Case Study Week 6 Sec 280

Due to the severity of the most recent malware attack on Gem Infosys, I have been tasked to formulate an incident response policy to reduce network down time if future incidents occur. An incident response policy is a plan that will allow Gem Infosys to function appropriately in a time of incident so that issues can be contained, resolved, and network operations are restored as quickly as possible. The incident response policy will cover topics such as the development of an incident response team, disaster recovery process, and business continuity planning. This document will serve as an outline to the official incident response policy that will be distributed company wide later next week.

The first thing that needs to take place before another incident occurs is the development of an Incident Response Team. The incident response team will be comprised of employees with expertise in different areas. These individuals will have combined knowledge and skills to respond to an incident. Due to the complex nature of incidents, the team needs to have extensive training on concepts such as how to identify and validate an incident, how to collect evidence, and how to protect the collected evidence.

I would like to start by creating our incident response team with four key members. One member will be from senior management. This is because someone needs to be in charge with enough authority to get things accomplished. The second member will be a network administrator. It is necessary to have a technical person who can adequately understand the problem and be able to relay the issue to other team members. The third person will be a security expert. A security expert is needed to collect and analyze evidence using forensic procedures. The fourth and final member will be a communications expert. This would be a person from public relations. If an incident needs to be relayed to the public, a public relations person should be the one to do so.

Once a...