A Cyber Security Incident Response Team - 1448 Words

Handling IT Security Breaches One of the biggest challenges that businesses face today is planning and preparing for security breaches, especially how to react and respond to cyber security incidents and security breaches. Security-related threats have become quite a nuisance and are more diverse than ever before. The security-related threats have become more disruptive to business processes and more damaging to company’s reputation. With preventative activities encompassing the results of risk assessments, penetration tests, and an effective vulnerability management programs can lessen the effects and decrease the impact of incidents. There is no way to completely prevent all incidents from happening within the company’s networks during†¦show more content†¦Identify, contain, and eradicate cyber threats to the bank and its infrastructure, and restore resources in the event of a cyber-incident. Minimize the disruption to both internal and external customers. Provide the necessary input and support to the appropriate infrastructure unit to recover any computer systems impacted during a cyber-incident. Collect data and evidence for potential prosecution. This document will outline the basic CSIRT approach in four phases that will provide preparation, detection and analysis, containment, eradication and recovery, post-incident activity and lessons learned. CSIRT Mission The primary mission of the bank’s CSIRT is to effectively remove threats from bank’s computing environment, while minimizing damage and restoring daily operations as quickly as possible. Additional objectives of the CSIRT are to: Respond to all cyber security incidents or suspected incidents using an organized, formal investigative process. Quickly determine if an intrusion or security incident actually occurred. Assess the impact and scope of a security incident. Contain, eradicate, and remediate the incident. Minimize the disruption to business and network operations for both internal and external customers. Collect and document all evidence related to an incident. Select and engage additional support as necessary. Incident Playbooks With every security incident being different from one another it is impossible to foresee