University Security and Incident Management Plan for FinSureMe
VerifiedAdded on 2022/08/26
|28
|7354
|35
Report
AI Summary
This report provides a comprehensive security and incident management plan for FinSureMe, a general insurance and life assurance company. The report begins with a memo addressing recent security incidents, particularly a malware infection on the file transfer server, and proposes immediate actions such as antivirus installation, system scans, and data backups. The core of the report focuses on designing an overall incident management function, defining its scope, specifying its functions, outlining roles and responsibilities, detailing key processes and technologies, and discussing interactions with internal and external functions. It emphasizes the importance of addressing malware threats, including viruses, worms, and Trojan horses. The report also discusses the need for improved operational resilience and the implementation of preventive measures to mitigate risks. The final sections highlight the roles and responsibilities within the IT team and the need for changes in key technologies and IT processes. The report concludes with a critical evaluation of the proposed functions, underscoring the importance of these measures in securing the IT systems and protecting the company's reputation and data.
Running head: SECURITY AND INCIDENT MANAGEMENT PLAN FOR FINSUREME
Security and Incident Management Plan for FinSureMe
Name of the Student
Name of the University
Author note
Security and Incident Management Plan for FinSureMe
Name of the Student
Name of the University
Author note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1SECURITY AND INCIDENT MANAGEMENT PLAN FOR FINSUREME
Table of Contents
1. Memo Writing for Concern regarding Security Incidents at FinSureMe....................................2
2. Design of overall Incident Management Function......................................................................5
2.1 Scope Definition....................................................................................................................5
2.2 Specification of overall function...........................................................................................6
2.3 Roles and responsibilities and skill sets.................................................................................9
2.4 Key processes and technologies..........................................................................................11
2.5 Interactions with internal and external functions.................................................................16
2.6 Plans for exercising the capability.......................................................................................18
3. Critical evaluation of proposed functions..................................................................................19
References......................................................................................................................................22
Table of Contents
1. Memo Writing for Concern regarding Security Incidents at FinSureMe....................................2
2. Design of overall Incident Management Function......................................................................5
2.1 Scope Definition....................................................................................................................5
2.2 Specification of overall function...........................................................................................6
2.3 Roles and responsibilities and skill sets.................................................................................9
2.4 Key processes and technologies..........................................................................................11
2.5 Interactions with internal and external functions.................................................................16
2.6 Plans for exercising the capability.......................................................................................18
3. Critical evaluation of proposed functions..................................................................................19
References......................................................................................................................................22
2SECURITY AND INCIDENT MANAGEMENT PLAN FOR FINSUREME
1. Memo Writing for Concern regarding Security Incidents at FinSureMe
Date: 27th March 2020
To: Chief Executive Officer (CEO)
From: (Name to be filled by student), Chief Information Security Officer
Subject: Concern regarding recent security incidents and changes required
The functioning of IT operations at FinSureMe comprises of cloud and on-premise
services. In the present times, a vast set of practices and processes have been put in place based
on bringing in improvements within the security functioning of the IT services. However, it has
been seen that the implemented services have been outdated considering the recent developments
that have been made after that. The result of the outdated services for the practices and processes
could lead towards risk exposure in terms of malware threats, data breaches and many others.
With the exposure of the IT systems to risks, the data in relation to customers would be put at
stake and further business reputation of the company would be damaged.
In a recent security related incident, it has been seen that a recent form of malware
infection had been occurred within the file transfer server. The entire team at FinSureMe is
concerned regarding the malware infections that had occurred during the transfer of important
files from the server and thus has raised critical concerns over the files, which are being shared
on a daily basis. The various forms of malicious infections are primarily being raised from
different compromised websites. Users who are not aware of the malicious websites generally
tend to click on such kind of malicious sites found on the internet. However, on the other hand,
1. Memo Writing for Concern regarding Security Incidents at FinSureMe
Date: 27th March 2020
To: Chief Executive Officer (CEO)
From: (Name to be filled by student), Chief Information Security Officer
Subject: Concern regarding recent security incidents and changes required
The functioning of IT operations at FinSureMe comprises of cloud and on-premise
services. In the present times, a vast set of practices and processes have been put in place based
on bringing in improvements within the security functioning of the IT services. However, it has
been seen that the implemented services have been outdated considering the recent developments
that have been made after that. The result of the outdated services for the practices and processes
could lead towards risk exposure in terms of malware threats, data breaches and many others.
