ITEC 6620: Developing an Incident Response Plan and its Role
VerifiedAdded on 2022/12/18
|8
|1605
|1
Report
AI Summary
This report provides a detailed overview of an Incident Response Plan (IRP) for an organization, emphasizing its importance in cybersecurity. It discusses the purpose and scope of an IRP, highlighting its role in preparing an organization to handle cybersecurity threats. The report identifies various type...
Read More
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: INCIDENT RESPONSE PLAN
Incident Response Plan
Name of the Student:
Name of the University:
Author note:
Incident Response Plan
Name of the Student:
Name of the University:
Author note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1INCIDENT RESPONSE PLAN
Table of Contents
Introduction:....................................................................................................................................2
Purpose and Scope:......................................................................................................................2
Types of incidents:...........................................................................................................................2
Incident Response Plan:...................................................................................................................3
Role of the IRP:...........................................................................................................................3
Steps taken in IRP:.......................................................................................................................4
Benefits:.......................................................................................................................................5
Constraints:..................................................................................................................................5
Conclusion:......................................................................................................................................6
References:......................................................................................................................................7
Table of Contents
Introduction:....................................................................................................................................2
Purpose and Scope:......................................................................................................................2
Types of incidents:...........................................................................................................................2
Incident Response Plan:...................................................................................................................3
Role of the IRP:...........................................................................................................................3
Steps taken in IRP:.......................................................................................................................4
Benefits:.......................................................................................................................................5
Constraints:..................................................................................................................................5
Conclusion:......................................................................................................................................6
References:......................................................................................................................................7
2INCIDENT RESPONSE PLAN
Introduction:
The Pixelated Pony Corporation has recently discovered the importance of the cyber
security in the organization and wants to the secure their server from the hackers. As the
authorities are well aware of the fact that the computers in the company are not well secured,
they decided to check upon the incident response plan for the cyber attack. The assignment
discusses the purpose, benefits and constraints of the incident response plan along with the steps
taken in the IRP (Thompson, 2018).
Purpose and Scope:
Purpose: The IRP or the Incident Response Plan is implemented in the organization to
ensure that the organization is prepared to handle any situation where cyber security threats are
observed. Nowadays technologies are advanced and so are the deeds of the hackers, hence,
incident response plan may assist in detect the area of effectiveness and ineffectiveness and
detect the attack to prevent it from occurring again. The PPC Company here has arranged for an
IRP to prevent these mishaps from happening in the organization due to less security in the
server.
Scope: The scope of the assignment is to provide an idea of the Incident Response Plan in
the organization, such that the security of the company can be ensured with its proper
implementation.
Types of incidents:
In an organization with poor cyber security, there are certain incidents that can occur
frequently (Chilcott et al., 2019). Some of the types of the incident that may occur in PPC are
given below:
Introduction:
The Pixelated Pony Corporation has recently discovered the importance of the cyber
security in the organization and wants to the secure their server from the hackers. As the
authorities are well aware of the fact that the computers in the company are not well secured,
they decided to check upon the incident response plan for the cyber attack. The assignment
discusses the purpose, benefits and constraints of the incident response plan along with the steps
taken in the IRP (Thompson, 2018).
Purpose and Scope:
Purpose: The IRP or the Incident Response Plan is implemented in the organization to
ensure that the organization is prepared to handle any situation where cyber security threats are
observed. Nowadays technologies are advanced and so are the deeds of the hackers, hence,
incident response plan may assist in detect the area of effectiveness and ineffectiveness and
detect the attack to prevent it from occurring again. The PPC Company here has arranged for an
IRP to prevent these mishaps from happening in the organization due to less security in the
server.
Scope: The scope of the assignment is to provide an idea of the Incident Response Plan in
the organization, such that the security of the company can be ensured with its proper
implementation.
Types of incidents:
In an organization with poor cyber security, there are certain incidents that can occur
frequently (Chilcott et al., 2019). Some of the types of the incident that may occur in PPC are
given below:
3INCIDENT RESPONSE PLAN
◊ Unauthorized access to the system: In these incidents, the hackers or any undesirable
entities gain access to the system without permission from the admin or authority.
◊ Denial of Services: The denial of Service is in fact a very well known attack in the cloud
where the authorized entities are prevented from access the data.
◊ Malicious codes: Opening certain links that are sent to the system may install malwares,
which can disrupt the functionalities of the system (Saunders, 2017).
◊ System failure: The computers, servers, applications are machines and programs; failure
can occur anytime and affect the integrity, confidentiality and the availability of the
applications or the network.
◊ Information loss: The major loss of information occurs due to handling the data
improperly.
◊ Data breach: The hackers are more advanced and have several tools for stealing the data
from the system server.
◊ Privacy breach: Often the private information is stored in the systems’ servers and
databases (Edelman, 2019). Loosing these data affects the consumers as well as the
organizations.
Incident Response Plan:
An Incident Response plan is created so that when an incident occurs in the system, quick
response can be generated and the actions can be done accordingly.
