Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
8.1.2.2 Develop Supporting Strategies<br />
Once purpose and goals have been defined, strategies must be<br />
developed that allows the organization to meet them:<br />
• Identify the organizational infrastructure components to be<br />
monitored (network level/system level/component level).<br />
• Identify and make use <strong>of</strong> pre-emptive protection mechanisms<br />
to avert incidents.<br />
8.1.2.3 Acquire Tools and Resources<br />
Incident Response requires dedicated and specialized tools for both<br />
monitoring and response tasks and these resources must be acquired<br />
prior to the occurrence <strong>of</strong> an incident:<br />
• Identify and acquire Monitoring resources.<br />
• Identify and acquire Analysis resources.<br />
• Identify and acquire Response resources.<br />
8.1.2.4 Document the Plan<br />
Use the information derived in the foregoing steps to create a<br />
formally documented plan that can be distributed/made available to<br />
appropriate personnel in the event that an incident occurs:<br />
• Include plan supporting information to provide background<br />
and context to make the plan easier to understand and<br />
implement.<br />
• Detail plan detection phase in order to establish processes to<br />
be followed to discover and identify incidents.<br />
• Detail plan analysis phase in order to indicate the measures<br />
that are to be taken to determine and understand the nature<br />
<strong>of</strong> an incident.<br />
• Detail plan containment and eradication phase in order to<br />
indicate the measures that are to be taken to limit the spread<br />
<strong>of</strong> an incident and eliminate the deleterious effects <strong>of</strong> the<br />
incident.<br />
• Detail plan recovery and post-recovery phase in order to<br />
establish a structured return to normal operations.<br />
8.1.3. Test the Plan<br />
To ensure the applicability <strong>of</strong> the plan and to verify that the plan can be acted<br />
upon as created, periodic testing should be performed:<br />
8.1.3.1 Define Testing Methodologies and Tests<br />
Plan testing is a critical component <strong>of</strong> IR planning as it determines the<br />
viability <strong>of</strong> the plan and identifies any gaps that may exist in the plan:<br />
• Determine the capabilities that should be included in the<br />
testing program.<br />
• Determine the manner by which testing should be conducted.<br />
31