Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS4550 Security Policies and Implementation

Published byΔήλια Αντωνόπουλος Modified over 5 years ago

Similar presentations

Presentation on theme: "IS4550 Security Policies and Implementation"— Presentation transcript:

1 IS4550 Security Policies and Implementation
Unit 8 Incident Response Team Policies

2 Class Agenda 8/4/16 Lesson Covers Chapter 12 Learning Objectives
12/3/2018 Class Agenda 8/4/16 Lesson Covers Chapter 12 Learning Objectives Lesson Presentation and Discussions. Discussion on Assignments. Discussion on Lab Activities. Break Times as per School Regulations. Try to read the text book before class. (c) ITT Educational Services, Inc.

3 Learning Objective Describe the different information security systems (ISS) policies associated with incident response teams (IRT).

4 Key Concepts Incident response policies
Team members associated with incident response Emergency services related to IRT Policies specific to incident response support services Policies associated with handling the media and what to disclose

5 EXPLORE: CONCEPTS

6 What is an incident? Any event that violate organization security policies. Example: Unauthorized access of computers Sever clashing Data stolen or deleted from a database System compromised internally or externally.

7 Incident Classification
Malicious code attacks Denial of service (DoS) Unauthorized access/theft Network reconnaissance probe

8 EXPLORE: ROLES

9 Roles and Responsibilities
Users - May have supporting role in IRT as data owner representatives System Administrators - The subject matter experts (SMEs) chosen for each incident response effort will vary depending upon the type of incident and affected system(s)

10 Roles and Responsibilities (Continued)
Information Security Personnel - These team members may also have specialized forensic skills needed to collect and analyze evidence Management - Ultimately, management is held accountable for the outcome of the incident response effort

11 Roles and Responsibilities (Continued)
IRT Manager - This individual makes all the final calls on how to respond to an incident, they are the interface with management IRT Coordinator - They act as the official scribe of the team. All activity flows through this person who maintains the official records of the team

12 EXPLORE: CONTEXT

13 Incident Response Support Services
This is a broad category to mean any team that supports the organization’s information technology (IT) and business processes The helpdesk for example would be a support services team During an incident, the helpdesk may be in direct contact with the customer who is impacted by the attack

14 Incident Response Support Services (Continued)
The helpdesk, at that point, becomes a channel of information on the incident It’s vital that the helpdesk during an incident is providing a script of key talking points about the incident

15 Best Practices in Incident Response
The effectiveness of the IRT and its related policies needs to be measured The measurement should be published annually with a comparison to prior years

16 Best Practices in Incident Response (Continued)
The measurements should include the goals in the IRT charter, plus additional analytics to indicate the reduction of risk to the organization, such as: Number of incidents Number of repeat incidents Time to contain per incident Financial impact to the organization

17 Summary In this presentation, the following were covered:
Incident classifications Roles and responsibilities associated with incident response team policies Incident support services Best practices to create an incident response team policies

18 Unit 7 Assignment Discussion 8.1 Support Services Assignment 8.3 Create an Incident Response Policy

19 Unit 8 Lab Activities Lab is in the lab manual on line Lab 8.2 Craft a Security or Computer Incident Response Policy – CIRT Response Team Reading assignment: Read chapter 12

Download ppt "IS4550 Security Policies and Implementation"

Similar presentations

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Systems Availability and Business Continuity Chapter Four Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc. 2007.

Systems Availability and Business Continuity Chapter Four Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
Visual 3.1 Unified Command Unit 3: Unified Command.

Visual 3.1 Unified Command Unit 3: Unified Command.
Emergency Plan GENERAL AWARENESS TRAINING. Aim To provide staff with an overview of the school emergency plan.

Emergency Plan GENERAL AWARENESS TRAINING. Aim To provide staff with an overview of the school emergency plan.
Data Classification & Privacy Inventory Workshop

Data Classification & Privacy Inventory Workshop
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Emergency Plan SCHOOL EMERGENCY MANAGEMENT TEAM (SEMT) TRAINING.

Emergency Plan SCHOOL EMERGENCY MANAGEMENT TEAM (SEMT) TRAINING.
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.

Mastering Windows Network Forensics and Investigation Chapter 14: Other Audit Events.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
© 2012 IBM Corporation Rational Insight | Back to Basis Series Documents and Record Control Liu Xue Ning.

© 2012 IBM Corporation Rational Insight | Back to Basis Series Documents and Record Control Liu Xue Ning.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.

Web Security for Network and System Administrators1 Chapter 2 Security Processes.
Unit 6 Personnel Roles and Responsibilities & Safety Program Development and Management Chapter 9 and 10.

Unit 6 Personnel Roles and Responsibilities & Safety Program Development and Management Chapter 9 and 10.
INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Navigating SQL Server Lesson 3. Skills Matrix Graphical User Interface (GUI) Management Tools SQL Server Management Studio SQL Server Configuration Manager.

Navigating SQL Server Lesson 3. Skills Matrix Graphical User Interface (GUI) Management Tools SQL Server Management Studio SQL Server Configuration Manager.
Audit Planning Process

Audit Planning Process

Similar presentations

Ads by Google