Creating an Incident Response and Analysis Policy Info Security Governance Research Paper

Download this Research Paper in word format (.doc)

Note: Sample below may appear distorted but all corresponding word document files contain proper formatting

Excerpt from Research Paper:

Malware Incident Response Plan

The Policy

This plan is devised to mitigate the effects of malware used during a cyber-attack on a company's security system. The plan uses three levels of staging -- set up, response and recovery. This plan is based on evidence from research that has been conducted to protect the highest levels of secure documents.

Set Up

The first priority of the plan is to educate all levels of the company regarding the danger incurred from breaching security protocols on their work stations. Whereas it may only seem necessary to conduct in-depth training with individuals new to the company, it has been shown that executives are the most lax when it comes to cyber security. Therefore, a training schedule which updates users regarding any new information and reminds them regarding what they need to be doing every day to protect the overall system is essential. This training will recur in a semiannual basis to make sure that it is fresh in the heads of the individuals concerned.

The training that every employee receives will not be at the same level as that received by the information technology personnel tasked with detection and response. These individuals need to be trained daily on the threats that could occur to the particular systems the company uses. This means that there will be a dedicated threat assessment team (consisting of at least two people) who are responsible for monitoring outbreaks that have occurred in other networks. These will be assessed to see if they could possibly endanger the operations of this company. The importance of this cannot be overstated. There are constant threats occurring against all manner of server systems, and it is necessary to determine if that type of threat, no matter how small a risk, could occur within this company's system. This team will report to the rest of the IT department on a daily basis to make sure that all are aware of the current threats plaguing the industry. Also, a "Threat Sheet" will be generated and distributed to these personnel daily to make sure that they have a constant reminder of the current issues. All company personnel will receive a daily email describing what threats they need to be aware of also.

The priority of training is something that should occur to any organization, but it is also necessary to devise layers of security that start with the people using the different stations. A person's position within the company dictates the level of information to which that individual should be privy. A line employee, depending on the type of employment, will have access only to that information that is crucial to their job description. It is unnecessary to give that individual access to information which does not have to do with their job unless that are promoted to another position or given a project for which it is required. All supervisory personnel will have a higher level of access because they have responsibility, at least in part, for a group of individuals and their employment. Thus, this person will have another level of access to the system. This procedure follows throughout the entire organization until it reaches the highest level of the company. Most likely information systems technicians and staff will also have the highest level of security clearance within the company because they may be required to service and station within the company. The policy may have a caveat that when an IT professional is working on a system, he or she must have that access checked by a supervisor or another officer. This plan requires that any IT access above the supervisory level have this protocol in place.

One of the duties of the IT office will be to protect all company computers with the latest security software. Threats happen constantly across the globe (though not necessarily to an individual company), so there also has be attention paid to updates for the software and an awareness by the IT office that some software designs are not updated often enough or may longer work with the hardware of this company. Therefore, there will be updates as often as they are available (sometimes this will happen daily, but the software should be routinely checked at least once per week), and technicians will constantly seek to upgrade the software as more appropriate programs become available. Since there are multiple detection systems available, this plan requires antivirus protection that is multilayered and looks for threats, as well as protects against their intrusion, using a variety of methods. This includes threat protection, identification of suspicious activity and an advanced firewall that is installed on every computer.

The final issue that has to be taken care of in the preparation/set up stage is to ensure that all employees know how they can report a bug in their system. Because there are a vast array of threats, it is not possible for everyone to be caught by the IT team even if they are monitoring constantly. Employees are required to have the front desk check any electronic medium that is brought in from outside the company and can somehow be connected to a company computer. However, sometimes people become lax in their security and do not report something that they are working on or a website they have used which has not been properly vetted by the system. Thus, there will be a central call center that can be accessed by employees at any time. Personnel will have the number for the call center attached to their PCs in a conspicuous place so that they can access it in a moment's notice. This system will also be able to detect when a specific employees computer has been infected in some way and by what type of infection. This will allow the response to start even if the employee does not realize what has happened to their station.


There will be a tiered plan in place due to the fact that there are different levels of attack. The first level will be for a low level outbreak which only affects one computer or a small group of computers. The second level is for a company-wide breach, which affects all computer systems in the company, but concerns documents which are of a low security level. The most important type of breach would be one in which high level sensitive material is in danger. The responses to the threat levels are necessarily different.

