside parties like law enforcement agencies and incident response team.
CERT: Handbook for Computer Security Incident Response Teams (CSIRTs) – It is
one of the most used standards in the security incident management governance
area (Trim and Lee, 2016). This framework is designed around designing governing
policies around incident response. This handbook is focused on providing guidance
to create a Computer Security Incident response team (CSIRT). It defines nature
and scope of incident security handling of an organisation and the tools, procedures
and roles necessary for implementation of the service. Also, operational and
technical issues are covered like equipment security and staff training.
ISO NCSC NIST CERT
Organisational
structure
Non-government Government Government Government
Focussed on Incident- Reducing ill- Complete process Creating a
6
provides cyber security advice and incidents handling support (Antonucci, 2017). It is
entrusted with management of cyber incidents which are of national importance and for
other incidents, Action fraud takes charge on being reported as it is UK's national fraud
and cyber crime reporting centre. Its main aim is to reduce the ill-effects of cyber
incidents to the victims. To manage such incidents, NCSC provides technical advice and
guidance. They identify attacker, their motivation, possibilities of other victims and
extension of likelihood of cyber information compromise. If needed, they also provide
coordination in cross-government bodies' responses and communication (Incident
management, 2020).
NIST 800-61: Computer Security Incident Handling Guide – This is published by
National Institute of Standards and Technology of US Department of Commerce. This
guide acts as as standard which lists all the necessary documents like policies, incident
response plans, etc. It collects information flow and defines ideal life cycle of the
incidents (Computer Security Incident Handling Guide, 2012). It focuses on creating an
incident response policy and plan along with developing procedures for incident
reporting, communication with outside parties and establishing relationships between
outside parties like law enforcement agencies and incident response team.
CERT: Handbook for Computer Security Incident Response Teams (CSIRTs) – It is
one of the most used standards in the security incident management governance
area (Trim and Lee, 2016). This framework is designed around designing governing
policies around incident response. This handbook is focused on providing guidance
to create a Computer Security Incident response team (CSIRT). It defines nature
and scope of incident security handling of an organisation and the tools, procedures
and roles necessary for implementation of the service. Also, operational and
technical issues are covered like equipment security and staff training.
ISO NCSC NIST CERT
Organisational
structure
Non-government Government Government Government
Focussed on Incident- Reducing ill- Complete process Creating a
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
management
policy and
planning
effects of cyber
incidents on
victims.
planning and
management
Computer
Security Incident
response team
Organisation
aimed
All types of
organisations
regardless of size,
type of nature
Organisations
which have cyber
incidents of
national
importance
All types of
organisations.
All types of
organisations can
apply but largely
aimed at large
organisations.
Selection of information security handling frameworks
All the above-mentioned frameworks and other frameworks have their own credentials
and credibility. However, with the repeated data breaches that Marriott Group Hotels are facing,
most appropriate information security handling framework is NIST 800-61. It is a framework
suggested by US Department of Commerce and has a holistic package of information security
process management. It not only stresses upon developing policies and plans but also on
selecting a team structure and staffing model and training (Bahuguna, Bisht and Pande, 2018).
Therefore, Marriott International Inc. can adopt this framework of security incident handling to
have developed a wholesome model customised for its data and information processes like other
risk management processes.
Proposed model – explanation
Marriott is a hospitality organisation and has lots of information and data that is under
cyber security threat. It has been subjected to data breaches earlier. Therefore, it is required to
design a model that can provide it all round security. Effective computer security incident
response capability (CSIRC) of an organisation involves several decisions that are major nature.
Below mentioned are the customised propositions based on NIST 800-61 for company:
Events and Incidents
This includes defining events and incidents for the company (Kostopoulos, 2017). Events
include all the transactions, occurrence of which in system or network are observable. For
example, entering customer data into the system. Those events which have negative
consequences are known as adverse events such as system crashes, unauthorised access to
7
policy and
planning
effects of cyber
incidents on
victims.
planning and
management
Computer
Security Incident
response team
Organisation
aimed
All types of
organisations
regardless of size,
type of nature
Organisations
which have cyber
incidents of
national
importance
All types of
organisations.
All types of
organisations can
apply but largely
aimed at large
organisations.
Selection of information security handling frameworks
All the above-mentioned frameworks and other frameworks have their own credentials
and credibility. However, with the repeated data breaches that Marriott Group Hotels are facing,
most appropriate information security handling framework is NIST 800-61. It is a framework
suggested by US Department of Commerce and has a holistic package of information security
process management. It not only stresses upon developing policies and plans but also on
selecting a team structure and staffing model and training (Bahuguna, Bisht and Pande, 2018).
