2012

Turner Windmill Setters Jared Phillips

[SEC280 CASE STUDY WK5]

0

Jared Phillips

Incident Response Policy

November 27, 2012

Turner Windmill Setters has just recently recovered from a malware attack shutdown for about six days while running multiple computers, a firewall, three file servers, and two web servers. Management at Turner Windmill Setters has asked for an Incident Response Plan just in case if something were to happen like this again. The purpose of having this Incident Response Plan is to recover from a disaster as quick as possible. An incident can be hardware failure, security breach, or even a natural disaster that could affect the company. The first thing you would want to start off with is this Incident Response Plan. This document that includes all the information to deal with specific incidents (Wm. Arthur Conklin, 2004). A company such as Turner Windmill Setters wants to make the response as detailed as it can get that way there is less of a chance for a mistake. Purpose- The purpose of this is to establish a security policy as well as a plan and procedures for Turner Windmill Setters in case of emergency or disaster. Scope- This policy applies to all Turner Windmill Setters employees, contractors, and other person that have access to Turner Windmill Setters information. This policy should only be changed or updated as technology advances.

SEC 280 Case Study Week 5

Jared Phillips

Organizational Structure-The upper level employees should be contacted first in case of a security breach such as IT, CEO, Managers, or anyone that is on the upper level. These team members are to be contacted by phone or personally if needed. In case of emergency these team members need to be contacted immediately.

Information Flow- For reducing server time you would want to do the following. One measures the available area for server equipment (Bartlett). 1

Jared Phillips

Incident Response Policy

November 27, 2012

Next make sure there is enough room for all the cables that way they never cross. Third you want to have a plan laid out on paper (use diagram software). Fourth label each cable individually. Next install an extra PC and configure the keyboard to manage the server (Bartlett). Last but not least control the server maintenance time schedules that way there is an established method for the planned downtime. You will then know what to expect from your network and it wont be such an inconvenience when the downtime actually happens. Breach- In case of loss of control, compromise, or unauthorized use, unauthorized access, or anything other than authorized users for any purpose accessing the information of Gem Infosys. Immediate upper level management is to be notified including IT. There is also a written incident report that should be filled addressing the incident. This written report shall have a point of contact, affected systems and their locations, system description including hardware, operating system, and any other software on the machine, description of the incident, the status of the incident, any damages, and if any corrective action were taken to this incident. A follow up report should be submitted with those who were involved in the incident. The effective dates would be from November 27, 2012 and no later to be reviewed on than November 30, 2013. The Incident Response Team should consist of any professionals that are available and should be working or on call if any incident occurs. The reason for having someone on call is because a disaster or incident can happen anywhere at any time. Also there should be a backup system off site that is easy to be accessed

Jared Phillips

Incident Response Policy

November 27, 2012

to in case of emergency. The company needs to be able to make money and be up and running as quick as possible. There are many types of disasters that could happen rather the disaster are caused by people or a natural disaster and can disrupt a company or organization for long periods of time (Wm. Arthur Conklin, 2004). The network can be disrupted and it doesnt necessarily mean that it is directed toward any certain organization or company. Fortunately we dont have a natural disaster that happens every day. In the DRP (Disaster Recovery Plan) it is very critical in any disaster recovery efforts (Wm. Arthur Conklin, 2004). Some of the questions you may want to address in making a Disaster Recovery plan would be: Who is responsible for the operation? What is needed for the individuals to perform the necessary functions? When should this function be accomplished? Where it will be performed? How it is performed? Why is it so important to the company? (Wm. Arthur Conklin, 2004)

The name used to describe the document that answers these questions is the Business Impact Assessment or Analysis (BIA). By exercising your disaster recovery plans before a disaster actually occurs and it gives you more of an opportunity to discover any flaws within the plan and you would still have time to correct them. The BCP (Business Continuity Plan) is another term used in discussing the organizational operation issue (Wm. Arthur Conklin, 2004). When making any of these plans you always want to make sure that you have a backup and when they should be conducted. You will also want to know where you are going to keep your backup stored in case of emergency. Having a backup off site 3

Jared Phillips

Incident Response Policy

November 27, 2012

is good in case of any natural disaster that way the company can recover quicker. It is important to know when, where, and what type of backup that you are going to use. In conclusion its always important to keep your computer safe and secure, especially in a business aspect. When having a disaster it is important to have a plan to get the company back on track, that way there is no time or money lost in the situation. It's imperative to have an incident response team ready to make use of a disaster recovery plan when an unexpected disaster occurs. The CIRT needs to test, exercise, and rehearse policies and procedures in relation to incidents that can create risk to their company. There are different ways a team can implement policies to reduce the likelihood of personal attacks and natural disasters; in order to protect the confidentiality, integrity, and availability of information within Turner Windmill Setters, a structure has to be applied revolving around a Disaster Recovery Plan and Business Continuity Plan.

Jared Phillips

Incident Response Policy

November 27, 2012

Works Cited Bartlett, B. (n.d.). How to reduce server time. Retrieved December 1, 2010, from eHow: http://www.ehow.com/how_5392975_reduce-server-downtime.html Wm. Arthur Conklin, G. B. (2004). Principles of Computer Security Security+ and Beyond. Burr Ridge: McGraw Hill.