Thomas Christopher Ty, profile picture
Uploaded byThomas Christopher Ty
DOCX, PDF1,088 views

SEC440: Incident Response Plan

The document proposes standard operating procedures for security breaches at DeVry University. It recommends removing email addresses from websites to avoid harvesting, and using a contact form instead. Physical security policies are outlined, such as not leaving documents visible in public or unattended. An incident response plan framework is also proposed to minimize downtime from security incidents. The plan involves initial assessment, isolation, communication, recovery, reassessment and review.

Embed presentation

Downloaded 26 times
DeVry University College of Engineering and Information Sciences Alhambra, California Proposal: Standard Operating Procedures for Security Breach By Thomas Christopher Go Ty Submitted in Partial Fulfillment of the Course Requirements for Information Systems Security Planning and Audit SEC440 Professor John Freund August 10, 2014
Standard Operating Procedure for Security Breach Experienced attackers will exploit even the simplest and neglected practice to get its hands on the target. Due to the potential risk of exploitation and prevent spamming that may lead to the possibility of Denial of Service (DoS) or Distributed Denial of Service (DDos) attacks on the email server. It is encouraged to part ways from the previous practice of having a company’s general email address in the organization’s official Web site for inbound communications. The general email address may be in the Contact Us or About Us Web pages. Email Proper Usage The practice of having the email address laid out on the Web page can be risky to spider harvesting or email address harvesting. An alternative of using a “Contact Us” button that will open a window with a list of email clients and providers can reduce email spams received by the email server. Not all threats can be detected even with an email filtering program implemented and a real-time email scanning to detect threats. The danger of setting the email filtering program to high can result in missing valid emails messages from being received by the recipient. Setting the security low can result in receiving high quantities of spam emails. It is recommended to set any security settings to its optimum level. Implementing optimum level security may have some exceptions especially when it comes on physical locations.
Physical Security Some locations within the company’s premises stores confidential data and information that may include storage rooms for anything related to money and other financial information of the clients, employees, shareholders, other stakeholders, and the organization itself. Theft can lead to fraudulent activities that may cause the company to suffer from legal consequences like law suites, fines from the United States government, and the most serious is the company closing its doors. Not well-known to the general public is the method of gathering information called social engineering. Social engineering is mostly done using observation of physical factors such as employees who wears their I.D. cards while out of the company and leaving documents in plain sight on public places and in vehicles. While many will argue worrying leaving things and documents in plain sight inside a vehicle is unjustified; the law enforcement of the State of Colorado in the City of Boulder strongly advises everyone to “Never leave valuables in plain view, even if your car is locked. Put them in the trunk or otherwise out of sight.” (Colorado Police Department) It is estimated the value of stolen vehicles exceeds $8,000,000,000.00. Sample Policy Document The following is a prototype of security policies concerning proper email usage and physical security. ---------------------------------- Sample Policy Document (beginning) -------------------------------- Securing communications and physical security Objective
This text will give a set the policies on acceptable email, secure physical locations, and respond to incidents of security breach. Purpose The policies mentioned in this text shall provide guidance to avoid and reduce security breaches perpetrated by attackers that takes advantage on lax email use and employees’ situational awareness. In addition, to protect the Organization’s assets and reduce liabilities, an incident response policy is also in this text. Audience The policies outlined here in the document are for all entities working for the Organization. Policy 1. Communications Use of E-Mail a. Client or End-Users The use of the organization’s email will only be for business related communications.  Chain emails and other similar forms of spamming are prohibited.  The email address field ‘BCC’ or blind carbon copy will only be used as needed or necessary.
 Properly logout of the Organization’s Web mail when using a public computer; delete cookies and close the Web browser as a precaution.  Always use a proper email signature for responses and forwarding of emails.  Avoid a “rainbow” email where there are excessive multiple font color are in the contents of the email itself. b. Server End  Non-active, dummy, and default email accounts will be disabled  Email filtering and real-time email scanning will be implemented  Software updates will be initiated to the Web and email servers as soon as the updates become available from the software vendor. c. Public Communications Public communications include receiving emails from external entities inquiring regarding any service, products, and concerns regarding the Organization. 2. Physical Security Physical security policies are to be followed by all employees including mobile workers.  For all employees: Do not leave any documents laid around in plain sight at public places such as restaurants, airports, cafes, and hotels and even in vehicles.
