Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Week 9 Discussion 1 \"Risk Assessment and Incident Response Teams\" Please respo

ID: 3844507 • Letter: W

Question

Week 9 Discussion 1

"Risk Assessment and Incident Response Teams" Please respond to the following:

Your organization has recently established a risk assessment team and an incident response team. They have recently defined their risk assessment and incident response processes. The first team meeting is this week and you want to ensure that you convey the importance of the teams to each team member.

Develop your introductory remarks to the teams, including five main points of risk assessment and five main points of incident response that you want to emphasize.

Explanation / Answer

Keep in mind that when speaking with management, your initial draft is just that – a draft. Be prepared to have a detailed conversation so you can understand what their expectations are and that you properly define what your incident process is providing. It’s possible that in these initial conversations you will identify areas that need to be modified or added.If this step is not accomplished correctly,it’s possible that the functions of your future IR team will not be understood or properly recognized.This could result in your process not being properly advertised to the enterprise, in which case it simply becomes just another “informal process”. Be sure to gain managements approval, communicate and advertise your new structure so that when an incident does occur, your new framework will be used.This will eliminate any overlap and ensure that the authority of the members of your future IR team remains fully recognized.

Some other questions that you may ponder along the way:

How far will IR processes be able to reach?
Who will make up the IR Team’s client base?
The first question relating to the reach of the IR process speaks to cases where critical services and applications are provided by external third parties. In these cases, you will have to decide on how far the IR process will flow and if a “hand-off” needs to occur. This needs to be explored at length since this will make your resolution process dependent on the efforts of an outside entity.

Questions like these are highly important because in the case of many enterprise environments, there are multiple areas that are critical to business operations. This brings us to the second question regarding the IR client base. This refers to subsidiaries or operating companies that, although separate, may fall under the auspices of the parent organization. You need to understand the relationship to these companies and if they provide critical applications, services and other related business functions. More than likely, these entities will also have to fall under the scope of your IR process and it will be necessary to identify key stakeholders at those locations to support your IR. This begs the question… who should form part of the Incident Response team?

INCIDENT RESPONSE ROLES AND RESPONSIBILITIES

Depending on what you read, you may find different titles and roles for Incident Response. The following listing is an outline of some roles and responsibilities that I used when building an IR plan at a past employer. Each environment is unique, so you will need to research your own requirements and then tailor a plan that meets your needs. Generally, the types of roles that should exist within an IR function are:

Incident Response Officer – This individual is the Incident Response champion that has ultimate accountability for the actions of the IR team and IR function. This person should be an executive level employee such as a CISO or other such corporate representatives. It would be very beneficial if this individual has direct reporting access to the CEO and is a peer of other C-level executives.

Incident Response Manager – This person is the individual that leads the efforts of the IR team and coordinates activities between all of its respective groups. Normally, this person would receive initial IR alerts and be responsible for activating the IR team and managing all parts of the IR process, from discovery, assessment, remediation and finally resolution. This individual reports to the Incident Response Officer.

Incident Response Assessment Team – This group of individuals is composed of the different areas serviced by the IR team. This allows expertise from every critical discipline to weigh in on classifications and severity decisions once an incident has been identified. It is very beneficial to have representatives from IT, Security, Application Support and other business areas. In the event of an incident, the IR Manager would gather details of the incident from the affected site, begin tracking and documentation (possibly through an internal ticket management system) and then activate the Assessment Team. This group would then discuss the details of the incident and based on their expertise and knowledge of the business, would then be able to assign an initial severity. This team reports to the IR Manager.

Remote Incident Response Coordinator – This role should be assigned to qualified and capable individuals that are located in other geographic areas. These individuals ultimately report to the Incident Response Manager but in their geographic region, they are recognized as IR leaders. This will allow these assistants to manage the efforts of local custodians during an incident. This configuration is very useful, especially for organizations that have offices in multiple time zones. If an IR Manager is located in the United States but an incident occurs in a Malaysian branch, it will be helpful to have a local security leader that is able to direct efforts and provide status updates to the Incident Manager. This way, regardless of the time zone the correct actions will be invoked promptly.

Incident Response Custodians – These individuals are the technical experts and application support representatives that would be called upon to assist in the remediation and resolution of a given incident. They report to the Incident Response Manager or to the Remote IR Coordinator(s) depending on their location(s).

Once you’ve been able to identify the proper stakeholders that will form your team, you will have to provide an action framework they’ll be able to use when carrying out their responsibilities. Think of this “action framework” as a set of training wheels that will guide your IR team.

Related Questions

Week 5: Chapter 6 Exercise 1 A pipeline is 100 miles long and a rupture is equal
Question #2945980
Week 5: Fiscal Management (Part II) - Case Study Case Study #2 (150 pts) All cas
Question #442239
Week 5: Hypothesis Testing - Decision Tool 5 5 unread replies. 9 9 replies. In y
Question #3223962
Week 5: x YDo Homework Lynnette X (- c -secure https //www ath co Student Player
Question #3309185
Week 5—Assignment: Analyze One-Way and Two-Way ANOVA Tests (10 Points) Download
Question #3045029
Week 6 #2 Make-Versus-Buy Decision Sports Equipment Unlimited makes and sells so
Question #2427012
Week 6 1. There are key components to a sustainable city. Please complete the ch
Question #106846
Week 6 Assignment Performance Appraisal Article Review Performance appraisals pl
Question #425480
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Week 9 DQ MNG ECO You are the owner of a clothing retail store in Manhattan that
Next
Week 9 Discussion Ethics and Trust in Critical Thinking Decisions 1. Imagine you

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.