With the exposure of the IT systems to risks, the data in relation to customers would be put at
stake and further business reputation of the company would be damaged.
In a recent security related incident, it has been seen that a recent form of malware
infection had been occurred within the file transfer server. The entire team at FinSureMe is
concerned regarding the malware infections that had occurred during the transfer of important
files from the server and thus has raised critical concerns over the files, which are being shared
on a daily basis. The various forms of malicious infections are primarily being raised from
different compromised websites. Users who are not aware of the malicious websites generally
tend to click on such kind of malicious sites found on the internet. However, on the other hand,
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3SECURITY AND INCIDENT MANAGEMENT PLAN FOR FINSUREME
different kind of vulnerabilities within the operating systems installed at FinSureMe could also
lead to cybercriminals for installation of malware on the server.
In order to secure the IT systems and information being exchanged over the server, the
most important measures that needs to be taken are:
1. Systems at FinSureMe should be scanned by a high-quality antivirus software. Hence,
procuring an antivirus software that would provide quick resolve against the issue of virus should
be installed on an immediate basis. This would help towards recognizing of the possible kind of
malware infections found within the system. Scheduled scan should be made over the internet
servers. Hence, the antivirus system should be supporting a server monitoring tool for gaining
real-time updates based on the performance of the server.
2. Whenever a malware would be detected during the scan operation, the computer would
need to be disconnected from the internet and then would need a proper boot into Safe Mode.
During this state, there would be a minimal loading of programs and required services. Thus, this
operation would help in preventing any kind of malware to be set up whenever the OS would
start again.
3. Since, FinSureMe makes use of cloud backup facility, hence, whenever malware
would be detected, important files should be immediately be backed up to the cloud server.
However, malware scans should also be performed on the backups and then they should be
uploaded to the cloud server.
4. Passwords have an essential role to play in securing the end systems. Hence, IT teams
at FinSureMe should ensure that the files should be properly encrypted using two-factor
different kind of vulnerabilities within the operating systems installed at FinSureMe could also
lead to cybercriminals for installation of malware on the server.
In order to secure the IT systems and information being exchanged over the server, the
most important measures that needs to be taken are:
1. Systems at FinSureMe should be scanned by a high-quality antivirus software. Hence,
procuring an antivirus software that would provide quick resolve against the issue of virus should
be installed on an immediate basis. This would help towards recognizing of the possible kind of
malware infections found within the system. Scheduled scan should be made over the internet
servers. Hence, the antivirus system should be supporting a server monitoring tool for gaining
real-time updates based on the performance of the server.
2. Whenever a malware would be detected during the scan operation, the computer would
need to be disconnected from the internet and then would need a proper boot into Safe Mode.
During this state, there would be a minimal loading of programs and required services. Thus, this
operation would help in preventing any kind of malware to be set up whenever the OS would
start again.
3. Since, FinSureMe makes use of cloud backup facility, hence, whenever malware
would be detected, important files should be immediately be backed up to the cloud server.
However, malware scans should also be performed on the backups and then they should be
uploaded to the cloud server.
4. Passwords have an essential role to play in securing the end systems. Hence, IT teams
at FinSureMe should ensure that the files should be properly encrypted using two-factor
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4SECURITY AND INCIDENT MANAGEMENT PLAN FOR FINSUREME
authentication. Hence, a good kind of password manager should be provided that would be able
to provide with an additional protection layer.
The above discussions were in relation to the different measures that would be taken for
ensuring a strong layer of protection to be added within the IT systems at FinSureMe. Challenges
from the infection of malware within the file transfer servers includes the fact that important files
would be put at stake. Hackers might breach in within the systems and gain hold of the files,
which would put the reputation of the company at stake. Further, they could mishandle the files
as per their needs and extract useful information for serving their personal benefits.
Hence, the above requested changes would need to be made immediately within the
practices and processes that are currently being followed. Security management practices in
relation to password protection, security scans, antivirus installation within the computer systems
and immediate backup of files to cloud servers would be the primary requirements that need to
be imbibed within FinSureMe for incurring high benefits in the future.
CC: IT Support and Management, Finance, HR
authentication. Hence, a good kind of password manager should be provided that would be able
to provide with an additional protection layer.
The above discussions were in relation to the different measures that would be taken for
ensuring a strong layer of protection to be added within the IT systems at FinSureMe. Challenges
from the infection of malware within the file transfer servers includes the fact that important files
would be put at stake. Hackers might breach in within the systems and gain hold of the files,
which would put the reputation of the company at stake. Further, they could mishandle the files
as per their needs and extract useful information for serving their personal benefits.