Therefore, Marriott International Inc. can adopt this framework of security incident handling to
have developed a wholesome model customised for its data and information processes like other
risk management processes.
Proposed model – explanation
Marriott is a hospitality organisation and has lots of information and data that is under
cyber security threat. It has been subjected to data breaches earlier. Therefore, it is required to
design a model that can provide it all round security. Effective computer security incident
response capability (CSIRC) of an organisation involves several decisions that are major nature.
Below mentioned are the customised propositions based on NIST 800-61 for company:
Events and Incidents
This includes defining events and incidents for the company (Kostopoulos, 2017). Events
include all the transactions, occurrence of which in system or network are observable. For
example, entering customer data into the system. Those events which have negative
consequences are known as adverse events such as system crashes, unauthorised access to
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
sensitive data, execution of malware that is able to destroy data, etc. For example, the March
2020, data breach of the Hotel Group customer data or 2018, compromise of its reservation
system of Marriott’s Starwood brands, which had exposed millions of customers’ data including
credit card and passport numbers to attackers (Marriott data breach FAQ, 2020).
All those events that have attempted to have unauthorised access to violate or has the
imminent threat to pose as violation of computer security policies and acceptable or standard
security practises of the organisation, are known as computer security incidents. For example, in
recent times, attackers are using methods like cloud vulnerability, AI-enhanced cyberthreats, AI
fuzzing, machine learning poisoning, smart contact hacking, etc. These are advanced methods to
compromise data security of a company. Therefore, it is very important for company to prepare
advanced and developed responses for such incidents in security breaches (Donaldson and et.al.,
2015). It will help minimising information theft and service disruptions caused by such incidents.
And also, it points out security lapses which helps in developing better future courses.
Incident Response Policy, Plan and procedure creation
This section includes development of policies, planning and procedures related to incident
response.
Incident Response Policy – Policy statement of the company must include basic elements
like statement of management commitment to the process of incident response and mitigation,
developing purposes, objectives and scope of the policy, specific definition of computer security
incidents and other relevant terms for the company, structure, role, responsibility and authority of
incident response team, severity ratings of incidents, reporting measures and performance
measures. They must include treatment measures of traditional data breaches options like
malware, ransomware, trojans, denial of services, etc. but also include provisions to handle new
and improved attacking measures like the one faced by MGM resorts in 2019, when it discovered
unauthorised access to cloud server which had compromised data of its former guests (The most
significant data breaches in the UK, 2020).
Incident Response Plan – Plan must be based on policies and will act as roadmap for
implementing incident response capability. Other than incident response policy, it must adhere to
vision, mission, strategies and goals of the company (Andre, 2017). It must comprise of its own
mission, strategies, goals, company’s approach to incident response, communication of incident
response team within team and with outsiders, performance measurement metrics of incident
8
2020, data breach of the Hotel Group customer data or 2018, compromise of its reservation
system of Marriott’s Starwood brands, which had exposed millions of customers’ data including
credit card and passport numbers to attackers (Marriott data breach FAQ, 2020).
All those events that have attempted to have unauthorised access to violate or has the
imminent threat to pose as violation of computer security policies and acceptable or standard
security practises of the organisation, are known as computer security incidents. For example, in
recent times, attackers are using methods like cloud vulnerability, AI-enhanced cyberthreats, AI
fuzzing, machine learning poisoning, smart contact hacking, etc. These are advanced methods to
compromise data security of a company. Therefore, it is very important for company to prepare
advanced and developed responses for such incidents in security breaches (Donaldson and et.al.,
2015). It will help minimising information theft and service disruptions caused by such incidents.
And also, it points out security lapses which helps in developing better future courses.
Incident Response Policy, Plan and procedure creation
This section includes development of policies, planning and procedures related to incident
response.
Incident Response Policy – Policy statement of the company must include basic elements
like statement of management commitment to the process of incident response and mitigation,
developing purposes, objectives and scope of the policy, specific definition of computer security
incidents and other relevant terms for the company, structure, role, responsibility and authority of
incident response team, severity ratings of incidents, reporting measures and performance
measures. They must include treatment measures of traditional data breaches options like
malware, ransomware, trojans, denial of services, etc. but also include provisions to handle new
and improved attacking measures like the one faced by MGM resorts in 2019, when it discovered
unauthorised access to cloud server which had compromised data of its former guests (The most
significant data breaches in the UK, 2020).