 The use of notebook privacy screens or privacy filter is a must if need to open any electronic documents while in public places.  Do not leave unattended under any circumstances any bags (backpacks, suitcases, messenger bags, etc.) containing documents relating to the Organization and or notebooks containing the Organization’s data.  Do not post the Organization’s building layout on public forums.  Employees must wear their identification cards (I.D. cards) issued by the Organization while at work.  Employees are prohibited from wearing I.D. cards issued by the Organization outside of the workplace.  All rooms that stores sensitive and confidential information will be locked.  Only authorized personnel are allowed to enter the server room and other locations within the Organization’s geographic location.  All guests and visitors are required to be escorted by authorized personnel and have a guest/visitor I.D. card visibly worn while in the premises. Exception No one is exempted from the policies outlined herein. Enforcement The mentioned policies in this text shall be strictly enforced. Failure to follow the policies outlined in the text will be subject to disciplinary actions that may not be limited to the following.  Employment suspension without pay
 Employment termination or separation  Legal actions and suits Definition of Terms Organization – a business entity where the employee works and is different from business owners and shareholders End-user – referring to the stakeholders of the Organization External entities – individuals or groups not directly related to the company Public forums – any place or location, physically or on the Web, that the public can freely access Business owners, shareholders, stakeholders, employees – referring all entities working for the Organization Revision History References Frei, Stephan, Silvestri, Ivo, Ollman, Gunter. Mail Non-Delivery Notice Attacks. Retrieved from http://www.techzoom.net/publications/mail-non-delivery- attack/index.en National Institute of Standards and Technology (September 2012). Guide for Conducting Risk Assessments. Retrieved from http://csrc.nist.gov/publications/ nistpubs/800-30-rev1/sp800_30_r1.pdf ---------------------------------- Sample Policy Document (end) --------------------------------
Incident Response When a disaster or an incident strikes, having an incident response plan reduces downtime in operations compared to having none at all. Can you imagine what the world will be if there are no firefighters to combat fire and emergency medical technicians (EMTs) for ambulatory services? While each field has its own set of policies and response guidelines, the same goal can be reflected. That is, to respond to each succeeding incidents better than the last one. In the field of information security, it is the same goal but the specifics are different. The general idea is to have initial assessment, isolate, communicate, recover, re-assessment, and review. Initial assessment will show the initial damage and overview of the incident. This will help in executing an appropriate response instead of second guessing avoiding loss of precious time and decreasing costs for the organization. The longer the downtime the higher the cost it can create for the company. That is especially true for an environment like call centers that contracts service providers for its business. Long downtimes will create a friction between the two businesses and possibly a breach of contract and a lawsuit by service provider to the call center management for not delivering as stated in the contract. Isolating the problem can prevent further damage in addition to the damage already done in the company. The incident response team can then focus on the problem and not “run around”. In addition to isolation, it is important to communicate with each member of the team and with other stakeholders within the company avoiding
miscommunication and unnecessary actions. The recovery phase reinstates the information systems to its working and stable operating conditions. The system can be restored from a backup (tape backups) or redirect the operations to an existing system that is on standby. The latter is more costly to implement than tape backups. After the operation is back to stable condition, a reassessment of the damage and a review of the existing security policies and documents are done. That is, to revise the pre-existing policies and documents as needed. Conclusion Although there is no one-hundred percent secure systems in existent. The risk and damage from security breaches can be reduced or avoided if proper actions are taken. Even the simplest and neglected practices by the general public can be used by an experienced attacker against any company, group, or individual to obtain the attacker’s goal. Proper behavior and use of company resources are the beginning to a more secure information system.
Works Cited Safety for your Vehicle. Retrieved from https://bouldercolorado.gov/police/ safety-for-your-vehicle Frei, Stephan, Silvestri, Ivo, Ollman, Gunter. Mail Non-Delivery Notice Attacks. Retrieved from http://www.techzoom.net/publications/mail-non-delivery- attack/index.en National Institute of Standards and Technology (September 2012). Guide for Conducting Risk Assessments. Retrieved from http://csrc.nist.gov/publications/ nistpubs/800-30-rev1/sp800_30_r1.pdf TechNet. Responding to IT Security Incidents. Retrieved from http://technet. microsoft.com/en-us/library/cc700825.aspx#XSLTsection125121120120

More Related Content

PPTX
Incident response
byAnshul Gupta
 
PDF
Craft Your Cyber Incident Response Plan (Before It's Too Late)
byResilient Systems
 