Hence, the above requested changes would need to be made immediately within the
practices and processes that are currently being followed. Security management practices in
relation to password protection, security scans, antivirus installation within the computer systems
and immediate backup of files to cloud servers would be the primary requirements that need to
be imbibed within FinSureMe for incurring high benefits in the future.
CC: IT Support and Management, Finance, HR
5SECURITY AND INCIDENT MANAGEMENT PLAN FOR FINSUREME
2. Design of overall Incident Management Function
2.1 Scope Definition
The proposed incident management function would be in accordance to the present form
of security incidents being reported from the IT department at FinSureMe. The purpose of the
intended incident management function would be based on helping FinSureMe in the removal of
security threats from their computer systems while protecting the integrity of the information
(Latrache and Boumhidi 2015). The discussion within the next part of the design specifications
would help the IT teams for understanding the major threats that could be posed by malware
systems while also help them in taking appropriate measures for mitigation of the risks
associated with the incidents reported against malware. The discussions within the scope of the
design over the incident and crisis management would also consider a major focus over the
background information by categorising the major types of malwares that could affect the IT
systems at FinSureMe (Settanni et al. 2017). This document would also help in providing a
guidance over the ways in which the several incidents of malware could be prevented and the
systems could accordingly respond to malware incidents with greater efficiency.
The following parts of the discussion within the report would discuss the overall
functions being performed at FinSureMe, while also discussing the lacks that are being present
within the system (Ahmad, Maynard and Shanks 2015). Based on the discussed security
incidents being faced by the IT systems, the use of preventive measures and their respective
functioning would be discussed in detail. The next part of the document would majorly discuss
over the roles and responsibilities of people within the IT team based on determining the ways in
which they could handle the different cases of malware attacks over the server. There are various
2. Design of overall Incident Management Function
2.1 Scope Definition
The proposed incident management function would be in accordance to the present form
of security incidents being reported from the IT department at FinSureMe. The purpose of the
intended incident management function would be based on helping FinSureMe in the removal of
security threats from their computer systems while protecting the integrity of the information
(Latrache and Boumhidi 2015). The discussion within the next part of the design specifications
would help the IT teams for understanding the major threats that could be posed by malware
systems while also help them in taking appropriate measures for mitigation of the risks
associated with the incidents reported against malware. The discussions within the scope of the
design over the incident and crisis management would also consider a major focus over the
background information by categorising the major types of malwares that could affect the IT
systems at FinSureMe (Settanni et al. 2017). This document would also help in providing a
guidance over the ways in which the several incidents of malware could be prevented and the
systems could accordingly respond to malware incidents with greater efficiency.
The following parts of the discussion within the report would discuss the overall
functions being performed at FinSureMe, while also discussing the lacks that are being present
within the system (Ahmad, Maynard and Shanks 2015). Based on the discussed security
incidents being faced by the IT systems, the use of preventive measures and their respective
functioning would be discussed in detail. The next part of the document would majorly discuss
over the roles and responsibilities of people within the IT team based on determining the ways in
which they could handle the different cases of malware attacks over the server. There are various
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6SECURITY AND INCIDENT MANAGEMENT PLAN FOR FINSUREME
kind of key technologies and IT processes that needs to be changed within the system being
available at FinSureMe (Ab Rahman and Choo 2015). Hence, these would need a certain form of
emphasis based on understanding the ways they could serve the organizational key prospects.
During the discussion over the use of new systems and practices to be incurred for the
company, the various kind of interactions that would be made with the internal and external
functions, which would be performed are also being described. Hence, after a full discussion
over the system design and processes that would be need to be followed, certain plans would be
made based on exercising the capability of FinSureMe to install and incur the several practices
based on mitigation the attacks posed by malware systems (Chernov, Butakova and Karpenko
2015). After the discussion of the design based on bringing changes over the system processes,
the understanding would be established over the importance of including such systems within
FinSureMe. These would further be helpful to secure the end systems and bring in improvement
of systems and processes.
