This document describes the role of the information security officer in handling the incident. And the response taken by the information security officer and incident response team is assigned to help the information security officer. This information security officer deals with the computer security events, incidents and suspected information technology abuses. This document describes the systematic procedure for handling the security incident.
INCIDENT TRACKING SYSTEM
The chief information officer is approved to take proper measures in responding to information security threats. When confronted with multiple concurrent security incidents. They will respond to the higher levels of incidents. The security levels are distributed into three levels; they are level1, level2, level3. Level 1 is solved with in 3-4 hours and level 2 is solved within 24 hours and level 3 is solved within 24-48 hours.
The information security officer (ISO) serves as the operational lead and leads the investigation. The ISO will appeal to information security incident response procedures. The department will provide core and adjunct members to assist the information security officer during the investigations.
Get your grade
or your money back
using our Essay Writing Service!
All the incidence response team members will be assigned duties based on the incident circumstances. Specific members and their respective roles are outlined. The employee must also inform his/her supervisor immediately. The employees must notify the information security officer if any data has been compromised.
The information security officer informs CIO about the situation. A determination is made whether the incident is suspected security incident or confirmed security incident. Then the team members of ISO are contacted by the ISO. An appreciative of the incident is gained as soon as possible.
Once the probability of the incident is determined an incident or security analyst develops a response strategy. All the truthful information is concerning the incident, functionality of the compromised system, including the type of attack. The goal of the response strategy is to provide an approval response from the information security officer.
Formulate Response Strategy
- Type of Attack
The first step in this section is to determine the response strategy and consider the nature of incident. These incidents are classified based on how they impact on performance of the cloud computing services on the network. These classifications are as follows
The machines in this level are to be considered as risk. The information security officer can detect the threat coming in the future due to this threat..
- Potential problems found proactively via network monitoring tools
Level 1 Incident
Machines at this level are considered vulnerable to know exploits and more threats to the network .the information security officer must take some action or he will be cut off from the network.
- No antivirus program has been detected.
- Machine is sending spam mails un knowingly.
Level 2 Incident
Machines at this level are infected by virus or worm. The ISO must take some action otherwise he will be cut off from the network.
- Viruses (i.e., Sober, Mytob)
- Worms (i.e., Nimda, MyDoom, CodeRed)
Level 3 Incident
Machines at this level are found to be compromised. The ISO must take some action otherwise he will be cut off from the network.
- Compromised computers
- Denial of service attacks
- Rogue DHCP servers
- Unauthorized scanning
These are the additional incidents caused by the impact and performance of the network. They do not harm cause harm to the computers or to the networks. These incidents are carefully investigated by the incident investigator.
- Bandwidth abuse
- Unauthorized access to another's files or email
- Copyright violations
- Stolen IP addresses
Classifying the victim system will help to decide the response strategy, as different strategies will affect the availability of the victim system
Always on Time
Marked to Standard
There are different types of options to formulate a response. Some of them are online response versus offline response. Restoring operations and identifying the attacker. The selected response will decide what actions are taken and which type of resolution is required. There is another type of issue that will affect the response from the origin. The origin of the attack may affect the company. If there are more issues with the origin we have to contact the ISO for further classification.
Incident investigator addresses the level1, level2, level3, miscellaneous incidents as normal operating procedures. I such case the incident investigator or incident analyst or security analyst can function as incident response team. Level3 incidents are addressed by critical response team (CIRT) in instance so mass outbreak or compromise of highly confidential information.