Threat Has Reached an Advanced Stage Where

¶ … threat has reached an advanced stage where workstations are now sending out Personally Identifiable Information (PII) to numerous known hackers' IP addresses. Therefore, the response team must respond in a steadfast fashion. This incident response plan will provide the most organized and well-defined approach for handling this threat and tracking the sources of the attack. This plan describes and identifies steps that will be taken to determine the cause, isolate and conduct damage control, eradicate, and recover from the cause of the incident as soon as possible.

The incident response team will be charged with the responsibility of implementing this plan. Incident Response Team An incident response team will offer a quick, orderly, and effective response to the improper disclosure of confidential information to hackers' IP addresses. In this case, the mission of the incident response team will be to prevent a serious loss of public confidence by giving and effective, skillful and immediate response to the unexpected event compromising computer information systems and databases.

The incident response team will take proper steps required to contain, mitigate, and recover from the computer security incident. It is the responsibility of the team, to investigate the intrusion in a cost effective and timely manner and report the findings to the management and other relevant authorities (Kizza, 2009). The Chief Information Security Officer (CISO) will coordinate the investigations. The response crew will subscribe to a number of industry security alert services to stay abreast of relevant vulnerabilities, threats and alerts from real incidents.

Incident Response Team Members The following members comprise the incident response team: Information Security Officer Information Privacy Office Information Technology Operations Manager Network Architect Operating System Architect Business Applications Manager Online Sales Manager Internal Auditing Expert Incident response steps There are six steps of response: Preparation -- it is important for the response team to know how to implement the incident response plan. The crew must know how to respond to the incident as it can save effort and time in the end.

Identification -- the CISO must confirm that an incident has occurred. Then, he can coordinate the response team to take immediate actions. CISO will engage forensic techniques including looking for gaps in logs, reviewing system logs and reviewing intrusion detection logs to establish the cause of the incident. Here, a few authorized team members will examine the evidence (McCarthy, 2012). Containment -- it encompasses limiting the magnitude and the scope of the incident. Because this incident could involve a malicious code, the incident is likely to spread rapidly.

This can give birth to loss of information and massive destruction. As soon as the response team recognizes the roots of the incident, they must immediately begin working on its containment. The team members will maintain constant communication with involved staff members to ensure appropriate managers, and backup personnel are abreast with the event (Kizza, 2009). Eradication -- one of the most difficult processes is the removal of the cause of the incident. This process involves conviction or perpetrators, removal of viruses and employee dismissal.