Running Head: SECURITY GAP ANALYSES e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e
e e e e e e e e e e e e e e e e e e e e 1
IT 552 : Incident Response Plan
SNHU
SECURITY GAP ANALYSES e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e
e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e 2
Introduction
An incident response plan has been designed for Multiple Unite Security
Assurance (MUSA) Corporation. Some of the main reasons for the low security posture
of the organization include the theft of a high number of laptop and a high number of
security incidents. This incident response plan would basically help to address the
security gap that crippled the security system of the firm. Some of the key security
elements that have been captured in the plan relate to authority, terms, and definition,
roles and responsibilities, program, education and awareness, communications and
compliance.
Authority
One of the fundamental elements of the initial response plan is an authority. The
Multiple Unite Security Assurance (MUSA) Corporation has designed this incident
response plan to address the security gaps (Information Security Incident Response Plan,
2019). For instance, MUSA would have complete authority over the assets of the
organization i.e. the laptops. Similarly, MUSA would have to design security rules and
guidelines at the organizational context which the employees would have to follow in
order to fill the identified security gaps in an effective manner (Information Security
Incident Response Plan, 2019). The fundamental intention of designing the document is
to strengthen the security posture so that the high theft of laptops and high security
incidents in the organization setting can be curtailed.
Terms and Definition
Asset –
Any object, equipment or device which has a value for Multiple Unite Security
Assurance (MUSA) Corporation. Laptops are assets of the organization.
Incident –
SECURITY GAP ANALYSES e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e
e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e 3
An incident can be defined as an unwanted information security happening or a
series of unwanted information security happenings that might result in any harm to the
firm’s information assets.
Incident response plan –
An incident response plan is a written document which contains the approach
that MUSA will employ in order to address and effectively manage security incidents.
Information Security –
It refers to the preservation of confidentiality, integrity, and availability of
information. It revolves around CIA triad. In addition to these elements, the information
security also focuses on accountability, reliability, and authenticity of the information.
Threat –
A threat refers to a probable cause of some kind of unwanted incident which
might result in harm to the MUSA organization or its IT system.
Roles and Responsibilities –
The roles and responsibilities of all the involved personnel must be categorized
so that the security landscape can be enhanced. Some of the main roles and
responsibilities have been highlighted below.
Director of MUSA –
He would be primarily responsible for the entire information security in Multiple
Unite Security Assurance Corporation. He would design strategies to minimize the level
of risk exposure and make sure that the activities that are conducted by MUSA do not
give rise to unnecessary risks that could compromise the IT security model of the entity.
Incident Response Point of Contact (POC) –
SECURITY GAP ANALYSES e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e
e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e 4
This individual would be responsible in the communication scene. The person
would act as the main Point of Contact who would be responsible to communicate and
engage with the media and necessary external parties about any security incident.
Owner of the information –
The information owner would be responsible to create the initial classification of
the information, and approve decisions relating to control measures and access
privileges. He would have to perform the frequent reclassification procedure and make
sure that all kinds of risks can be effectively managed in the information context of
Multiple Unite Security Assurance (MUSA) Corporation. e e
User –
The user would be another vital stakeholder in MUSA who would be primarily
responsible to comply with the various provisions relating to the policies practices and
protocols. For example, the employees of MUSA would act as a key user in the
organizational context.
Program
The Director of the MUSA organization would be primarily responsible to
manage the information security incident response for the entity. The IT team of the
organization comprising of experts would be responsible to design the procedures and
protocols relating to the security model. The information owner would have to give the
necessary approvals and make decisions regarding the control measures and access
privileges. The work groups would have to be strategically formed so that the employees
of MUSA would have a clear understanding of their respective roles and responsibilities.
The programs and procedures would be reviewed by the IT team on an annual basis and
accordingly suitable changes would be introduced in the same. The program would act
as the security framework that would guide the employees to implement the necessary
SECURITY GAP ANALYSES e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e
e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e 5
security measures so that incidents relating to the theft of laptops and other security
concerns could be avoided or averted. The program would basically help to identify any
security threats and bring it to the notice of the requisite IT team or network
administrator so that necessary actions could be taken.
Education and Awareness
It is necessary for MUSA to educate its organizational personnel about handling
their work stations and laptops in a safe manner so that the instances of theft can be
minimized. The training programs must be designed so that the organization’s systems
and laptops can be handled in a secure manner (Information Security Incident Response
Plan, 2019, p 9). Similarly, the training must also encompass details relating to handling
the data and information on the laptops in a safe manner so that in case the possession
of the laptop is comprised, the data could not be accessed by outsiders.
It is necessary for MUSA to hold Education and Awareness programs on a
frequent basis. It would make sure that it could receive the necessary cooperation and
support from the staff members and departments to strengthen its security posture
(Incident Response Plan Overview, 2019).