PDF
Incident Response
byInnoTech
 
PPTX
The Six Stages of Incident Response - Auscert 2016
byAshley Deuble
 
PPTX
Incident response process
byBhupeshkumar Nanhe
 
PDF
The Accidental Insider Threat
byMurray Security Services
 
PDF
Proactive incident response
byBrian Honan
 
PDF
Setting up CSIRT
byAPNIC
 
Incident response
byAnshul Gupta
 
Craft Your Cyber Incident Response Plan (Before It's Too Late)
byResilient Systems
 
Incident Response
byInnoTech
 
The Six Stages of Incident Response - Auscert 2016
byAshley Deuble
 
Incident response process
byBhupeshkumar Nanhe
 
The Accidental Insider Threat
byMurray Security Services
 
Proactive incident response
byBrian Honan
 
Setting up CSIRT
byAPNIC
 

What's hot

PPTX
It and-cyber-module-2
byMarneil Sanchez
 
PPT
Incident handling.final
byahmad abdelhafeez
 
PPTX
Tripwire Energy Working Group Session w/Dale Peterson
byTripwire
 
PPTX
How to Build a Successful Incident Response Program
byResilient Systems
 
PDF
The red book
byhabiba Elmasry
 
PDF
Identify and Stop Insider Threats
byLancope, Inc.
 
PPTX
Insider threat kill chain
byTarun Gupta,CRISC CISSP CISM CISA BCCE
 
PDF
Data Safety And Security
byConstantine Karbaliotis
 
PDF
Ht t17
bySelectedPresentations
 
PDF
Proactive Measures to Defeat Insider Threat
byAndrew Case
 
PPSX
Insider threats and countermeasures
byKAMRAN KHALID
 
PDF
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
byResilient Systems
 
PPT
Integrating Physical And Logical Security
byJorge Sebastiao
 
PDF
Chapter 15 incident handling
bynewbie2019
 
PDF
Securing your presence at the perimeter
byBen Rothke
 
PDF
How to Build an Insider Threat Program in 30 Minutes
byObserveIT
 
PPTX
Cyber Risk: Exposures, prevention, and solutions
byCapri Insurance
 
PPTX
12 security policies
bySaqib Raza
 
PPTX
MIS: Information Security Management
byJonathan Coleman
 
PDF
Insider Threat Detection Recommendations
byAlienVault
 
It and-cyber-module-2
byMarneil Sanchez
 
Incident handling.final
byahmad abdelhafeez
 
Tripwire Energy Working Group Session w/Dale Peterson
byTripwire
 
How to Build a Successful Incident Response Program
byResilient Systems
 
The red book
byhabiba Elmasry
 
Identify and Stop Insider Threats
byLancope, Inc.
 
Insider threat kill chain
byTarun Gupta,CRISC CISSP CISM CISA BCCE
 
Data Safety And Security
byConstantine Karbaliotis
 
Ht t17
bySelectedPresentations
 
Proactive Measures to Defeat Insider Threat
byAndrew Case
 
Insider threats and countermeasures
byKAMRAN KHALID
 
Data Breach Crisis Control – How to Communicate When You’re in the Hot Seat
byResilient Systems
 
Integrating Physical And Logical Security
byJorge Sebastiao
 
Chapter 15 incident handling
bynewbie2019
 
Securing your presence at the perimeter
byBen Rothke
 
How to Build an Insider Threat Program in 30 Minutes
byObserveIT
 
Cyber Risk: Exposures, prevention, and solutions
byCapri Insurance
 
12 security policies
bySaqib Raza
 
MIS: Information Security Management
byJonathan Coleman
 
Insider Threat Detection Recommendations
byAlienVault
 

Viewers also liked

PDF
Incident Response: How To Prepare
byResilient Systems
 
PPTX
The Six Stages of Incident Response
byDarren Pauli
 
DOCX
Sec440: Server Malware Protection Policy
byThomas Christopher Ty
 
PDF
Incident Response and SAP Systems
byOnapsis Inc.
 
PPTX
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
byAlienVault
 
PDF
Incident Response Swimlanes
byDaniel P Wallace
 
PPTX
Incident Response Triage
byAlbert Hui
 
PPTX
Cyber Incident Response & Digital Forensics Lecture
byOllie Whitehouse
 
PDF
IBM QRadar Security Intelligence Overview
byCamilo Fandiño Gómez
 
PPTX
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
byIBM Security
 
Incident Response: How To Prepare
byResilient Systems
 
The Six Stages of Incident Response
byDarren Pauli
 
Sec440: Server Malware Protection Policy
byThomas Christopher Ty
 
Incident Response and SAP Systems
byOnapsis Inc.
 