2.2 Specification of overall function
Malware, which is also known as malicious code works, primarily refers to a certain form
of specialised program, which would be inserted within another program of a system based on
the intention of destroying data, running intrusive and destructive programs. These are also
intended for compromising over the confidentiality, integrity and availability of the applications,
data and operating system of the victim (Kavanagh, Rochford and Bussa 2015). The malware is
thus considered as the most important and crucial form of threat that would be hosted over the
computer system of organizations thus leading to widespread level of damage. It also disrupts the
recovery efforts of the computer system within these intended organizations.
kind of key technologies and IT processes that needs to be changed within the system being
available at FinSureMe (Ab Rahman and Choo 2015). Hence, these would need a certain form of
emphasis based on understanding the ways they could serve the organizational key prospects.
During the discussion over the use of new systems and practices to be incurred for the
company, the various kind of interactions that would be made with the internal and external
functions, which would be performed are also being described. Hence, after a full discussion
over the system design and processes that would be need to be followed, certain plans would be
made based on exercising the capability of FinSureMe to install and incur the several practices
based on mitigation the attacks posed by malware systems (Chernov, Butakova and Karpenko
2015). After the discussion of the design based on bringing changes over the system processes,
the understanding would be established over the importance of including such systems within
FinSureMe. These would further be helpful to secure the end systems and bring in improvement
of systems and processes.
2.2 Specification of overall function
Malware, which is also known as malicious code works, primarily refers to a certain form
of specialised program, which would be inserted within another program of a system based on
the intention of destroying data, running intrusive and destructive programs. These are also
intended for compromising over the confidentiality, integrity and availability of the applications,
data and operating system of the victim (Kavanagh, Rochford and Bussa 2015). The malware is
thus considered as the most important and crucial form of threat that would be hosted over the
computer system of organizations thus leading to widespread level of damage. It also disrupts the
recovery efforts of the computer system within these intended organizations.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7SECURITY AND INCIDENT MANAGEMENT PLAN FOR FINSUREME
The following section of discussion within this portion would focus on the different kinds
of malware while also defining the fundamental concepts in relation to malware. The following
can be considered as the different classic form of malware, which could pose serious threats to
the computer systems at FinSureMe. These are as follows:
1. Viruses – A virus can be defined as a certain form of malware, which insert copies of
themselves into the various data files or host programs (DiMase et al. 2015). These are mainly
triggered through interacting with the user, which includes the ways of running a program or
opening of a file.
2. Worms – This form of malware is considered as a self-contained or self-replicating
program, which has the main tendency of executing themselves without the interaction made by
a user.
3. Trojan Horses – The Trojan horse is considered as non-replicating and self-contained
program, which often possesses a malicious purpose. The Trojan horses have the capability of
replacing the pre-existing files with different malicious versions of codes. It also adds malicious
files within the host file (Ferrari, Onuoha and Pitzalis 2015). Thus they are often responsible for
delivering other kind of attacker tools towards the hosts.
4. Malicious Mobile Code – The malicious mobile code can be defined as a software
that would have malicious intent, which would be helpful in transmitting a remote host into a
local host, which would be further executed within the local host. These actions can be further be
performed without the explicit instruction of the user (Ngo et al. 2015). The most popular kind of
programming languages that are used for designing the malicious codes are ActiveX, VBScript,
Java and JavaScript.
The following section of discussion within this portion would focus on the different kinds
of malware while also defining the fundamental concepts in relation to malware. The following
can be considered as the different classic form of malware, which could pose serious threats to
the computer systems at FinSureMe. These are as follows:
1. Viruses – A virus can be defined as a certain form of malware, which insert copies of
themselves into the various data files or host programs (DiMase et al. 2015). These are mainly
triggered through interacting with the user, which includes the ways of running a program or
opening of a file.
2. Worms – This form of malware is considered as a self-contained or self-replicating
program, which has the main tendency of executing themselves without the interaction made by
a user.
3. Trojan Horses – The Trojan horse is considered as non-replicating and self-contained
program, which often possesses a malicious purpose. The Trojan horses have the capability of
replacing the pre-existing files with different malicious versions of codes. It also adds malicious
files within the host file (Ferrari, Onuoha and Pitzalis 2015). Thus they are often responsible for
delivering other kind of attacker tools towards the hosts.
4. Malicious Mobile Code – The malicious mobile code can be defined as a software
that would have malicious intent, which would be helpful in transmitting a remote host into a
local host, which would be further executed within the local host. These actions can be further be
performed without the explicit instruction of the user (Ngo et al. 2015). The most popular kind of
programming languages that are used for designing the malicious codes are ActiveX, VBScript,
Java and JavaScript.
8SECURITY AND INCIDENT MANAGEMENT PLAN FOR FINSUREME
5. Blended attacks – A blended attack often employs the use of transmission or
infectious methods. A blended attack has the capability of combining the methods of propagation
of worms and viruses.
