Introduction
How ready the information technology team in an organization is to deal with incidents of security counts a lot during incident-response. Some organizations only get to know how to tackle security incidents after they have had one. By then, these incidents always turn out to be more expensive that they would have been if planned for earlier. An analysis of the development of an incident-response policy revealing processes like the formulation of an incident-response team, a disaster recovery process, and a plan for business continuity at Gem Infosys to minimize network downtime when security incidents occur in the future.
Incident-response policy
It is important first of all, to reduce the number and seriousness of security incidents. Security incidents cannot be totally prevented; therefore, it is advisable to minimize the impact and network downtime. This can be achieved by formulating and enforcing security policies and procedures, acquiring support from management for policies on security and tackling of incidents, and regularly assessing of vulnerabilities in the organization. Routine checking of all systems and network appliances to ascertain that they are updated, introducing training on security for the IT staff and users, and formulating an Incident response team to handle incidents of security also help minimize network downtime.
Developing an incident response team
An incident response team comprises of people with the duty of handling incidents of security with well defined responsibilities that guarantee that all areas of response are covered. Bringing together a team prior to an incident taking place is vital and will contribute to the successful handling of incidents (Conclin et al, 2012). An efficient team will supervise systems for any breaches on security, record incidents of security, endorse for awareness on security within the organization to help in minimizing security incidents, research on new attack strategies while updating existing systems, and building new technologies for reducing security risks. After creating an incident response team, the team should be trained on the correct use and position of important security tools, and collecting all necessary communication data. All information on emergency systems should be put in a common location. It may comprise of crucial passwords, information on router configuration, important contacts, and duplicates of certified keys.
All the members of the incident-response team should know what is required from them in case of an incident. They are expected to revise the incident response policy in detail. An incident response plan entails performing an initial assessment, reporting the incident, controlling the damage and reducing the risk, classifying the type and seriousness of the incident, and protecting the evidence. Recovering systems, putting together incident documentation, measuring the damages and cost incurred by the incident, reviewing of response and renewing of policies are also duties of the team.
Disaster Recovery Process
The disaster recovery process generally lies on how serious the security breach is. First of all, it should be determined whether the initial system can be repaired and still function properly or whether the system needs to be built again. Restoring of data ultimately depends on the backup created. A good backup will always give an alert in cases of any damage. Without a good backup, an incident can damage the systems for a long time before realization. During the incident response process, it is advisable to ascertain the time the incident lasted.
Conclusion
A business continuity plan is important in keeping the business running even after an incident attack. Gem Infosys needs a business continuity plan that is supported by secure and international IP infrastructure that helps in quickly recovering from all types of incidents. The most important element of a business-continuity plan is network continuity (Snedaker, 2007). Network downtime can be reduced by combining network facilities to back up, recover or protect the important services of communication, and data. A good business-continuity plan ensures that people remain connected to each other and to suppliers and consumers despite the extent of the incident.
References
Conclin, A., White, G., Williams, D., Davis, C, Cothren, C. & Schou, C. (2012). Principles of Computer Security CompTIA Security+ and Betond (Exam SYO-301). New York: McGraw Hill Prof Med/Tech.
Snedaker, S. (2007). Business Continuity and disaster recovery planning for IT professionals. Amsterdam: Elsevier.