LSNB Incident Response

The National Incident Management System is a systematic guideline on how to effectively plan, mitigate, respond and recover, from significant incidences especially those that encompass diverse interest and involves all levels of governments. It works hand in hand with the National Response Framework, which provides structure for incident management while NIMS provide the guide for all departments and agencies at all levels of government, nongovernmental organizations, and the private sector to work flawlessly during incident management to reduce loss of life and property (U. S. Department of Homeland Security, 2008). The core aspect of the National Incident Management System during incident response is the Incident Command System (ICS),

After the business continuity plan is completed Incident Response (IR) planning and incident response plan should be performed and established. An incident response plan is “a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets.” (Whitman) This is done by first forming an IR committee, establishing an IR policy that integrates the business impact analysis into the incident response plan.

The ICS has an Incident Commander and their staff will make operational decisions and allocate resources to implement these decisions. “The ICS is the framework necessary to manage the resources, personnel, apparatus, and equipment, used to mitigate the

Incident Management Systems (IMS) are structures used to manage and co-ordinate a response that is outside business as usual parameters. These critical incidents usually involve threat to life and property and can threaten important infrastructure, making it a priority to deal with the situation in an efficient and expedient manner (Dwyer & Owen, 2009). The response to these incidents may be by a single agency, though usually will require the input from several other agencies such as the police, fire service, ambulance service, civil defence, health service, defence force, or private organisations. All of these organisations bring their own

The organization develops, distributes, and reviews/updates. A formal, documented incident response policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance. ISSO provide refresher training. Incident response training includes user training in the identification and reporting of suspicious activities, both from external and internal sources. The organization employs automated mechanisms to provide a more thorough and realistic training environment.

Staff should know their roles and responsibilities during an incident and they should be cognizant of the contingency policies, procedures and the team members. Exercises will give the team the necessary knowledge, skills and tools need to handle incidents when they occur. The tabletop exercise will make the exercises involving simulated incidents more useful for preparing staff for incident handling (800.61).

There are five characteristics of an effective accountability system. The system should meet some objectives, including accounting for exact location of each individual at the emergency scene at all times and provide for expansion to meet the needs of the incident. (Angle, 2016, p. 123). Accountability would ensure the safety of responders and if there is any need for a rescue, the need would be identified as soon as possible. Additionally, accountability is more important if the responders have to move about and expand to do other tasks within the scene. Based on the distribution of tasks and responders at the scene, the incident commander would be able to delegate tasks according to the situation at hand. The system also needs to ensure that individuals are checked in at the start of the incident and provide for visual recognition of the incident. (Angle, 2016, p. 123). Furthermore, the system should provide for points of entry into the hazard zone.

Due to the recent change in board director members, this information is being furnished as an opportunity to learn about the inner workings of our emergency services organization. Although we maintain our own policies and procedures, there are many directives handed down by other authorities that we do need to adhere to.

Preparation is the key to effective incident response. Even the best incident response team cannot effectively address an incident without predetermined guidelines. A strong plan must be in place to support your team. In order to successfully address security events, these features should be included in an incident response plan:

An incident command system or ICS can be referred to as a standardized approach to hazards and incidents management that are based on the scene of the incident (FEMA, 2012). This on-scene approach gives room for the integration of the equipment, facilities, staff , communication system and procedures that operate in a central structure of an organization. It also gives room for the coordinated response among several agencies concerned with the emergency be it in the private sector or the public sector. Lastly the ICS aids in the establishment of a localized process for planning as well as managing the resources.

This is the step where the team determine if an incident has occurred. Based on events observation, indicators, the team look for deviations from normal operations. The team look for malicious acts or attempts to do harm. The security mechanism in place will help the team doing the identification. Incident handler team will use their experience to look at the signs and indicators. The observation could occur at network level, host level or system level. It’s where the team leverage the alerts and logs from routers, firewalls, IDS, SIEM, AV gateways, operating system, network flows, etc. After identifying an incident the team need to assess the impact. Notify the appropriate individuals or external parties. If there are reasons to believe

Incident response is critical to any organization and time is of the essence. The organization would use NIST 800-61incident handling guide and its’ four major phase approach as a template to handle all identified incidents. Once the alert for the event was triggered a member of the CIRT would respond and begin the initial steps of incident management; detection and identification.

The person responsible for information security as described in clause 7(a) above will ensure a timely, effective and orderly response to information security incidents. Knowledge gained from analysing and resolving information security incidents will be used to reduce the likelihood or impact of future incidents.

The formation of an ISIRT is an essential activity in the plan and prepare phase. ISIRTs provide organisations with the suitable proficiency to assess, respond to and learn from information security incidents. Blyth’s Books should establish an Information Security Incident Response Team (ISIRT) that encompasses individuals from different departments in the organisation. Their contact information should be accessible to all in the organisation. Their roles should be clearly defined with regards to synchronization and rapport with other parties, feedback to the management, communication and relationship with other departments in the organisation. Mechanisms of assistance which comprises tools such as Intrusion Detection Systems (IDSs), Intrusion Prevention Systems (IPSs) and log monitoring systems should be set up and put into effect to aid the ISIRT in monitoring and detection.

The procedure of the incident response team will typically give priority to establish a unit with capabilities to be ready and also ensure that the systems, networks and all the applications are adequately and sufficiently secure. The incident response team is not responsible for any of the