Communications
Communication would be of primary importance throughout the entire incident
response plan. Thus in the business setting of Multiple Unite Security Assurance
Corporation, it is necessary that there exists a controlled and transparent communication
network which can effectively envelop any security incident in an effective and
appropriate manner (Information Security Incident Response Plan, 2019). It is necessary
for the entity to define the specific circumstances when the organizational personnel,
partners or customers would not be informed about an issue. Similarly, in case of laptop
theft, it is necessary to intimate the employee whose laptop has been stolen so that he
SECURITY GAP ANALYSES e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e
e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e 6
will be aware of the security-related incident. There is the need to establish relevant
procedures and protocols that employees need to follow so that they can take the
necessary security measures to avoid security incidents (Information Security Incident
Response Plan, 2019, p 9).
In order to empower the employees of MUSA as well as the management, the
communication model would play an extremely important role. It is necessary to have in
place the exact communication approach that needs to be followed when a security
breach takes place. As information that MUSA deals in is highly confidential in nature,
it has to introduce a number of secure channels of communication. Suitable
communication points must be established in the internal context of MUSA so that
information could flow in a streamlined manner.
Compliance
Multiple Unite Security Assurance (MUSA) Corporation is primarily responsible
for implementing and making sure that compliance with all the necessary rules,
regulations, laws and policies is in place. For example, one of the main issues that are
being focused upon is the high instances of security instances in the organizational
setting (Information Security Incident Response Plan, 2019, p 9). Thus MUSA must
implement the policies and practices that have been introduced by the Health Insurance
Portability and Accountability Act (HIPAA) of 1996. It is necessary to abide by this Act
as the secretive information pertaining to employees could be stolen by unauthorized
users. In fact, MUSA must employ an efficient and dedicated security response tea
which could take the necessary response and reporting techniques to deal with the
security concern.
Similarly, the business entity must also comply with ISO /IEC 27035 which
relates to information security incident management. It would help MUSA to manage
SECURITY GAP ANALYSES e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e
e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e 7
various kinds of security incidents in an effective manner. In fact, the firm would be in
a position to take corrective and detective actions so that the adverse implication of an
unwanted event could be curtailed to a possible extent (ISO/IEC 27035 Security incident
management, 2019).
Implementation
The implementation and execution of the incident response plan would have a
direct implication on how well Multiple Unite Security Assurance (MUSA) Corporation
is prepared to strengthen the Information Technology security model. During this stage,
it is necessary to focus on the key security measures or initiatives as they would help to
plan and develop tactical projects to meet the core plan components. MUSA must
introduce in place the relevant and suitable performance measures as well as the
auditing requirements relating to compliance (Information Security Incident Response
Plan, 2019).
While implementing the incident response plan throughout the organizational
setting, it is necessary to involve the organizational personnel so that they can take
necessary steps from their end to keep a tab on the high number of security instances
and a high number of thefts of laptops. The proper execution of the response plan
would be of paramount importance to address the security gaps that cripple the security
posture of the entity.
Procedure for sharing information with outside parties
Some of the outsider parties with whom Multiple Unite Security Assurance
(MUSA) Corporation must interact and share information on a regular basis include its
customers, media, internet service providers, incident reporters, and law enforcement
agencies (Cichonski et al., 2012, p 19). It is necessary for MUSA to follow a
methodical approach to communicate and engage with these outside parties. So a robust
SECURITY GAP ANALYSES e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e
e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e 8
media communication procedure must be introduced which could streamline the manner
in which the firm interacts and discloses the necessary information with outsiders
(Cichonski et al., 2012, p 19).
It should designate a single point of contact and an additional contact point that
could be used as a backup. Some of the key procedures and actions that must be
followed for sharing information with outside parties in an efficacious manner include
conducting regular training sessions to share appropriate information on incidents with
necessary outsiders such as media, and enabling proactive sharing of information in the
internal context so that it can pass on to outsiders (Cichonski et al., 2012, p 20). While
engagement with law enforcement, it is necessary that a designated individual must
establish the contact. It would make sure that there is consistency and uniformity in the
flow of information and communication.
MUSA must follow a methodical procedure for sharing information with outside
parties so that only the information that is needed to be shared with them would pass on
to them. Thus a single point of contact must be designated who would act as the central
figure around which the external communication would be framed (Cichonski et al.,
2012, p 19). The firm would have to establish communication with a wide range of
external participants such as vendors, customers, media, internet service providers,
incident reporters, and other external teams. So it is vital for the entity to provide the
necessary training to the employees or individuals who would play an active role in the
communication system (Cichonski et al., 2012, p 19). e By getting necessary training and
guidance, MUSA would be in a position to share the relevant information and details
that must be shared with outside parties.
SECURITY GAP ANALYSES e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e
e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e e 9
References
Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident
handling guide. NIST Special Publication, 800(61), 1-147.
Information Security Incident Response Plan. (2019). Retrieved from
https://www.oregon.gov/das/OSCIO/Documents/incidentresponseplantemplate.pdf
Incident Response Plan Overview. (2019). Retrieved from
https://resources.infosecinstitute.com/category/certifications-training/csih-
certification/creating-an-incident-response-plan/#gref
ISO/IEC 27035 Security incident management. (2019). Retrieved from
https://www.iso27001security.com/html/27035.html
