information security response

Chapter 19: information security response

Security plans

Get Your Custom Essay Written From Scratch

We have worked on a similar problem. If you need help click order now button and submit your assignment instructions.

Get Answer Over WhatsApp Order Paper Now

Just from $13/Page

Physical security

Logical security


Proper disposal of assets

Policies and training to guide employees

What to protect

Information security protects three aspects of data systems – CIA

Confidentiality – only authorized access is permitted

Integrity – protect against unauthorized alteration

Availability – data systems and data are available

Ways to improve Availability: UPS, RAID, Clustering critical servers, install failover capability

Information security risks





Malicious hackers

Bored students

Unhappy employees

Helpful employees


Lazy engineers

Hardware failure


A Threat that exploits to attach your company

Gap in protection methods

Scan regularly for vulnerabilities


Preventative actions taken to stop an attack

Warning sensors

Technical solutions

Administrative actions to reduce vulnerabilities

Physical security

Fence around company’s buildings

Locked doors

Locked door on data center

Technical security

User ID and passwords

Access control list (ACL)

Controls on routers and wireless access points

Change default passwords

Lock down equipment

Data security

Types of Data:

Personally identifiable information (PII)

Student records

Medical records

Credit card or check numbers

Data security – cont’d

Protect Data:

Encrypt all portable data

Incoming and outgoing data much be encrypted using a company-approved standard

Disable USB ports

All devices mush be physically destroyed

Company documents shredded

Implement a clean desk policy

Screen saver time-out and password protected

Social engineering

Phone call from someone claiming to be Help Desk asking for ID information

Official-looking person claiming to be repairman

Hacker who search online social media looking for IT people at certain company

Person walking behind an employee towards a security door

Caller pretending to be vendor

Person quietly watching over someone’s shoulder

Dumpster diver

Incident management

Details the initial action steps necessary to:

Stop the intrusion

Contain the damage

Gather evidence as to the source


Actual impact

Plan contents

Confirm the incident is not a false positive

Activate the response team

Open the telephone bridge

Assess the situation

Incident management team checks rest of IT systems for potential break-ins

Incident after-action review

Conduct a review within a few days of incident

Format for review questions:

What happened?

What should have happened?

What went well?

What did not go well?

What will be done differently next time?

Testing the response plan

Test the plan with the team regularly

Testing updates to the procedures

Testing for new team members

Testing may help to determine false-positives

Preserving forensic evidence

Types of evidence to collect:


Time difference on each device

Hash of every data set

System log files

Establishing policies

Typical policies include:

Incident response

Acceptable use

Acceptable use policy should address:

Social engineering

Password management

User ID

Data policy

Patching policy

Educating employees

Employees are the number-one security threat

Essential that all employees are trained

Users should understand the importance of proper data disposal

Ongoing user awareness program

Verify training through exams


Information security is an important part of the BCP

Information security requires constant vigilance to prevent criminal activity

Incident response planning must be completed before it is needed

.MsftOfcThm_Accent1_Fill { fill:#4472C4; } .MsftOfcThm_Accent1_Stroke { stroke:#4472C4; }

Needs help with similar assignment?

We are available 24x7 to deliver the best services and assignment ready within 3-4 hours? Order a custom-written, plagiarism-free paper

Get Answer Over WhatsApp Order Paper Now