Cybersecurity program

Running Head: INCIDENCE REPORTING

INCIDENCE REPORTING 3

Student Name

School NAME

Date

TABLE OF CONTENT

1.0 Procedure to initially identify and document an incident…………...…………......…………3

2.0 How to inform tactical operational managers, internal and external stakeholders, and/or individuals affected…………………………………………………………………………...3

3.0 How to investigate the breach, mitigate harm to individuals, and protect against further breaches……………………………………………………………………………………….4

4.0 Enforcement mechanisms for breaches and non-adherences……………………………...….4

5.0 Procedures to assess the damage to the organization and estimate both the damage cost and the cost of the containment efforts…………………………………………...……………….4

6.0 Procedures to review response and update policies…………………………………………..5

7.0 Reference……………………...…………………………………...…………………………6

Procedure to initially identify and document an incident

An incidence response plan is a set of instructions applied by the IT staff to detect, respond to, and recover from the security incidents. Incidence response plan addresses issues such as data loss, cybercrimes, and service outages that pose threats to the daily tasks.This should be conducted in 10 steps (Abimbola, 2007). The first step is the security incident report-contact information. The security incidence report should contain information to meet compliance, thus it's crucial to make a form where certain information will be contained in various segments. The information should include reporting personnel's name and title, work and mobile numbers, the name of the organization's security officer, and any other crucial information. The other steps include the description of the security incidence, the sensitivity of the information involved in the security breach, notification, mitigation, security officer signature, security incident log, and lastly the retention of all security incident reports and logs.

How to inform tactical operational managers, internal and external stakeholders, and/or individuals affected

Risks need to be communicated to the involved stakeholders who might be impacted by the security incident before, during, and after a project to ensure their expectations and opinions are upheld (Abimbola, 2007). The procedure of informing the stakeholders of the security incident involves four basic steps. The first step is to involve the whole team. Risk management requires the involvement of all members especially if individuals hold expertise in certain risk areas. Considering the stakeholder's location is the next step that should be taken. If the stakeholders are not located near the project, it might be difficult to communicate effectively. However, you can choose communication channels such as telephone calls, email, or instant messages to reach out to the stakeholders. You can utilize technology to conduct the risk analysis will help in identifying high-risk areas of the user's systems. You can also use reports and alerts to communicate effectively with tactical operational managers and other involved stakeholders.

How to investigate the breach, mitigate harm to individuals, and protect against further breaches

To investigate the breach, one should first detect the data breach, and then take urgent incident response action, gather evidence related to the data breach from all cybersecurity tools, then analyze the breach (Abimbola, 2007). After analyzing the incident, IT professionals should take containment, eradication, and recovery measures to prevent the breach from spreading. The other step is to notify the related parties such as employees, business partners, and other stakeholders and lastly conduct post-incident activities to prevent a similar issue from occurring in the future.

Enforcement mechanisms for breaches and non-adherences

At the federal level, cybersecurity standards are executed using different methods. The federal trade commission acts as the primary federal consumer protection agency that is responsible for enforcing cybersecurity laws (Abimbola, 2007). It's vital to implement enforcement mechanisms for non-adherences and breaches. Positive enforcement mechanisms encourage compliance with an agreement through the provision of rewards. Negative enforcement mechanisms encourage compliance by threatening or using punishments such as withdrawal of agreements.

Procedures to assess the damage to the organization and estimate both the damage cost and the cost of the containment efforts

Accurate recovery from cybersecurity incidents depends on fast and perfect damage assessment. To assess the damage, the log of the impacted database should be scanned beginning from the attacking transaction to the end. This process is tedious thus other procedures can be followed to accelerate the damage appraisal process. The organization can use data dependency and transactional dependency approaches to assess the damages of cybersecurity incidents to the organization.

Procedures to review response and update policies

Information security policies enable organizations to control information security assets and enable them to build an organized and formal security program (Abimbola, 2007). During the policy updates and response reviews, the IT personnel should keep track of the policies in a centralized location to minimize policy management struggles. Policies should be reviewed annually or when changes are required. The other step is to communicate the policy changes accordingly to the stakeholders, who ensure the language used is simple and precise and ensure the policy has a revision and version information table and lastly ask questions related to the reviewed policies to ensure stakeholders are satisfied with the changes.

Reference

Abimbola, A. (2007). Information security incident response. Network Security, 2007(12), 10-13. doi.org/10.1016/s1353-4858(07)70103-4.

DeVoe, C., & M. Rahman, S. (2013). Incident Response Plan for a Small to Medium-Sized Hospital. International Journal of Network Security & Its Applications, 5(2), 1-20. doi.org/10.5121/ijnsa.2013.520.

Kesari, A. (2020). Predicting Cybersecurity Incidents Through Mandatory Disclosure Regulation. SSRN Electronic Journal. doi.org/10.2139/ssrn.3700243.