SANS Ask the Expert: An Incident Response Playbook: From Monitoring to Opera...
byAlienVault
 
Incident Response Swimlanes
byDaniel P Wallace
 
Incident Response Triage
byAlbert Hui
 
Cyber Incident Response & Digital Forensics Lecture
byOllie Whitehouse
 
IBM QRadar Security Intelligence Overview
byCamilo Fandiño Gómez
 
5 Ways to Get Even More from Your IBM Security QRadar Investment in 2016
byIBM Security
 

Similar to SEC440: Incident Response Plan

PDF
Ch09 Information Security Best Practices
byphanleson
 
PPTX
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
byDavid Menken
 
DOC
Jennings it security overview 1 2
byDonald Jennings
 
DOC
Jennings it security overview 1 2
byDonald Jennings
 
PDF
Ch08 8 Information Security Process it-slideshares.blogspot.com
byphanleson
 
PDF
Ch06 Policy
byphanleson
 
PDF
Information security principles to the private versus public sector.pdf
byinfo401595
 
PDF
Information Security
byDio Pratama
 
PPTX
20 tips for information security around human factors and human error
byToru Nakata
 
PDF
1-Computer_Security_EENG-524_Lecture-01.pdf
byUmarr Alie Sesay
 
PPTX
Security risk presentation
byShanonNasoni
 
PDF
News letter June 11
bycaptsbtyagi
 
PPT
Harshit security
byHarshitGupta435
 
DOCX
Running Head SECURITY AWARENESSSecurity Awareness .docx
bytoltonkendal
 
PDF
For our discussion question, we focus on recent trends in security t.pdf
byalokkesh
 
PPT
4 it-security.ppt
byDevenderDahiya9
 
PPTX
Information security: importance of having defined policy & process
byInformation Technology Society Nepal
 
PPTX
cybersecurity
byAkshaySajith3
 
PPTX
Human Factors_MODULE_2.pptx
byShreeveni
 
PDF
Free_business_IT_security_policy_template_v5.pdf
byklodianelezi1
 
Ch09 Information Security Best Practices
byphanleson
 
Security Awareness Training - For Companies With Access to NYS "Sensitive" In...
byDavid Menken
 
Jennings it security overview 1 2
byDonald Jennings
 
Jennings it security overview 1 2
byDonald Jennings
 
Ch08 8 Information Security Process it-slideshares.blogspot.com
byphanleson
 
Ch06 Policy
byphanleson
 
Information security principles to the private versus public sector.pdf
byinfo401595
 
Information Security
byDio Pratama
 
20 tips for information security around human factors and human error
byToru Nakata
 
1-Computer_Security_EENG-524_Lecture-01.pdf
byUmarr Alie Sesay
 
Security risk presentation
byShanonNasoni
 
News letter June 11
bycaptsbtyagi
 
Harshit security
byHarshitGupta435
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
bytoltonkendal
 
For our discussion question, we focus on recent trends in security t.pdf
byalokkesh
 
4 it-security.ppt
byDevenderDahiya9
 
Information security: importance of having defined policy & process
byInformation Technology Society Nepal
 
cybersecurity
byAkshaySajith3
 
Human Factors_MODULE_2.pptx
byShreeveni
 
Free_business_IT_security_policy_template_v5.pdf
byklodianelezi1
 

Recently uploaded

PDF
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
PDF
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
PDF
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PPTX
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
PDF
Real-Time AI at Scale Masterclass: Feature Store at Scale
byScyllaDB
 
PDF
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
PDF
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
PDF
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
PPTX
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
PDF
Designing a Blog Using Wordpress
bymarkzubi50
 
PDF
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
PDF
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
PDF
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
PDF
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
PDF
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
PPTX
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
PPTX
Cyber security chapter 1 for learning and educating to the students who want ...
byGulMohammadi
 
PPTX
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 
January 2026 OpenMetadata Community Spotlight - OpenMetadata @ Wix.pdf
byOpenMetadata
 
TrustArc Webinar - From Zero to Privacy Hero: Launching Your Program Right an...
byTrustArc
 
"When every team does things "right", but together it turns into chaos", Yozh...
byFwdays
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
Real-Time AI at Scale Masterclass: Feature Store at Scale
byScyllaDB
 