Incident Response Plan – Plan must be based on policies and will act as roadmap for
implementing incident response capability. Other than incident response policy, it must adhere to
vision, mission, strategies and goals of the company (Andre, 2017). It must comprise of its own
mission, strategies, goals, company’s approach to incident response, communication of incident
response team within team and with outsiders, performance measurement metrics of incident
8
response capabilities, roadmap to ensure that such incidents are not repeated in future, etc. This
plan must be approved by senior management of the company and be reviewed at least annually
to ensure its effectiveness (Densham, 2015). It should be flexible enough that to be able to
incorporate changes as required in short time unlike company which failed to improve its process
related to data security on acquisition of Starwood which had already been victim of data breach
earlier in 2014.
Procedure Elements – These procedures must stem out of incident response policy and
plan. Standard operating procedures (SOPs) are defined which includes specific technical
processes, tools and techniques, checklists and forms that will be used by the incident response
team. This will ensure standardisation in their approach as well as will reduce their response time
and errors in approach. SOPs must include processes related to all the incidents company is
capable of being subjected to as well as other cyber security processes under risk management.
Sharing information with related outside parties – This includes deciding related
parties, SOPs with them, communication process with them, etc. These parties could be law
enforcement agencies, fielding media inquiries, Internet Service Providers, vendor of vulnerable
software, or other incident response teams (Kemper, 2019). Company must share all that
information in written documents only as it makes part of evidentiary purposes. For example,
company is a public company and any incident related to it becomes media news like in March
2020 case. Therefore, it naturally attracts media attraction. However, company must be
precautious in not revealing any sensitive information that can alert hackers but the public is
aware of what it should know so that there are no rumours about company in the market. It can
also announce through company page as a media brief rather than announcing to media through
media interactions like twitter when its internal systems were tried to be breached by targeting a
small number of employees with the method of spear-phishing (5 Biggest Data Breaches of
2020, 2020).
Incident Response Team Structure – Marriott International Inc. is a large company and
therefore, distributed incident response teams are appropriate. It can create teams based on either
geographic locations or one team per division. However, all the teams must be co-ordinated
centrally so that incidence response of all the teams across company are consistent. This will
help teams deal their security incidences with the experiential resources collected in pool. Team
can be formed completely out of company employees, fully outsourced or mixed of two. If
9
plan must be approved by senior management of the company and be reviewed at least annually
to ensure its effectiveness (Densham, 2015). It should be flexible enough that to be able to
incorporate changes as required in short time unlike company which failed to improve its process
related to data security on acquisition of Starwood which had already been victim of data breach
earlier in 2014.
Procedure Elements – These procedures must stem out of incident response policy and
plan. Standard operating procedures (SOPs) are defined which includes specific technical
processes, tools and techniques, checklists and forms that will be used by the incident response
team. This will ensure standardisation in their approach as well as will reduce their response time
and errors in approach. SOPs must include processes related to all the incidents company is
capable of being subjected to as well as other cyber security processes under risk management.
Sharing information with related outside parties – This includes deciding related
parties, SOPs with them, communication process with them, etc. These parties could be law
enforcement agencies, fielding media inquiries, Internet Service Providers, vendor of vulnerable
software, or other incident response teams (Kemper, 2019). Company must share all that
information in written documents only as it makes part of evidentiary purposes. For example,
company is a public company and any incident related to it becomes media news like in March
2020 case. Therefore, it naturally attracts media attraction. However, company must be
precautious in not revealing any sensitive information that can alert hackers but the public is
aware of what it should know so that there are no rumours about company in the market. It can
also announce through company page as a media brief rather than announcing to media through
media interactions like twitter when its internal systems were tried to be breached by targeting a
small number of employees with the method of spear-phishing (5 Biggest Data Breaches of
2020, 2020).
Incident Response Team Structure – Marriott International Inc. is a large company and
therefore, distributed incident response teams are appropriate. It can create teams based on either
geographic locations or one team per division. However, all the teams must be co-ordinated
centrally so that incidence response of all the teams across company are consistent. This will
help teams deal their security incidences with the experiential resources collected in pool. Team
can be formed completely out of company employees, fully outsourced or mixed of two. If
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
company chooses in-staff response team, it must consider factors such as cost, need for 24*7
availability, full-time versus part-time team, expertise, team morale, etc. Even if company
outsources, it is very important to create a small team within company which will oversee and
evaluate outsourcer’s work. Members of the team must have excellent technical skills so that
they manage system administration, network administration, programming, technical support,
intrusion detection, etc.