Although the lowest level of response only concerns a single computer or a small group, it is necessary to take immediate action after it is detected to make sure that it does not spread to other computers in the network. Initially, this level will probably be detected by the antivirus software, but it may also be phoned in by the system of an employee. The action is to isolate this computer or small group until the problem is solved and the threat is eradicated. It will be necessary for IT to run a systems check to detect the bug, then they can run the same diagnostic on the remainder of the system to make sure that it has no chance of recurring anywhere else.

The second level of response involves a larger number of computers, generally a system-wide issue that has does not have access to the most sensitive material. The response in this case will likely be triggered when employees make the system administrators aware of a glitch in their computers. This could also be triggered by multiple network red flags. The most important part of this malware response is to ensure that the entire system is tested to determine the extent of the problem and to stop it immediately. This may require shut down of the entire system, but this is not usually warranted until a level three issue. For this middle level, the crux of the issue will generally come down to a few centralized computers that need to be shut down for maintenance of the network issue.

The final level of response is by far the most serious and directly effects the continued, immediate functioning of the company. This is generally triggered by the system which is responding to a vulnerability in critical systems. This will require a shutdown of at least some of these critical areas to ensure that the whole system is not infected. This type of attack is also the most serious because it involves the most sensitive material that the company owns.


Depending on the severity of the issue, recovery could be difficult. Some viruses that have been detected in the recent past have completely shut down major networks and caused a significant amount of damage and time lost. It is essential to know what level of threat is active quickly, and to take the appropriate action immediately. Recovering the system will always require, at the very least, that the system is rebooted after upgrades have been installed. It may…[continue]

Cite This Research Paper:

"Creating An Incident Response And Analysis Policy Info Security Governance" (2012, November 12) Retrieved December 5, 2016, from

"Creating An Incident Response And Analysis Policy Info Security Governance" 12 November 2012. Web.5 December. 2016. <>

"Creating An Incident Response And Analysis Policy Info Security Governance", 12 November 2012, Accessed.5 December. 2016,

Other Documents Pertaining To This Topic

  • Metrics Implementation and Enforcement Security Governance

    Metrics, Implementation, and Enforcement (Security Governance) How can you determine whether there has been a malware outbreak? The threat situation today has become more dangerous than in the past. Security and safety threats have been increasing in an alarming rate; there are more than 70,000 brand new bits of malware recognized daily. Well-funded cybercriminals have been currently making advanced malware that has been made to bypass present security options by launching prior

  • Information Technology IT Fraud

    IT Fraud Evaluate the factors that add to corporate fraud The business fraud can be credited to conditions emerging from deceptive monetary reporting and misappropriation of possessions. These conditions are 3 and all 3 features of the fraud triangle have to exist for fraud to take place. Management or staff members have to have the reward or pressure to dedicate fraud, see the opportunity emerge and have the ability to justify the

  • Company Code of Ethics for Boeing In

    company code of ethics for Boeing. In this document I will explore Boeing's code and attempt to reveal important items relevant to understanding how a functional code of ethics may be applied to a large organization. I will first describe a general background of the company to help provide context in this evaluation. Next, I will give an overview of the code of conduct and highlight important details that

  • Global Refugee Regime Seems to Be Veering

    Global Refugee Regime Seems to Be Veering Away From Traditional Rules As the threat of war looms large, the situation of those displaced because of violence and fights is becoming the focal point of talks amidst humanitarian groups. Many wrote about the situation in Afghanistan. The last many years have brought about quite a lot of enormous "refugee movements and humanitarian emergencies." More than 50 million people have been displaced by

  • Cloud Computing Will Be Discussed to Show

    cloud computing will be discussed to show that the good outweighs the bad. Furthermore, it will be further discussed that the government is looking into using cloud computing because it will cut IT cost down and increase capabilities despite the fact people are concerned with security issues that this may bring to the public. In completing a dissertation, it is very hard to go through the challenges that it requires.

  • Embedded The Relationship Between Form

    ), [he knows] that media companies are responsive to pressure when it is sustained, sophisticated and well executed," he fails to offer any concrete examples of this kind of pressure or how it might actually be applied (Schechter, 2003, p. 242). He does propose "a Media and Democracy Act, an omnibus bill that could be a way of showing how all of these issues are connected," but he does not

Read Full Research Paper
Copyright 2016 . All Rights Reserved