Role of the IRP:
The primary role of an IRP is to protect the data from any further loss. This in turn helps
is preventing the loss of the revenue and the reputation of the organization. When an
organization faces any of the above mentioned incidents, the customer’s faith tends to go away.
◊ Unauthorized access to the system: In these incidents, the hackers or any undesirable
entities gain access to the system without permission from the admin or authority.
◊ Denial of Services: The denial of Service is in fact a very well known attack in the cloud
where the authorized entities are prevented from access the data.
◊ Malicious codes: Opening certain links that are sent to the system may install malwares,
which can disrupt the functionalities of the system (Saunders, 2017).
◊ System failure: The computers, servers, applications are machines and programs; failure
can occur anytime and affect the integrity, confidentiality and the availability of the
applications or the network.
◊ Information loss: The major loss of information occurs due to handling the data
improperly.
◊ Data breach: The hackers are more advanced and have several tools for stealing the data
from the system server.
◊ Privacy breach: Often the private information is stored in the systems’ servers and
databases (Edelman, 2019). Loosing these data affects the consumers as well as the
organizations.
Incident Response Plan:
An Incident Response plan is created so that when an incident occurs in the system, quick
response can be generated and the actions can be done accordingly.
Role of the IRP:
The primary role of an IRP is to protect the data from any further loss. This in turn helps
is preventing the loss of the revenue and the reputation of the organization. When an
organization faces any of the above mentioned incidents, the customer’s faith tends to go away.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4INCIDENT RESPONSE PLAN
To restore the faith, IRP has to be implemented as ultimately customer satisfaction is all that is
desired in any organization.
Steps taken in IRP:
The Incident Response plan works on a process known as PICERL (Mu & Zheng, 2019).
This stands for: Preparation, Identification, Containment, Eradication, Recovery and Lesson
Learned.
The Preparation process is the lengthiest process consists of the all the planning,
programming, stakeholders and their roles and responsibilities, understanding, documentation
and lastly establishing a proper response ideology for the system. The Identification is the next
process. This process helps in identifying whether the occurrence is an event or an incident. The
proper analysis of the scenario occurs in this phase in order to gather more knowledge on the
incident. The determination of the severity of the incident that has occurred is taken here and the
IRP is developed according to the urgency of the identified incident (Alsmadi, 2019).
Containment phase is generally used to prevent the problems occurring due to the incident. The
zones of the exploitation are detected and the areas are secured. The Eradication phase do as its
name is, it eradicates the issues and the restoration phase restores the data that is lost.
In the end, the lesson learned is documented. A report is created in order to track the
follow up. The documentation made in the lesson learned process helps in determination of the
issues and their solution in the future. The incident response plan can hence be implemented by
the organization with help of this documentation (Athinaiou et al., 2018).
To restore the faith, IRP has to be implemented as ultimately customer satisfaction is all that is
desired in any organization.
Steps taken in IRP:
The Incident Response plan works on a process known as PICERL (Mu & Zheng, 2019).
This stands for: Preparation, Identification, Containment, Eradication, Recovery and Lesson
Learned.
The Preparation process is the lengthiest process consists of the all the planning,
programming, stakeholders and their roles and responsibilities, understanding, documentation
and lastly establishing a proper response ideology for the system. The Identification is the next
process. This process helps in identifying whether the occurrence is an event or an incident. The
proper analysis of the scenario occurs in this phase in order to gather more knowledge on the
incident. The determination of the severity of the incident that has occurred is taken here and the
IRP is developed according to the urgency of the identified incident (Alsmadi, 2019).
Containment phase is generally used to prevent the problems occurring due to the incident. The
zones of the exploitation are detected and the areas are secured. The Eradication phase do as its
name is, it eradicates the issues and the restoration phase restores the data that is lost.
In the end, the lesson learned is documented. A report is created in order to track the
follow up. The documentation made in the lesson learned process helps in determination of the
issues and their solution in the future. The incident response plan can hence be implemented by
the organization with help of this documentation (Athinaiou et al., 2018).
5INCIDENT RESPONSE PLAN
Benefits:
The Incident Response Plan has certain benefits of usage (Bromiley, 2016). These are
mentioned below:
◊ Crime Prevention: IRP is often considered to be proactive approach as it is done as a
measure of prevention rather than waiting for certain crime to take place in the industry.
◊ Reduction in the cost of investigation: The cost of investigation is reduced as the
prevention plans and measures are taken before occurrence of the crime.
◊ Monitoring targeted security: The Identification phase of the IRP identifies the areas
which may get exploited and the prevention measures are taken according.
◊ Increasing the Confidents of the Stakeholders: The stakeholders of the organization trust
the organization with many confidential data, thus the IRP helps in restoring their trust in
the company.
◊ Penalties can be avoided as the information is readily available.
Constraints:
The response protocols are outdated. The organization’s real-time security handling does
not collaborate with the protocols undertaken by IRP.
Testing the procedures implemented is not considered in the IRP.
Not all damages are recoverable, the data loss or confidentiality of the data cannot be
restored.
IRP does not have forensic analysis. Hence, physical threat of the organization may
remain open.
