Njvc Security Incident Response Team Strategy

1071 Words5 Pages

As it is already known, NJVC operates in locations across the world. With this in mind, it is crucial that NJVC is able to quickly identify security incidents and ensure that they are quickly resolved to limit the potential harm to NJVC. NJVC must be able to plan for external threats to the organization, as well as, trusted employees who might perform malicious activities that could harm NJVC operations or compromise sensitive data. In order for quick identification and response, NJVC must have a fully developed forensics and computer security incident response team (CSIRT) strategy. NJVC’s CSIRT strategy will be two-fold in ensuring that NJVC’s infrastructure will be safeguarded against unwanted cyber incidents while responding to active …show more content…

After collecting the relevant data and prioritizing the event, they will determine if and how much damage occurred and plan for the appropriate response in order to contain the incident from becoming more damaging to NJVC’ s infrastructure (Adnan, Just, Baillie, & Kayacik, 2015). After containment is completed, the CSIRT’s next response will be to determine what solutions will be required if operations are impacted to ensure NJVC’s maintains functionality and mitigate business impacts. After the security event or incident is resolved, it is important that NJVC understands “who, what, when, where, how, and why” a security event or incident occurred (Vacca, pg.279). NJVC should be aware of any damage that resulted in the security event and if a cybercrime was committed. In order to find this information, the highly skilled CSIRT personnel will conduct forensic analysis of each security event or …show more content…

The first stage will be accessing the potential crime scene to conduct their investigation (Sindhu & Meshram, 2012). This will allow for the CSIRT personnel to assess the scene, interview personnel, and document their findings to determine if a crime has been committed. If a crime has been suspected of being committed, the CSIRT personnel will then begin to collect evidence (Sindhu & Meshram, 2012). This may include retrieving hardware, log files, media, and replicating data stores to be analyzed at a later date. If evidence is collected, the CSIRT team must create and maintain a chain of custody in order to preserve the evidence’s integrity by ensuring it was not tampered and stored correctly (Sindhu & Meshram, 2012). Once the evidence has been properly collected, the CSIRT will perform the forensic analysis to determine the type of crime that was committed (Sindhu & Meshram, 2012). Since NJVC is a contracted company for the Department of Defense, there are many crimes that could pose a significant risk to both NJVC and their customer. In order to protect these two entities, it is critical that the forensic team accurately determine the crime(s) that were committed on NJVC’s