Regardless of whether an organization’s policies are perfect, the staff is superior, or the walls are impenetrable, a time will come when an incident occurs. Whether it is a security breach, or an employee is exploited by social engineering, an incident will take place and the organization had better be prepared for it.
In this lab, you will define the purpose of an incident response team (IRT) and identify major elements of an incident response methodology. You will also identify critical management, human resources, legal, information technology (IT), and information systems security personnel required for the incident response team. You will create an incident response policy that defines the incident response team’s purpose and goal and the authority granted during an incident. This is a Theory Lab and does not require the use of a virtual environment.
This lab has two parts, which should be completed in the order specified.
1. In the first part of the lab, you will conduct research on incident response.
2. In the second part of the lab, you will design your own incident response policy.
Part 1: Research Incident Response Plans
1. Using your favorite search engine, search for a sample incident response plan.
2. Review the plan.
3. Describe the key components within the incident response plan you identified. Be sure to cite the plan by including a link.
4. In your browser, navigate to A Six-Stage Methodology for Incident Response.
5. Review the six steps listed on the website.
6. Outline the six-step methodology for performing incident response. List each step and its purpose. How closely does the plan that you reviewed follow this methodology?
Part 2: Create an Incident Response Policy
1. Navigate to the Security Policy Templates webpage, then locate and review the Security Response Plan Policy.
2. Describe how this policy would be associated with an incident response plan.
3. Review the following characteristics of the fictional Bankwise Credit Union:
4. The organization is a local credit union that has several branches and locations throughout the region.
a. Online banking and use of the internet are the bank’s strengths, given its limited human resources.
b. The customer service department is the organization’s most critical business function.
c. The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and information technology (IT) security best practices regarding its employees.
d. The organization wants to monitor and control use of the internet by implementing content filtering.
e. The organization wants to eliminate personal use of organization-owned IT assets and systems.
f. The organization wants to monitor and control use of the email system by implementing email security controls.
g. The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into its annual security awareness training.
h. The organization wants to create an incident response team to deal with security breaches and other incidents if attacked and provide full authority for the team to perform whatever activities are needed to maintain chain of custody in performing forensics and evidence collection.
i. The organization wants to implement this policy throughout the organization to provide full authority during a crisis to the incident response team over all physical facilities, IT assets, IT systems, applications, and data owned by the organization. Create an incident response policy that grants team members full access and authority to perform forensics and maintain a chain of custody for physical evidence containment.
5. Create this policy for the Bankwise Credit Union. The policy should include the following elements.
a. Policy Statement
b. Purpose/Objectives
c. Scope
d. Standards
e. Procedures
f. Guidelines
When you have completed the lab, click the “Download Lab Report as PDF” icon,