Discussion and evaluation of security incident response with other processes of the company
Relationship of the information security incident response with other information security
processes
With all the operations being on network system of company, it is very difficult to avoid
cyberattacks. Therefore, it is important for company to manage effective information security
processes. However, process for data security cannot be seen in isolation as it is part of risks
management system in the company (Knowles and et.al., 2015). Security incident response of
the company must be in adherence with the other risk management policies and strategies of the
company. These policies include strategies based on third part risk management, governance and
risk management, security operations, standards, regulations and compliance of the network
detection and response and incident and breach response. Response processes must also be
developed in incoherence. Company can use response methods and tools like privileged
password management, network administrator daily tasks, network security audit checklist,
firewall audit checklist, VPN configuration, email server security, penetration testing, etc. to
ensure that not only all the information security processes of the company are in line together but
also to protect all the processes of the company from security breach together.
Role of audit in providing assurance that the incident handling process is effective
There are various response plans developed to data counter data breaches such as disaster
recovery plan, business continuity plan and incident response plan. Role of audit is to analyse
whether the response plan is well placed, managed and effective or not. They are also
responsible to identify lapses in the incident response plan and policies to ensure that no
loophole exists in the process. There are various types of audit that the company is subjected to
like corporate audit, tax audit, etc. However, it is internal audit that is most effective in this
process as it is more detailed than any other form of audit and also, forms the basis of all other
forms of audits (Stafford, Deitz and Li, 2018). Internal audit team of the company can keep up
10
availability, full-time versus part-time team, expertise, team morale, etc. Even if company
outsources, it is very important to create a small team within company which will oversee and
evaluate outsourcer’s work. Members of the team must have excellent technical skills so that
they manage system administration, network administration, programming, technical support,
intrusion detection, etc.
Discussion and evaluation of security incident response with other processes of the company
Relationship of the information security incident response with other information security
processes
With all the operations being on network system of company, it is very difficult to avoid
cyberattacks. Therefore, it is important for company to manage effective information security
processes. However, process for data security cannot be seen in isolation as it is part of risks
management system in the company (Knowles and et.al., 2015). Security incident response of
the company must be in adherence with the other risk management policies and strategies of the
company. These policies include strategies based on third part risk management, governance and
risk management, security operations, standards, regulations and compliance of the network
detection and response and incident and breach response. Response processes must also be
developed in incoherence. Company can use response methods and tools like privileged
password management, network administrator daily tasks, network security audit checklist,
firewall audit checklist, VPN configuration, email server security, penetration testing, etc. to
ensure that not only all the information security processes of the company are in line together but
also to protect all the processes of the company from security breach together.
Role of audit in providing assurance that the incident handling process is effective
There are various response plans developed to data counter data breaches such as disaster
recovery plan, business continuity plan and incident response plan. Role of audit is to analyse
whether the response plan is well placed, managed and effective or not. They are also
responsible to identify lapses in the incident response plan and policies to ensure that no
loophole exists in the process. There are various types of audit that the company is subjected to
like corporate audit, tax audit, etc. However, it is internal audit that is most effective in this
process as it is more detailed than any other form of audit and also, forms the basis of all other
forms of audits (Stafford, Deitz and Li, 2018). Internal audit team of the company can keep up
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
with the development and regular review of the incident response plan and can also play an
integral part in leveraging planning and management of the plan by critically reviewing whether
or not incident handling process is effectively being applied in the way it was written in the plan
and the way, it was intended to operate (Islam, Farah and Stafford, 2018). Even if it doesn’t lead
testing of the incident response plan, as that is the function of top management, it is responsible
to ensure that these tests are taking place and plan is being put to action in an effective manner.
Governance and compliance issues raised and the professional roles involved in managing
them
It is important for company to make training of all the employees to report any flagged
incident to incident response team as a part of its internal governance process of security incident
management. Incident response team is then responsible to inform this development to top
management and other related parties, both internal and external to the company. Externally,
they must inform law enforcement agencies of the country so that legal investigations can be
initiated (Shoemaker, Kohnke and Sigler, 2018). In UK, company must inform organisations like
NCSC and Action Fraud based on the magnitude or severity of the incident. These processes
must be handled by legal department of the company in coordination with incident response
team. Legal department of the company would review all the policies, plans and procedures to
ensure that they are in compliance with the legal guidance and whether they are not over-riding
any protected rights of anyone. They will also help in legal procedures, evidence collection,
prosecutions and lawsuit in case of security incidents.
