Essay On Responding To The Situation

Incident Response Plan

Cyber security incident response is an important part of the IT program especially with increased cases cyber crimes. Nowadays, cyber-related attacks have become numerous and diverse requiring organizations to develop an elaborate incident response plan to ensure the effects of such attacks do not disrupt their operations. Samsung Electronics rely heavily on information technology to operate being a telecommunication company. Some of the common attacks that may face Samsung electronics include system attacks, networks attack and applications attack. Prevention of the situation is always more effective and less costly than responding to the incident when it occurs (Green, 2015). The company needs to establish and maintain security of systems, networks and its application in order to reduce the incidences of the attack. The company will have sufficient IT team that is highly trained and experienced to deal with any form of cyber security attack. Thy will also help the organization to comply with the established cyber security standards and teach all the staffs to be aware of procedures and policies related to appropriate response to systems, networks and applications’ attacks.
All the staffs of the company will be informed to report any element or suspicion of cyber attack to any of the following officers for immediate action.
1. The system administrator
2. Security manager
3. The firewall administrator
4. Intrusion detection monitoring manager
5. IT manager
The contacts of all these managers will be displayed in all the rooms to ensure they can be reached 24/7 by any staff of the company. Once these officers receive a call from any member of the organization reporting the incident or suspicion of the attack, they will refer to their contact lists to see the appropriate IT manager or personnel to contact depending with the reported cases. If the person reporting the incident is a staff in the IT department, he or she may report directly to the IT manager or incidence response manager (Winter, 2014). If the reported incidence poses some severe threats to the operation of the company, the contacted person may call all the members of the incident response team to gather in the affected office or location immediately.

Analyzing the situation

Once contacted, the appropriate IT experts will be provided with all the information regarding the incident, which they will utilize to assess it. The information given may include the equipment, systems, networks or applications affected, the severity of the incidence, its potential impacts to the company and any other relevant information (Krotofil et al., 2014). In response, the IT experts or incident response team members will assess the following aspects immediately;

Is the reported incident perceived or real?

Is the reported incident in progress or already ended?
What property, equipment or data affected and how critical is the situation?
What systems, applications, or networks targeted and their physical location?
What is the nature of the response? For example, intrusion, virus, abuse, worm or damage?
How will the company be affected if the attack succeeds? Critical, serious or minimal?
Is the attack affecting the trusted system, network or applications?
Does the incident require urgent response?
Can attack be quickly contained with ease?
Is there need for the response team to alert the attacker? If not, how will the team deal with the attacker?
After analyzing the situation, the response team will categorize the attack as either a threat to the public safety, computer systems, sensitive data or a disruption to the services of the company (Densham, 2015). The team will then use the appropriate procedures to address the attack depending with its nature. For example, they may use one of the following procedures; system failure response procedure, system abuse procedure, virus response procedure, property theft response procedure, active intrusion procedure, spyware response procedure, database denial response procedure or any other appropriate response procedures depending with the incident. If the incident is new, the team may use their skills to address the problem and document it for use in similar problem in the future.

Mitigating incident’s effects to the organization

In order to minimize the effects of the incidence to the operations of the company, the response team will re-install affected networks, systems or applications immediately. They can retrieve data from the back-up system or re-install it from the scratch. System users will be instructed to change their passwords and other login details if they had been affected by the attack. The data that may not be affected will be transferred to other back-up or storage systems to ensure it is not interfered with when dealing with the incidence. Depending with the nature of the attack, the incident response team may advise the management of the company some of the operations that may be temporarily stopped to ensure effects of the attack are minimized (Caldwell, 2012). Finally, the team will ensure there is proper documentation of the problem and evidence preservation for policy changes in the company. The management may also inform outside agencies such as the police and other units to deal with the intruder and for policies’ improvement.

References

Caldwell, T.(2012). Feature: Prepare to fail: creating an incident management plan. In Computer Fraud & Security, 11, 10-15.
Densham, B.(2015). Feature: Three cyber-security strategies to mitigate the impact of a data breach. In Network Security, 1, 5-8.
Green, J. (2015). Feature: Staying ahead of cyber-attacks. In Network Security, 2, 13-16
Krotofil, M., Cárdenas, A., Larsen, J., & Gollmann, D. (2014). Vulnerabilities of cyber-physical systems to stale data—Determining the optimal time to launch attacks. In International Journal of Critical Infrastructure Protection, 7(4), 213-232.
Winter, B. (2014). Responding to a serious safety incident - a PCBU response plan. In: Mondaq Business Briefing, 1.