Incident Response Team Policy It is a policy used to manage the after effects of an incident or a breach occurred in an organization. The main goal of the policy to minimize the breach and help to recover from the damages of the incident. The hacker was able to get the personal information of both parents and children because the organization was lacking many security practices. The main aim of the incident response team is to build the policy from these deficiencies. 1. Purpose This document provides a policy to prevent attacks on the VTech organization by protecting the customer’s data. 2. Background This document was developed because of the hack in the VTech tablet, where the information of both parents and kids got hacked and it also …show more content…
The incident response plan should be accurate and simple. The plan must be simple, clear and easy to understand and guide the response team to act by finding who, what, how, when and why the incident happened. This will help the organization to find what system or data got hacked and help them to take action against it. 4.2. Next step is to define detailed roles and responsibilities. Having specific roles defined will help both business and employees to act accordingly at the time of incident as well as take actions to prevent data loss. 4.3. Third step involves both technical and non-technical teams. Non-technical team includes management, legal, human resources etc. All the organizations think that incident response plan is confined to only IT or security department. But non-technical team should also take part in the execution of the plan and they also should communicate with other teams who can provide solutions at the time of incident. 4.4. Creating the incident classification framework is the fourth step. Classification framework will help to find the cause of the attack, type of attack, severity, impact and future recommendations to …show more content…
Process Diagram 7.1. Preparation: First is to be prepared to address an incident. Incident response team cannot immediately address an incident without a plan. So having predetermined guidelines will make it easier on the team. 7.2. Identify: Next is detect the incident and this can be done by monitoring the network using firewalls etc. Third is by properly analyzing the incident. 7.3. Analysis: In this phase the team will actually determine whether the breach happened or not. And this can be done by taking the screenshots, checking the memory, monitoring the communicating channels of the attacker. 7.4. Control: This is a critical stage for the incident response and the main goal hear is to control the impact of the incident. Once the team identifies the incident, the organizations will shutdown the system to reduce the impact of the hack and rebuild the system. 7.5. Recover: This phase helps to restore the system from the damage caused by an incident. This can be done by rebuilding the systems, replacing effected files with clear systems, changing passwords etc. 7.6. Document: Document the incident is very important as it helps the organization to keep track and help to provide counter measures in case of future