In today’s global environment you cannot be too careful. Due to last attack on our network here at Gem Infosys, were the network was shut down for 2 days. It was made the company lose productivity and money. The attack could of ben thwarted if we had an security task force and had a policy in place. I will formulate a policy that can reduce network down time if such attacks should occur again.
The formation of Security Incident Response Team will be a task force that will deal with treats at different levels and shifts. The employees that are part of the task force need to have the ability to stop any work they have underway in order to respond to a security incident as it transpires. The task force shall be giving authority to make decisions if the overall security of the organization as the need grows. The team shall report to a leader who will organize meetings and coordinate the activities within the Security Incident Response Team and with other members of the organization. The team will participate in mock drills that will identify any back holes in the procedures and to make sure everyone know there part to play. Certain team members will be part of the Public Response team they will publish notices about any security incidents.
The task for shall institute a redundant back procedure; It an important part of our risk management. This will help in keeping our data safe in case of a hack or most recent malware attack. Information shall be back up every 24 hours onsite and every 3 weeks off site to Carbonite. Also, regular test once a month shall take place to insure that are no failures and that data can be recovered quickly in case of incident. This test should be done during non-working hours as to not interfere with any of the employees. When recovering form a server crash. It is important to slowly bring the system online as to make sure that everything is running normally. It is important to note that task force member should not leave it in the hands of the end user.
The team will set up a honey honeypot it will serve as an early warning system. It can alert us or roaming malware and other malicious activities. The type of honeypot will be a production honeypot. It shall be monitored for attacks. If a user or malicious malware interacts with the system then counter measures shall be used.
The task force applicable members shall be notified of security incidents. It will include the alert for the firewall, IDS, team members or the network dmin. The staff shall be encourage to report by phone any malware , oddly named files or any sign of a security breach. IT is important to not use email as the attacker will probably be monitoring the e-mail server, by doing this we can avoid alerting the attacker. Also, a hot line will be setup and voice directory will list the different team members who can assist the employee. Once an event has been reported it should be analyze for treat level. The team member will write up a report...