Computer Security Incident Response Team (CSIRT) Planning

-

Its important to have a CSIR plan because incident response process safeguards your organization from a potential loss of revenue. The faster your organization can detect and respond to a data breach or even security incidents the less likely it will have a significant impact on your data, customer trust, reputation, and a potential loss in revenue. 

According to ("Incident Response Plan - Cipher", 2020), having a CSIR plan helps in the following; 

Protecting data is of importance both personally and professionally. By following an updated incident response plan, your team can proactively protect your data. Protecting data assets throughout the incident response process includes countless tasks and responsibilities for the IR team. 

Protect Organization Reputation & Customer Trust, IDC found that 78% of consumers would take their business elsewhere if directly affected by a data breach. If a security breach is not properly handled quickly, the company risks losing some or all its customer base. 

Protect the organization Revenue, A thorough incident response process safeguards your organization from a potential loss of revenue. 

To make CSIR Plan happen, training the available IT staff and create policies basing these policies on best practice frameworks developed by industry groups, such as the National Institute of Standards and Technology (NIST) can help to save the time and money of hiring a new CSIR professional. 



Even if we proceed with this plan, where would you recommend, we start? 

I would recommend we start with the Policies and since the organization has no time and resources, we will starting with creating policies basing on best practice frameworks developed by industry groups, such as the National Institute of Standards and Technology (NIST) or the International Organization for Standardization (ISO). Using the Policy Framework that includes Policies, standards, procedures and Guidelines saves time and help to stay on Track. 


References: 

Incident Response Plan - Cipher. (2020). Retrieved 13 May 2020, from https://cipher.com/blog/3-reasons-why-you-need-an-incident-response-plan/  

Comments

Post a Comment

Popular posts from this blog

Chain of Custody - OJ Simpson case

-
Image
Research the OJ Simpson trial. How do you think chain of custody was handled? What should have been done differently? There was a lot of doubts due to the amount of evidence that was collected but not actually recorded using the chain of custody. This resulted in theories being created which claimed that the police and scenes of crime officers were actually planting evidence, an example of evidence that was collected but not recorded in the chain of custody would be the drops of blood that were found at the crime scene which scenes of crimes officers thought was OJ Simpsons, it was later found that test tube filled with blood was not sent straight to the lab for inspection, it was left at the police station for many hours before actually making its way to the lab to be analyzed which further increased suspicion that evidence was being tampered with.  Everything from the crime scene should have been documented and added over to the right personnel in charge and for the time sensitive sa
Read more

File Carving or Data Carving

-
Image
What does the term "data carving" or "file carving" really mean? What are the implications of carving with a large distance (in bytes) between the header and footer? Is it feasible for a malware author to create their own file format, hide the file on a system, and use carving to extract it?   File carving is the process of reassembling computer files from fragments in the absence of file-system metadata.  File carving is a well-known computer forensics term used to describe the identification and extraction of file types from unallocated clusters using file signatures. A file signature, also commonly referred to as a magic number, is a constant numerical or text value used to identify a file format   ("Data Carving", 2018) .   Since File carving   is usually done by examining the header (the first few bytes) and footer (the last few bytes) of a file, larger distance between the footer and header will affect the amount of data recovered during  the process
Read more

Privacy issues associated with data mining

-
Image
  What is Data Mining? Data mining is exploring and analyzing big data in order to uncover concrete patterns and rules layman’s it a process used to extract usable data from a larger set of any raw data.. Data mining techniques are used in the development of machine learning ( ML) models that power modern artificial intelligence ( AI) applications such as search engine algorithms and recommendations.   Examples include; Fraud Detection and Prevention E-mail Spam Detector Database Marketing & Marketing Credit Risk Management & Scoring Healthcare Informatics Describe the privacy issues associated with data mining. One of the data mining challenges is Privacy and security. (Microstrategy, 2020) defines data mining as a powerful tool that provides businesses with compelling insights into their consumers. However, at what point do these insights infringe on an individual’s privacy? Organizations must weigh this relationship with their customers, develop policies to benefit consumers
Read more