Incident Response Team Overview Report (Assessment)

Exclusively available on Available only on IvyPanda® • No AI

Table of Contents

Introduction

IRT is a crucial division of an organization. The team has the responsibility of identifying and handling incidents in a systematic way to precisely investigate, lessen and report it to the concerned individuals in an organization.
Large and well established organizations should take it upon themselves to formally establish Incident Response Teams.
Small organizations should have an informal IRT (Kruse and Heiser, 2007).

The board of directors should be available for all the emergency meetings.
The Incident commander manages the overall responsibility.
The administrator oversees the investigation and notifies the insurance company and other administrators.
The security information officer examines the extent of the incident.
The information security officer prepares the summary of the incident and actions taken to correct the incident.
The information privacy officer checks on the personal information that may have been breached.
The network architecture analyzes the network traffic.
The operation system architecture examines all the system logs.
An auditor checks the systems to ensure that they comply with the security policies.
Human resource personnel provide the list of persons and the emergency contact information for.

Prepare the organization and the IRT before the incident occur.
Identify the incident and initialize the investigation and record the details.
The response strategy is formed and the approval is obtained from the management.
The facts collected are reviewed.
The outcome of the investigation is then reported to the management/decision makers.
The security procedures are then taken in order to provide a long term solution.

Statement of commitment of the management.
Objectives and purpose of the policy.
The extent of the policy.
Definition of the incident and their effect within the context of the organization.
Prioritization of incidents.
Reporting and contact forms.

The staff should continually be given training concerning incidence response (Lucas and Moeller, 2004).
Documents and evidence are the key items that should be protected in the event of an incidence (Fadia, 2007).

Fadia, A. (2007). Network intrusion alert: an ethical hacking guide to intrusion detection. New York: Thomson Course Technology.

Kruse, W. G. and Heiser, J.G. (2002). Computer forensics: incident response essentials. New York: Addison-Wesley.

Lucas, J. and Moeller, B. (2004). The effective incident response team. New York: Addison-Wesley.