Identity Theft Response
bwilson
IncidentResponsePlan.docxIncident Response Plan
Computer security incident response has become an important component of information technology (IT) programs. An incident is defined as "a security event that compromises the integrity, confidentiality, or availability of an information asset" (Gordon, 2015).
Any organization in the business of handling personally identifiable information (PII) should establish an incident response capability. That capability, which requires planning and resources, should consider the following guidelines (Cichonski et al., 2012):
· creating an incident response policy and plan
· developing procedures for performing incident handling and reporting
· setting guidelines for communicating with outside parties regarding incidents
· selecting a team structure and staffing model
· establishing relationships and lines of communication between the incident response team and other groups, both internal (e.g., human resources and legal department) and external (e.g., law enforcement agencies)
· determining what services the incident response team should provide
· staffing and training the incident response team
The National Institute of Standards and Technology's (NIST) Computer Security Incident Handling Guide notes the importance of continually monitoring for attacks and establishing procedures for prioritizing incidents, as well as instituting methods of collecting, analyzing, and reporting data (Cichonski et al., 2012).
References
Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Special publication 800-61, revision 2: Computer security incident handling guide: National Institute of Standards and Technology. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
