Incident Response Paper
Using NIST's SP 800-61 "Computer Security Incident Handling Guide), develop an Incident Response Plan (IRP) that will address one or more of your security risks that you identified in your Risk Assessment.
Google and find other actual IRPs on the Internet and review to see what type of information is included. At a minimum, your plan should include the following sections:
• Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP?
• Training: specify a training frequency
• Plan testing: How (and how often) will you test the plan?
• Incidents: What defines an "incident"?Define some security incidents that you may encounter on your network.
• Incident Notification: What happens when an incident is detected?
• Tracking/Reporting: How will you track open incidents and report when completed? What about capturing "lessons learned"?
• Procedures: Select one of your security risks identified in your Risk Assessment. Prepare procedures for addressing the incident in the event that the incident actually happens.
Address Preparation, Detection and Analysis, Containment, Eradication, and Recovery, Post-Incident Activity (see Appendix A)specific to your risk that you are identifying.
Note: there are several scenarios in the appendix of the NIST document. You can use, for instance, Scenario 11: Unknown Wireless Access Point to help develop the response procedures for wireless access, as an example. Use any of these to help flesh out your procedures.
Attachment:- Risk Assessment.rar