Problem
In the middle of the night, Aspen Family Fitness suffered an incident which was initially discovered to be a distributed denial of service (DDoS) attack. From 4:30am, Ken Hu, CIO, was responsible for managing the response to the attack as well as coordinating with the company's senior management. Incident handling is the first step in the actual recovery process. The activity is undertaken by the organization to manage the consequences of an incident to minimize both tangible and intangible damage. Incident handling is important because it provides the approach to respond quickly and efficiently to unexpected events such as the DDoS attack. In a postmortem of the attack, it was found that AFF had limited capability for incident management. The roles, responsibilities, and action performed by internal employees, law enforcement agencies, and external computer forensic personnel must be defined before incidents like the DDOS attack. Hu wants to structure an AFF incident-handling process in order to minimize the chances of mistakes being realized during an incident such as the DDoS.
• Outline and elaborate on the incident management process that Hu should implement to strengthen AFF information assurance.