Startup Formation Collapses While Acquisition Activity Hits New High!
byMemoori
 
ICT500 - CRITICAL AND CREATIVE THINKING FOR INFORMATION TECHNOLOGY SOLUTIONS:...
by2024432452
 
Real-Time AI Masterclass: Vector Search at Scale
byScyllaDB
 
Introduction to Artificial Intelligence (AI).pptx
byammar414783
 
Designing a Blog Using Wordpress
bymarkzubi50
 
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
Supercharge Your Copilot-Driven Collaboration with Microsoft 365 Agents SDK
byAntti Koskela
 
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
When Drones Decide for Themselves_ Inside the Rise of Machine-Led Flight.pdf
byLyra Anderson
 
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
Cyber security chapter 1 for learning and educating to the students who want ...
byGulMohammadi
 
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
UiPath Automation Developer Associate Training Series 2026 - Session 1
byDianaGray10
 

SEC440: Incident Response Plan

  • 1.
    DeVry University College ofEngineering and Information Sciences Alhambra, California Proposal: Standard Operating Procedures for Security Breach By Thomas Christopher Go Ty Submitted in Partial Fulfillment of the Course Requirements for Information Systems Security Planning and Audit SEC440 Professor John Freund August 10, 2014
  • 2.
    Standard Operating Procedurefor Security Breach Experienced attackers will exploit even the simplest and neglected practice to get its hands on the target. Due to the potential risk of exploitation and prevent spamming that may lead to the possibility of Denial of Service (DoS) or Distributed Denial of Service (DDos) attacks on the email server. It is encouraged to part ways from the previous practice of having a company’s general email address in the organization’s official Web site for inbound communications. The general email address may be in the Contact Us or About Us Web pages. Email Proper Usage The practice of having the email address laid out on the Web page can be risky to spider harvesting or email address harvesting. An alternative of using a “Contact Us” button that will open a window with a list of email clients and providers can reduce email spams received by the email server. Not all threats can be detected even with an email filtering program implemented and a real-time email scanning to detect threats. The danger of setting the email filtering program to high can result in missing valid emails messages from being received by the recipient. Setting the security low can result in receiving high quantities of spam emails. It is recommended to set any security settings to its optimum level. Implementing optimum level security may have some exceptions especially when it comes on physical locations.
  • 3.
    Physical Security Some locationswithin the company’s premises stores confidential data and information that may include storage rooms for anything related to money and other financial information of the clients, employees, shareholders, other stakeholders, and the organization itself. Theft can lead to fraudulent activities that may cause the company to suffer from legal consequences like law suites, fines from the United States government, and the most serious is the company closing its doors. Not well-known to the general public is the method of gathering information called social engineering. Social engineering is mostly done using observation of physical factors such as employees who wears their I.D. cards while out of the company and leaving documents in plain sight on public places and in vehicles. While many will argue worrying leaving things and documents in plain sight inside a vehicle is unjustified; the law enforcement of the State of Colorado in the City of Boulder strongly advises everyone to “Never leave valuables in plain view, even if your car is locked. Put them in the trunk or otherwise out of sight.” (Colorado Police Department) It is estimated the value of stolen vehicles exceeds $8,000,000,000.00. Sample Policy Document The following is a prototype of security policies concerning proper email usage and physical security. ---------------------------------- Sample Policy Document (beginning) -------------------------------- Securing communications and physical security Objective
  • 4.
    This text willgive a set the policies on acceptable email, secure physical locations, and respond to incidents of security breach. Purpose The policies mentioned in this text shall provide guidance to avoid and reduce security breaches perpetrated by attackers that takes advantage on lax email use and employees’ situational awareness. In addition, to protect the Organization’s assets and reduce liabilities, an incident response policy is also in this text. Audience The policies outlined here in the document are for all entities working for the Organization. Policy 1. Communications Use of E-Mail a. Client or End-Users The use of the organization’s email will only be for business related communications.  Chain emails and other similar forms of spamming are prohibited.  The email address field ‘BCC’ or blind carbon copy will only be used as needed or necessary.
  • 5.
     Properly logoutof the Organization’s Web mail when using a public computer; delete cookies and close the Web browser as a precaution.  Always use a proper email signature for responses and forwarding of emails.  Avoid a “rainbow” email where there are excessive multiple font color are in the contents of the email itself. b. Server End  Non-active, dummy, and default email accounts will be disabled  Email filtering and real-time email scanning will be implemented  Software updates will be initiated to the Web and email servers as soon as the updates become available from the software vendor. c. Public Communications Public communications include receiving emails from external entities inquiring regarding any service, products, and concerns regarding the Organization. 2. Physical Security Physical security policies are to be followed by all employees including mobile workers.  For all employees: Do not leave any documents laid around in plain sight at public places such as restaurants, airports, cafes, and hotels and even in vehicles.
