Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
8 Incident Response<br />
Section 8.1 constitutes the State <strong>of</strong> Kansas’ Security Incident Response <strong>Policy</strong>. This policy is<br />
accompanied by defined Security Incident Response Mandatory and Non-Mandatory<br />
Procedures and Baselines that are distributed in a companion document.<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
8. Incident Response <br />
8.1. Incident Response<br />
8.1.1. Build a Team and Provide Training (4 sets) (4 sets)<br />
8.1.2. Build an Incident Response Capability (4 sets) (5 sets)<br />
8.1.3. Test the Plan (3 sets) (2 sets)<br />
8.1.4. Operate the Plan (5 sets) (3 sets)<br />
8.1 Incident Response<br />
The State <strong>of</strong> Kansas requires that a Security Incident Response capability be developed<br />
and implemented for all information systems that house or access State controlled<br />
information.<br />
Incident response capabilities are used to monitor for security incidents, determine<br />
the magnitude <strong>of</strong> the threat presented by these incidents, and to respond to these<br />
incidents. Without an incident response capability the potential exists that, in the<br />
event that a security incident occurs, it will go unnoticed and the magnitude <strong>of</strong> harm<br />
associated with the incident will be significantly greater than if the incident were<br />
noted and corrected.<br />
The incident response capability will include a defined plan and will address the<br />
following stages <strong>of</strong> incident response:<br />
• Preparation<br />
• Detection<br />
• Analysis<br />
• Containment<br />
• Eradication<br />
• Recovery<br />
• Post-Incident Activity<br />
Further, the State requires the use <strong>of</strong> automated tools, or a dedicated incident<br />
response management process, to aid in incident response operations. These tools<br />
must have the ability to capture incident response information, alert appropriate<br />
personnel, and provide reporting on the details <strong>of</strong> any incidents that occur.<br />
All incidents will be logged and tracked in the incident response management system<br />
and the existence and nature <strong>of</strong> the incidents will be reported to the State <strong>of</strong> Kansas’<br />
Chief Information Security Officer.<br />
To facilitate incident response operations, each agency will be required to assign<br />
responsibility for incident handling operations to an incident response team. In the<br />
26