Incident Response

Renee Jones

11/13/2011

Incident Response Plan

A user was at their desk in open their personal email and began reading the emails that they received. Later on they notice strange things were happening to their computer. Right away they contacted the IT department letting them know about the situation. The IT department came to user desk to look at the computer and tried everything to detect what the problem could be. After they were not able to find the problem to right away they contacted the IR Team about the situation. (Security Disciplines for Objective 3: Detection and Recovery)

The IR team reviews the information that they received from the IT department and conducted an initial assessment to find out what was the situation. They then spoke to the individual to get a better understanding of the incident. What they recovered that the individual had been receiving personal emails and that whatever was sent to them had cause the problem with their computer. The IR team collected enough evident and information for the user computer to determined that there had been an incident and that the attack very critical. They determined that it was a virus that could affect not only his system but anybody that they could have sent an email to after they received the email. The team had set up an alert roster which is set up any emergencies that could accrue. The alert roster notified the head of the administrator that was the head of each department informing them the incident. The IR team also sent an alert message by phone to all the employees of the company informing them of the incident and telling them not respond or open any email until they are notified by someone from the IR team and the notification will be by phone. Now that the IR team has communicated the information to the correct individuals, then they would send it out to all employees by voice communication through their phone. After this they will figure out the damage and the risk that it...