  • 6.
     The useof notebook privacy screens or privacy filter is a must if need to open any electronic documents while in public places.  Do not leave unattended under any circumstances any bags (backpacks, suitcases, messenger bags, etc.) containing documents relating to the Organization and or notebooks containing the Organization’s data.  Do not post the Organization’s building layout on public forums.  Employees must wear their identification cards (I.D. cards) issued by the Organization while at work.  Employees are prohibited from wearing I.D. cards issued by the Organization outside of the workplace.  All rooms that stores sensitive and confidential information will be locked.  Only authorized personnel are allowed to enter the server room and other locations within the Organization’s geographic location.  All guests and visitors are required to be escorted by authorized personnel and have a guest/visitor I.D. card visibly worn while in the premises. Exception No one is exempted from the policies outlined herein. Enforcement The mentioned policies in this text shall be strictly enforced. Failure to follow the policies outlined in the text will be subject to disciplinary actions that may not be limited to the following.  Employment suspension without pay
  • 7.
     Employment terminationor separation  Legal actions and suits Definition of Terms Organization – a business entity where the employee works and is different from business owners and shareholders End-user – referring to the stakeholders of the Organization External entities – individuals or groups not directly related to the company Public forums – any place or location, physically or on the Web, that the public can freely access Business owners, shareholders, stakeholders, employees – referring all entities working for the Organization Revision History References Frei, Stephan, Silvestri, Ivo, Ollman, Gunter. Mail Non-Delivery Notice Attacks. Retrieved from http://www.techzoom.net/publications/mail-non-delivery- attack/index.en National Institute of Standards and Technology (September 2012). Guide for Conducting Risk Assessments. Retrieved from http://csrc.nist.gov/publications/ nistpubs/800-30-rev1/sp800_30_r1.pdf ---------------------------------- Sample Policy Document (end) --------------------------------
  • 8.
    Incident Response When adisaster or an incident strikes, having an incident response plan reduces downtime in operations compared to having none at all. Can you imagine what the world will be if there are no firefighters to combat fire and emergency medical technicians (EMTs) for ambulatory services? While each field has its own set of policies and response guidelines, the same goal can be reflected. That is, to respond to each succeeding incidents better than the last one. In the field of information security, it is the same goal but the specifics are different. The general idea is to have initial assessment, isolate, communicate, recover, re-assessment, and review. Initial assessment will show the initial damage and overview of the incident. This will help in executing an appropriate response instead of second guessing avoiding loss of precious time and decreasing costs for the organization. The longer the downtime the higher the cost it can create for the company. That is especially true for an environment like call centers that contracts service providers for its business. Long downtimes will create a friction between the two businesses and possibly a breach of contract and a lawsuit by service provider to the call center management for not delivering as stated in the contract. Isolating the problem can prevent further damage in addition to the damage already done in the company. The incident response team can then focus on the problem and not “run around”. In addition to isolation, it is important to communicate with each member of the team and with other stakeholders within the company avoiding
  • 9.
    miscommunication and unnecessaryactions. The recovery phase reinstates the information systems to its working and stable operating conditions. The system can be restored from a backup (tape backups) or redirect the operations to an existing system that is on standby. The latter is more costly to implement than tape backups. After the operation is back to stable condition, a reassessment of the damage and a review of the existing security policies and documents are done. That is, to revise the pre-existing policies and documents as needed. Conclusion Although there is no one-hundred percent secure systems in existent. The risk and damage from security breaches can be reduced or avoided if proper actions are taken. Even the simplest and neglected practices by the general public can be used by an experienced attacker against any company, group, or individual to obtain the attacker’s goal. Proper behavior and use of company resources are the beginning to a more secure information system.
  • 10.
    Works Cited Safety foryour Vehicle. Retrieved from https://bouldercolorado.gov/police/ safety-for-your-vehicle Frei, Stephan, Silvestri, Ivo, Ollman, Gunter. Mail Non-Delivery Notice Attacks. Retrieved from http://www.techzoom.net/publications/mail-non-delivery- attack/index.en National Institute of Standards and Technology (September 2012). Guide for Conducting Risk Assessments. Retrieved from http://csrc.nist.gov/publications/ nistpubs/800-30-rev1/sp800_30_r1.pdf TechNet. Responding to IT Security Incidents. Retrieved from http://technet. microsoft.com/en-us/library/cc700825.aspx#XSLTsection125121120120