Benefits:
The Incident Response Plan has certain benefits of usage (Bromiley, 2016). These are
mentioned below:
◊ Crime Prevention: IRP is often considered to be proactive approach as it is done as a
measure of prevention rather than waiting for certain crime to take place in the industry.
◊ Reduction in the cost of investigation: The cost of investigation is reduced as the
prevention plans and measures are taken before occurrence of the crime.
◊ Monitoring targeted security: The Identification phase of the IRP identifies the areas
which may get exploited and the prevention measures are taken according.
◊ Increasing the Confidents of the Stakeholders: The stakeholders of the organization trust
the organization with many confidential data, thus the IRP helps in restoring their trust in
the company.
◊ Penalties can be avoided as the information is readily available.
Constraints:
The response protocols are outdated. The organization’s real-time security handling does
not collaborate with the protocols undertaken by IRP.
Testing the procedures implemented is not considered in the IRP.
Not all damages are recoverable, the data loss or confidentiality of the data cannot be
restored.
IRP does not have forensic analysis. Hence, physical threat of the organization may
remain open.
6INCIDENT RESPONSE PLAN
Conclusion:
Incident Relationship Plan is important for an organization to create a quick response to
an incident that has taken place in an organization. The security breaches and privacy loss is very
frequent occurrences in the information system, hence to prevent the further breaches of the
security in the system, by knowing the places where the hackers can attack not only saves the
data but also the company’s reputation. Though using IRP is beneficial there are a few
constraints of IRP which has to be considered as well while implementation so that efficient
security measures can be taken.
Conclusion:
Incident Relationship Plan is important for an organization to create a quick response to
an incident that has taken place in an organization. The security breaches and privacy loss is very
frequent occurrences in the information system, hence to prevent the further breaches of the
security in the system, by knowing the places where the hackers can attack not only saves the
data but also the company’s reputation. Though using IRP is beneficial there are a few
constraints of IRP which has to be considered as well while implementation so that efficient
security measures can be taken.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7INCIDENT RESPONSE PLAN
References:
Alsmadi, I. (2019). Incident Response. In The NICE Cyber Security Framework (pp. 331-346).
Springer, Cham.
Athinaiou, M., Mouratidis, H., Fotis, T., Pavlidis, M., & Panaousis, E. (2018, September).
Towards the Definition of a Security Incident Response Modelling Language.
In International Conference on Trust and Privacy in Digital Business (pp. 198-212).
Springer, Cham.
Bromiley, M. (2016). Incident Response Capabilities in 2016: The 2016 SANS Incident
Response Survey. SANS Institute, June.
Chilcott, R. P., Larner, J., Durrant, A., Hughes, P., Mahalingam, D., Rivers, S., ... & Pinhal, A.
(2019). Evaluation of US Federal Guidelines (Primary Response Incident Scene
Management [PRISM]) for Mass Decontamination of Casualties During the Initial
Operational Response to a Chemical Incident. Annals of emergency medicine, 73(6), 671-
684.
Edelman, B. (2019). Cyber Breach? Use This Framework to Create a Response Plan. Journal of
Financial Planning, 32(8), 28-29..
Mu, B., & Zheng, J. (2019). Study on Incident Response System of Automotive
Cybersecurity. Security and Privacy in New Computing Environments, 198.
Saunders, J. (2017). Tackling cybercrime–the UK response. Journal of Cyber Policy, 2(1), 4-15.
Thompson, E. C. (2018). Incident Response Frameworks. In Cybersecurity Incident
Response (pp. 17-46). Apress, Berkeley, CA.
References:
Alsmadi, I. (2019). Incident Response. In The NICE Cyber Security Framework (pp. 331-346).
Springer, Cham.
Athinaiou, M., Mouratidis, H., Fotis, T., Pavlidis, M., & Panaousis, E. (2018, September).
Towards the Definition of a Security Incident Response Modelling Language.
In International Conference on Trust and Privacy in Digital Business (pp. 198-212).
Springer, Cham.
Bromiley, M. (2016). Incident Response Capabilities in 2016: The 2016 SANS Incident
Response Survey. SANS Institute, June.
Chilcott, R. P., Larner, J., Durrant, A., Hughes, P., Mahalingam, D., Rivers, S., ... & Pinhal, A.
(2019). Evaluation of US Federal Guidelines (Primary Response Incident Scene
Management [PRISM]) for Mass Decontamination of Casualties During the Initial
Operational Response to a Chemical Incident. Annals of emergency medicine, 73(6), 671-
684.
Edelman, B. (2019). Cyber Breach? Use This Framework to Create a Response Plan. Journal of
Financial Planning, 32(8), 28-29..
Mu, B., & Zheng, J. (2019). Study on Incident Response System of Automotive
Cybersecurity. Security and Privacy in New Computing Environments, 198.
Saunders, J. (2017). Tackling cybercrime–the UK response. Journal of Cyber Policy, 2(1), 4-15.
Thompson, E. C. (2018). Incident Response Frameworks. In Cybersecurity Incident
Response (pp. 17-46). Apress, Berkeley, CA.
1 out of 8
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.