Secuity Incident Report

11 April 2010

To: All LEDGrafix employees, contractors, and vendors using LEDGrafix’s information system.

From: Bruce Harris, CISO

Subject: LEDGrafix Security Incident Response Team ( SIRT) Directive

1. This document will be used to establish the SIRT for protection of LEDGrafix’ information system and other network related assets.

2. The team will be made up of at least one personnel representing the following departments; Management, Legal, Information Technology, Security, Human Resources, Public Relations, and Finance. The IT manager will serve as the team chief for the SIRT.

A. Management – The team needs someone with the authority to make decisions that may affect the whole organization

B. Legal – provides advice should the company desire to take legal actions

C. IT – will serve as the team leader and perform first response evaluations

D. Security – secures evidence/facility, detains intruder

E. Human Relations – determines and take appropriate disciplinary measure against employees

F. Public Relations – provide up-to-date and accurate information to media and staff

G. Finance – determines a monetary amount to damage or intrusion

3. The team’s primary goal is to respond effectively to security breaches. The team adhere to six primary functions to achieve this goal:

A. Preparation

B. Notification

C. Response

D. Countermeasures

E. Recovery

F. Follow-up

4. The team will review/upgrade the standard Incident Response Checklist developed by management for the execution of their duties.

5. SIRT Incident Response Checklist

A. Document suspected event or intrusion

a. Time/date

b. Description of incident

c. Contact information of person reporting

B. Report incident to IT or SIRT member

C. SIRT member evaluates information

D. Determine if escalation is necessary (SIRT members)

E. Check Security Resources

a. Activity logs

b. Intrusion detection logs

F. Notification; notify management. Employees and necessary resources about...