Paper
teamwork
projectwork.docxBUSINESS IMPACT ANALYSIS
For the project work, we would like to choose Health Insurance industry and within the Health insurance industry, we would like to discuss about security governance operations. Following is the organizational chart of key personnel in our company.
Our main asset to protect is our client’s PI Data (Personal Identifiable Data). Data flows in from the client which will be stored in our secured infrastructure and since we are acting as Data custodians, it should be our topmost priority to uphold the CIA (Confidentiality, Integrity and Availability) of the data. For this purpose, we have a set of governing policies that define procedures to follow in case of an incident. This piece of document a.k.a the policy document is nothing but the Incident Response Plan (IRP). Critical business systems that needs to be protected in the event of a significant disruption are customer database which includes personal and financial information of our clients (Whitman, Mattord, & Green, 2013).
In this industry, in case of an incident, it is very important to validate if it is an actual incident or a false alarm. Upon validation that the incident needs to be investigated, a meeting is setup with the relevant stakeholders and the security team to discuss the IRP plan and map the resources. In our industry, the resources are nothing but people who will be responsible for implementing IRP. These resources include roles like Case Manager, Investigation Specialist, Security Analyst, Security Engineers. Apart from these important resources, stakeholders and vendors will also be involved as needed. There are multiple phases in the IRP plan. They are:
1. Validation
2. Analysis
3. Remediation
4. Post-Incident activity/Recovery
5. Lessons learned
In our company, scope of the IRP document constitutes data protection, vendor management, stakeholder regrouping, mitigative control measures.
Validation: Soon after an incident is recorded, this will be the first step where a case manager would receive the case from a party that has reported the incident. He then takes up the case and reviews it and engages with the investigation team. The purpose of investigation team is to validate that the incident has actually happened to ensure that the resources are utilized in an optimal manner. The data from this phase is being fed into the Analysis phase. During the process of investigation, data attributes like the number of records, criticality of the data and parties involved
Analysis: After validating the occurrence of incident, case will be forwarded to a security analyst for a review/analysis. He will dive deep and come up with an action plan on how to handle the incident.
Remediation: During this phase of IRP, involved parties will be contacted to implement the security controls that were proposed by the analysis team. For example, purging the data in case of unauthorized data disclosure. In this case, we ask for deletion logs from their Splunk repository to verify data purging.
Post-Incident activity: This phase generally involves development of security controls to avoid the re-occurrence of the incident. This can be done in various ways like user training, strengthening perimeter security devices/controls, employee sanctions depending on the severity of incidents etc.,
Lessons learned: This is the final phase of IRP which involve documenting the incident and learn from the incident which will help us to avoid such incidents in the future (Margaret Rouse, 2017).
The above defined phases may change from enterprise to enterprise depending on the size of organization and availability of resources. IRP is very essential for an organization be prepared for unexpected threats which will impact the productivity and customer/vendor/stakeholder experience.
References Margaret Rouse. (2017, October 12). searchsecurity.techtarget.com. Retrieved from incident response: https://searchsecurity.techtarget.com/definition/incident-response Whitman, M. E., Mattord, H. J., & Green, A. (2013). Principles of Incident Response and Disaster Recovery. New York: Course Technology.
This the project that we have done last week and please go through above and before you work on the below topic
Work on incident analysis and scope
Overview
In addition to the tradeoff decisions, legal issues, and the use of automated technology to in the incident detection process, designated groups must be a part of the Incident Analysis and Scope determination process.
Organizations designate groups to have the primary responsibility for dealing with unexpected situations and reestablishing the security of the organization’s information assets. The members of these groups are carefully selected to ensure the appropriate range of skills. The IR Reaction team, which will be discussed in this chapter, is responsible for responding to declared incidents.
Learning Activities
Readings:
· Chapter 5: Incident Response: Detection and Decision Making
Graded Activities
Team Discussion
Incident Analysis and Scope. The team discussion will continue with this weeks topic. Be sure to discuss the topic from the purview of your perspective team (the name of your team)
