Policy 7230A - Department of Administration
Share Embed Flag
Download ePaper

Policy 7230A - Department of Administration

Policy 7230A - Department of Administration Policy 7230A - Department of Administration

da.ks.gov
10.10.2014 Views

8. Incident Response These Incident Response Non-Mandatory Baselines support the Enterprise Security Policy (ITEC 7230 Rev 1), the Computer Incident Response Policy (ITEC 7320) and the IT Security Response Protocols (ITEC 7320A). Mandatory Non-Mandatory Procedures Baselines Procedures Baselines 8. Incident Response 8.1. Incident Response 8.1.1. Build a Team and Provide Training (4 sets) (4 sets) 8.1.2. Build an Incident Response Capability (4 sets) (5 sets) 8.1.3. Test the Plan (3 sets) (2 sets) 8.1.4. Operate the Plan (5 sets) (3 sets) 8.2. Maintain Records 8.1. Incident Response The following are the Non-Mandatory Baselines that support the Incident Response section of the Default Security Requirements: 8.1.1. Build a Team and Provide Training Incident response is a security control that requires specialized capabilities. Building a team ensures those capabilities are always appropriately provided for: 8.1.1.a Incident Response (IR) Responsibilities • Communications and coordination skills are required to manage the various team members and activities and to share information with employees of the organization outside of the IR team. • Network management skills are required to ensure network functionality and availability during an incident as well as to understand the impact of the incident in regard to network functions. • Systems management skills are required to ensure system functionality and availability during an incident as well as to understand the impact of the incident in regard to system functions. • Security management skills are required to ensure security infrastructure functionality and availability during an incident as well as to understand the impact of the incident in regard to security functions. 24

8.1.1.b IR Roles • IR Team Managers should be assigned primary responsibilities of coordination and communication. Secondary responsibilities can extend into the various technical areas according to the skill set of the individual. • IR Network Leads should be assigned primary responsibilities of network analysis and trouble-shooting. Secondary responsibilities can extend into any area according to the skill set of the individual but are likely to match best to security infrastructure management. • IR Systems Leads should be assigned primary responsibilities of specific system analysis and trouble-shooting. Secondary responsibilities can extend into any area according to the skill set of the individual but are likely to match best to system management of alternate systems. • IR Security Leads should be assigned primary responsibilities of security infrastructure analysis and trouble-shooting. Secondary responsibilities can extend into any area according to the skill set of the individual. 8.1.1.c IR Training • IR training should, at a minimum, address the following: o How to recognize an incident. o How to analyze an incident. o How to contain and eradicate an incident. o How to return to normal operations. o How to communicate and escalate during an incident. o How to operate all IR tools and resources. 8.1.1.d IR Training Scheduling and Frequency • IR training should be provided for all IR team members within 30 days of initial assignment of the individual to the IR team. • IR training should be provided thereafter for all IR team members on an at least annual basis. Where possible, team members will be trained together as a group. 25

8.1.1.b IR Roles<br />

• IR Team Managers should be assigned primary responsibilities<br />

<strong>of</strong> coordination and communication. Secondary<br />

responsibilities can extend into the various technical areas<br />

according to the skill set <strong>of</strong> the individual.<br />

• IR Network Leads should be assigned primary responsibilities<br />

<strong>of</strong> network analysis and trouble-shooting. Secondary<br />

responsibilities can extend into any area according to the skill<br />

set <strong>of</strong> the individual but are likely to match best to security<br />

infrastructure management.<br />

• IR Systems Leads should be assigned primary responsibilities<br />

<strong>of</strong> specific system analysis and trouble-shooting. Secondary<br />

responsibilities can extend into any area according to the skill<br />

set <strong>of</strong> the individual but are likely to match best to system<br />

management <strong>of</strong> alternate systems.<br />

• IR Security Leads should be assigned primary responsibilities<br />

<strong>of</strong> security infrastructure analysis and trouble-shooting.<br />

Secondary responsibilities can extend into any area according<br />

to the skill set <strong>of</strong> the individual.<br />

8.1.1.c IR Training<br />

• IR training should, at a minimum, address the following:<br />

o How to recognize an incident.<br />

o How to analyze an incident.<br />

o How to contain and eradicate an incident.<br />

o How to return to normal operations.<br />

o How to communicate and escalate during an incident.<br />

o How to operate all IR tools and resources.<br />

8.1.1.d IR Training Scheduling and Frequency<br />

• IR training should be provided for all IR team members within<br />

30 days <strong>of</strong> initial assignment <strong>of</strong> the individual to the IR team.<br />

• IR training should be provided thereafter for all IR team<br />

members on an at least annual basis. Where possible, team<br />

members will be trained together as a group.<br />

25

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!