The intended security incident management function could be defined as the process of
identifying the possible kind of malware that could infect the file transfer server while also
providing different ways based on mitigating them. The growing number of cyber security
challenges that are being posed in the recent times is tremendous in nature (Chen et al. 2017).
The security incident management would be able to combine the use of intended software
systems, appliances based on the analysis of the kinds of malware being posing the attacks.
In case of FinSureMe, the certain set of practices and processes that have been put within
the IT team have been considered as outdated. These have been detected from the fact that
outdated systems have been posed by malware-based threats (Suciu et al. 2018). In the most
recent case posed over FinSureMe, it has been seen that a security miss within the IT systems
had resulted to malware infection within the file transfer server. Thus, with the report of the case
to the audience, they have taken this matter under high consideration and questions have been
further been raised over the protection of the systems. Other points have also been raised over
the inefficiency in managerial practices that have been followed at FinSureMe (Seibold et al.
2017). Hence, from the consideration of the present situation, certain improvements would need
to be considered in terms of operational resilience and based on responding to security breach
incidents.
5. Blended attacks – A blended attack often employs the use of transmission or
infectious methods. A blended attack has the capability of combining the methods of propagation
of worms and viruses.
The intended security incident management function could be defined as the process of
identifying the possible kind of malware that could infect the file transfer server while also
providing different ways based on mitigating them. The growing number of cyber security
challenges that are being posed in the recent times is tremendous in nature (Chen et al. 2017).
The security incident management would be able to combine the use of intended software
systems, appliances based on the analysis of the kinds of malware being posing the attacks.
In case of FinSureMe, the certain set of practices and processes that have been put within
the IT team have been considered as outdated. These have been detected from the fact that
outdated systems have been posed by malware-based threats (Suciu et al. 2018). In the most
recent case posed over FinSureMe, it has been seen that a security miss within the IT systems
had resulted to malware infection within the file transfer server. Thus, with the report of the case
to the audience, they have taken this matter under high consideration and questions have been
further been raised over the protection of the systems. Other points have also been raised over
the inefficiency in managerial practices that have been followed at FinSureMe (Seibold et al.
2017). Hence, from the consideration of the present situation, certain improvements would need
to be considered in terms of operational resilience and based on responding to security breach
incidents.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9SECURITY AND INCIDENT MANAGEMENT PLAN FOR FINSUREME
2.3 Roles and responsibilities and skill sets
In consideration to the security threats being posed by malware over FinSureMe, the
certain roles within the IT team that would be in high consideration are: IT Manager, Software
engineer, cloud service provider and risk management team. These teams have been defined
based on understanding the situations, which are being posed over FinSureMe in the present
times based on the attacks supported by malware.
After the consideration of the roles that would be highly crucial for mitigating the
scenarios of risk, the responsibilities that would be put on them are discussed as follows:
1. Designing a proper risk management plan and implementing them based on focusing
over the entire process of risk management (Steinke et al. 2015). This plan would also perform a
brief analysis over the over the financial impact towards the organization during the occurrence
of risks.
2. A risk assessment should be performed. This would help in analysing the current
situations of risks while identifying the potential risk areas, which could pose serious harms to
the organization.
3. Evaluation of risks would need to be performed. Evaluation of the risk scenarios facing
the company while comparing them against potential risks (Hopkin 2018). These would be
further be supported against a criteria, which could include legal and cost requirements.
4. Establishment and deciding over the level of each risks that the company would be
able to reconsider and accept.
5. Preparing insurance budgets and risk management plans.
2.3 Roles and responsibilities and skill sets
In consideration to the security threats being posed by malware over FinSureMe, the
certain roles within the IT team that would be in high consideration are: IT Manager, Software
engineer, cloud service provider and risk management team. These teams have been defined
based on understanding the situations, which are being posed over FinSureMe in the present
times based on the attacks supported by malware.
After the consideration of the roles that would be highly crucial for mitigating the
scenarios of risk, the responsibilities that would be put on them are discussed as follows:
1. Designing a proper risk management plan and implementing them based on focusing
over the entire process of risk management (Steinke et al. 2015). This plan would also perform a
brief analysis over the over the financial impact towards the organization during the occurrence
of risks.
2. A risk assessment should be performed. This would help in analysing the current
situations of risks while identifying the potential risk areas, which could pose serious harms to
the organization.
