Policy 7230A - Department of Administration
Policy 7230A - Department of Administration Policy 7230A - Department of Administration
8.2. Maintain Records 8.1.4.2 Analyze Discovered Threats Once incidents have been detected analysis is required to determine the appropriate manner in which to proceed with subsequent incident response processes: • Investigate discovered precursors and indicators to determine if a valid threat may occur, is occurring or has occurred. • Fully document all aspects of the incident and incident response. • Prioritize the Agency’s response to incidents according to potential impact. • Notify appropriate individuals within the organization once the threat has been validated and prioritized. 8.1.4.3 Contain Threats to Minimize Loss and Maintain Operations Once incidents have been understood and response prioritized the threat associated with the incident must be contained to prevent impact to other systems and thus minimize overall impact: • Select a containment strategy appropriate to the incident, the impacted system and the available resources. • Gather evidence to allow for further investigation, as the incident progresses and once it is complete, as well as potential prosecution. • Where time and resources permit, identify the attacker to help stop the incident as well as to prepare for potential prosecution. 8.1.4.4 Eradicate Contained Threats and Recover to Normal Operations After threats have been fully contained they must be fully removed from impacted systems and those systems must be returned to normal operational status: • Eradicate all non-evidentiary remnants of incident. • Recover affected systems and system components to preincident status and return to normal operations. • Maintain heightened monitoring of the affected system(s) for a period of time subsequent to an incident to ensure there are no lingering impacts. 8.1.4.5 Perform Post-Recovery Tasks When the threats associated with an incident have been verifiably removed from the system, follow-up work must be performed: • Retain evidence according to predetermined standards. • Collect lessons learned and prepare a formal incident response report. 19
Capture documentation appropriate to all incident response processes: • Create and maintain incident monitoring logs. 20
- Page 27 and 28: Only pre-approved maintenance tools
- Page 29 and 30: ecorded logs. In the event of other
- Page 31 and 32: event that an incident occurs, the
- Page 33 and 34: 9.2 Contingency Infrastructure The
- Page 35 and 36: 10 Physical Security Sections 10.1
- Page 37 and 38: automatically shall notify appropri
- Page 39 and 40: copy of the signed document will be
- Page 41 and 42: 12 Secure Purchasing/Acquisition Se
- Page 43 and 44: CA-1 Certification, Accreditation,
- Page 45 and 46: PE-18 Location of Information Syste
- Page 47 and 48: Appendix B - Matrix of Responsibili
- Page 49 and 50: Part 2 - Non-IT Roles (See Page 3 f
- Page 51 and 52: Appendix C - Supporting Document Cr
- Page 53 and 54: Mandatory Non-Mandatory Procedures
- Page 55 and 56: Integrity The second of the three g
- Page 57 and 58: State of Kansas Mandatory Procedure
- Page 59 and 60: 6.2. Integrity Operations .........
- Page 61 and 62: 2. Assessment & Security Planning T
- Page 63 and 64: 2.2. Create a Security Plan No appl
- Page 65 and 66: 3.1.1.2 Create Training Materials O
- Page 67 and 68: Operations Training is defined as t
- Page 69 and 70: access individual system authentica
- Page 71 and 72: 5. Systems Configuration These Syst
- Page 73 and 74: 5.3.1.3 Restrict Access to Media No
- Page 75 and 76: • When no longer required, data s
- Page 77: 8. Incident Response These Incident
- Page 81 and 82: Different types of disruptions requ
- Page 83 and 84: 9.3.2.1 Perform System Backup Back
- Page 85 and 86: 11. Personnel Security These Person
- Page 87 and 88: 12. Secure Purchasing/Acquisition N
- Page 89 and 90: Table of Contents Introduction ....
- Page 91 and 92: Introduction This Mandatory Baselin
- Page 93 and 94: 2.1.2.c Information Protection •
- Page 95 and 96: o Appropriate physical security mea
- Page 97 and 98: 4. Access Control These Assessment
- Page 99 and 100: 5. Systems Configuration These Syst
- Page 101 and 102: 5.3.1.c Media Disposal Methods •
- Page 103 and 104: 6.4. Maintain Records Agencies must
- Page 105 and 106: 8. Incident Response These Incident
- Page 107 and 108: 9.1.1.c Contingency Plan Update Fre
- Page 109 and 110: Mandatory Baselines • Systems man
- Page 111 and 112: 10. Physical Security No applicable
- Page 113 and 114: • Data is to be used for its inte
- Page 115 and 116: State of Kansas Non-Mandatory Proce
- Page 117 and 118: 6.3. Maintenance Operations .......
- Page 119 and 120: Introduction This Non-Mandatory Pro
- Page 121 and 122: 2.1.1.4 Likelihood Determination Es
- Page 123 and 124: 2.2.1.5 Establish Appropriate Secur
- Page 125 and 126: 4. Access Control These Assessment
- Page 127 and 128: 4.3. Session Management The followi
Capture documentation appropriate to all incident response processes:<br />
• Create and maintain incident monitoring logs.<br />
20