Conclusion and recommendations
Conclusion
Above report is based on information security processes and handling of the processes in
case of data and information breaches. It can be observed above that companies must devise,
prepare and develop a computer security incident handling model in line with its type, size and
necessity. There are various frameworks available for a company to choose its incident response
plan. Also, company cannot create a plan for data security in isolation without considering other
information security processes as it itself is a part of organisational risks management processes.
Recommendations
Above developed plan and policy is based on the document suggested by National Institute
of Standards and Technology, under US Department of Commerce. It is a wholesome plan that is
11
integral part in leveraging planning and management of the plan by critically reviewing whether
or not incident handling process is effectively being applied in the way it was written in the plan
and the way, it was intended to operate (Islam, Farah and Stafford, 2018). Even if it doesn’t lead
testing of the incident response plan, as that is the function of top management, it is responsible
to ensure that these tests are taking place and plan is being put to action in an effective manner.
Governance and compliance issues raised and the professional roles involved in managing
them
It is important for company to make training of all the employees to report any flagged
incident to incident response team as a part of its internal governance process of security incident
management. Incident response team is then responsible to inform this development to top
management and other related parties, both internal and external to the company. Externally,
they must inform law enforcement agencies of the country so that legal investigations can be
initiated (Shoemaker, Kohnke and Sigler, 2018). In UK, company must inform organisations like
NCSC and Action Fraud based on the magnitude or severity of the incident. These processes
must be handled by legal department of the company in coordination with incident response
team. Legal department of the company would review all the policies, plans and procedures to
ensure that they are in compliance with the legal guidance and whether they are not over-riding
any protected rights of anyone. They will also help in legal procedures, evidence collection,
prosecutions and lawsuit in case of security incidents.
Conclusion and recommendations
Conclusion
Above report is based on information security processes and handling of the processes in
case of data and information breaches. It can be observed above that companies must devise,
prepare and develop a computer security incident handling model in line with its type, size and
necessity. There are various frameworks available for a company to choose its incident response
plan. Also, company cannot create a plan for data security in isolation without considering other
information security processes as it itself is a part of organisational risks management processes.
Recommendations
Above developed plan and policy is based on the document suggested by National Institute
of Standards and Technology, under US Department of Commerce. It is a wholesome plan that is
11
covering all the processes that can be exposing company’s data and information to hackers.
However, it cannot be denied for a fact that no matter how much a company tries, it cannot claim
its cyber security measures are full-proof. Hackers can take use of bugs and loop holes in the
system to attack it on several grounds using malware, phishing, trojans, ransomware, attacks on
IoT devices and denial of service attack, etc. Marriott has been subjected to one such tool. Its
systems were compromised using phishing. Therefore, it is expected that company management
will revise its planning and policies related to incidence response and will review them annually
(Kahyaoglu and Caliyurt, 2018). Company plans must be flexible enough so that they can
accommodate to new technologies that are being developed to improve company security
systems.
Recommendations: Company must have installed and updated basic cyber security tools like
have restricted access control to sensitive data, installed anti-malware data, firewall, data loss
prevent, email security, end point security, anomaly detection and intrusion prevention systems,
network segmentation, using virtual private network, web security, wireless security, etc. It must
also train all its employees to not fall for hackers’ tricks. Simultaneously, it should develop an
incident response system to safeguard company as discussed above. All these policies, plans,
procedures, responses, models, team aims and service, etc. must be regularly reviewed against
new development in both protection technologies and hacking technologies.
12
However, it cannot be denied for a fact that no matter how much a company tries, it cannot claim
its cyber security measures are full-proof. Hackers can take use of bugs and loop holes in the
system to attack it on several grounds using malware, phishing, trojans, ransomware, attacks on
IoT devices and denial of service attack, etc. Marriott has been subjected to one such tool. Its
systems were compromised using phishing. Therefore, it is expected that company management
will revise its planning and policies related to incidence response and will review them annually
(Kahyaoglu and Caliyurt, 2018). Company plans must be flexible enough so that they can
accommodate to new technologies that are being developed to improve company security
systems.
Recommendations: Company must have installed and updated basic cyber security tools like
have restricted access control to sensitive data, installed anti-malware data, firewall, data loss
prevent, email security, end point security, anomaly detection and intrusion prevention systems,
network segmentation, using virtual private network, web security, wireless security, etc. It must
also train all its employees to not fall for hackers’ tricks. Simultaneously, it should develop an
incident response system to safeguard company as discussed above. All these policies, plans,
procedures, responses, models, team aims and service, etc. must be regularly reviewed against
new development in both protection technologies and hacking technologies.
12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 14
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.