3. Evaluation of risks would need to be performed. Evaluation of the risk scenarios facing
the company while comparing them against potential risks (Hopkin 2018). These would be
further be supported against a criteria, which could include legal and cost requirements.
4. Establishment and deciding over the level of each risks that the company would be
able to reconsider and accept.
5. Preparing insurance budgets and risk management plans.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10SECURITY AND INCIDENT MANAGEMENT PLAN FOR FINSUREME
6. Creation of business continuity plans based on limiting the risk scenarios.
7. Implementation of measures focusing on health and safety of employees and their
confidentiality.
8. Conducting compliance and policy based audits. These would also include the factor of
liaising of external and internal auditors (Ma et al. 2017).
9. Maintaining of internal records based on claims and insurance policies in relation to
FinSureMe.
10. Reviewing over the internal business proposals for security and undertaking major
contracts.
11. Building knowledge based on risk awareness, which would be helpful for staff based
on providing them with support and thus train them to make use of new systems and processes,
which would be implemented in future (Skopik, Settanni and Fiedler 2016).
Upon understanding the kind of responsibilities that would need to be performed when
management of risks, the skill set that would be required for each of the involved member of the
IT team are:
1. Commercial awareness
2. Excellent numerical skills
3. Organizational and planning skills
4. Excellent communication and presentation skills
6. Creation of business continuity plans based on limiting the risk scenarios.
7. Implementation of measures focusing on health and safety of employees and their
confidentiality.
8. Conducting compliance and policy based audits. These would also include the factor of
liaising of external and internal auditors (Ma et al. 2017).
9. Maintaining of internal records based on claims and insurance policies in relation to
FinSureMe.
10. Reviewing over the internal business proposals for security and undertaking major
contracts.
11. Building knowledge based on risk awareness, which would be helpful for staff based
on providing them with support and thus train them to make use of new systems and processes,
which would be implemented in future (Skopik, Settanni and Fiedler 2016).
Upon understanding the kind of responsibilities that would need to be performed when
management of risks, the skill set that would be required for each of the involved member of the
IT team are:
1. Commercial awareness
2. Excellent numerical skills
3. Organizational and planning skills
4. Excellent communication and presentation skills
11SECURITY AND INCIDENT MANAGEMENT PLAN FOR FINSUREME
5. Good kind of analytical skills and eye-detailing aspect
6. Understanding of broader business issues
2.4 Key processes and technologies
Based on determination of skills sets and responsibilities for each IT team member, the
certain processes and technologies that would be required for mitigating the risk scenarios based
on malware attacks are being discussed below:
1. Initial Preparation – Preparation is one of the primary key leading to successful
actions taken over risk management. Hence, a strong plan should be put in proper place that
would be helpful in efficiently supporting the IT team (Suby and Dickson 2015). Some of the
features that needs to be included within the incident response plan are being discussed below:
a. Development of IR (Incident Response) Policies – Establishment of procedures,
agreements and polices for management of responses.
b. Defining communication guidelines – Creation of efficient communication guidelines
and standards based on enabling of seamless communication during the ongoing process of
incident (Chou 2015).
c. Incorporating of Intelligence feeds – Performing the collection of facts, analysing
them and synchronization of threats.
d. Assessment of capability for threat detection – Assessment over the current form of
capability for threat detection and updating risk assessment programs (Terzi, Terzi and Sagiroglu
2015).
5. Good kind of analytical skills and eye-detailing aspect
6. Understanding of broader business issues
2.4 Key processes and technologies
Based on determination of skills sets and responsibilities for each IT team member, the
certain processes and technologies that would be required for mitigating the risk scenarios based
on malware attacks are being discussed below:
1. Initial Preparation – Preparation is one of the primary key leading to successful
actions taken over risk management. Hence, a strong plan should be put in proper place that
would be helpful in efficiently supporting the IT team (Suby and Dickson 2015). Some of the
features that needs to be included within the incident response plan are being discussed below:
a. Development of IR (Incident Response) Policies – Establishment of procedures,
agreements and polices for management of responses.
b. Defining communication guidelines – Creation of efficient communication guidelines
and standards based on enabling of seamless communication during the ongoing process of
incident (Chou 2015).
c. Incorporating of Intelligence feeds – Performing the collection of facts, analysing
them and synchronization of threats.
d. Assessment of capability for threat detection – Assessment over the current form of
capability for threat detection and updating risk assessment programs (Terzi, Terzi and Sagiroglu
2015).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 28
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.