The threat is very real and you may think you are safe when you are really not. Attackers have been and are continuing to breach legitimate web sites and use the web site as a platform to trick you and others into downloading their malicious software.
Everything may seem fine until you start to notice indicators that suggest you have become a victim of an Internet scam. So what is your next move? Now is not the time to be worrying about the effects or wondering what you should do next. You need to take action and you would be able to take immediate action if you have an incident response plan.
What is an incident response plan? According to Whitman and Mattord (2010) an incident response plan is, “a detailed set of processes and procedures that anticipate, detect, and mitigate the effects of an unexpected event that might compromise information resources and assets” (p. 82). In other words, an incident response plan is plan of action for incidents that occur like the example in the beginning.
What is an incident response plan comprised of? An incident response plan is comprised of four procedures. They are:
1.
Incident Planning: This procedure consists of
developing a set of procedures that define what is going to occur when an
incident takes place. It is important to
have someone that has experience with information technology and an
understanding of information security develop or review each incident response
plan.
2.
Incident Detection: This procedure consists of guidelines
on how to detect the indicators of an actual incident. One of the more difficult aspects of this
procedure is classifying an incident and determining if an incident actually
occurred. Whitman and Mattord (2010) endorse
categorizing incident indicators into three categories: possible, probable, and
definite. Their recommendation
streamlines the procedure and makes it more dependable (p. 86).
3.
Incident Response: It is time to react after it has
been determined that an actual incident is occurring or has occurred. This procedure consists of steps that relate
to the identified incident that will contain or stop the incident and lessen
the damage caused by it.
4.
Incident Recovery: This procedure begins after the
incident has been brought under control.
It consists of conducting a damage assessment, conducting repairs to
bring the effected systems and/or data back to their pre-incident configuration,
and implementing measures that will correct the vulnerability that facilitated
the incident.
An incident
response plan does not have to be some elaborate procedure when it is used for
personal purposes. For example, many
organizations have incident response plans that are outlined in a multipage
document. However, for home use purposes
I have found that a simple flow chart works best. Below is an example of a generic incident
response plan, in a flow chart format, to react to an Internet scam incident
that I have developed for home use.
My plans greatest weakness is that everyone in my family does not know it. This is mostly because they just don't care. However, my wife told me a story about how one of her coworkers had her bank account information stolen. The thief ended up stealing a few thousand dollars out of her checking account. My wife seemed surprised by the event and now she is more open to listening to what I have to say about information security. She has also expressed an interest in learning my incident response plans. I think I am going to take advantage of the situation and pass on as much information as I can to her! Thanks for taking the time to read my post.
References:
Whitman,
M., & Mattord, H. (2010). Components of Contingency Planning. In Management
of information security (3rd ed., pp. 72-116). Boston, MA: Course
Technology Cengage Learning.
No comments:
Post a Comment