After several security incidents Greiblock Credit Union (GCU) Board of Directors needs a sound policy to address the situation. The main objective of this document is to improve the security culture of the organization. The specifications of this policy will address dynamic vulnerability analysis, intrusion detection, and incident response. This document goes into detail about what is required for a proper incidence response.
2. Scope
This policy is intended to support the protection of information systems in GCU and will cover all data within the GCU infrastructure:
• Data at rest stored in databases across 100 branch offices located throughout the Midwest
• Data in transit and data stored on computers
• All forms of communication …show more content…
Intrusion detection systems can still be useful even with the advent false positives as long as the system is tuned properly.
As an employment principle, each IDS sensor will be tuned one at a time in order to control the amount of alerts as the system is introduced to the network. The network and systems team must be consulted so that the introduction of the system does not cause an interruption in service based on their use of the system. This will assist in stopping false positives due to timed processes and system updates.
3
All system alerts should be routed directly to the Computer Security Incident Response Team (CSIRT) utilizing a log and alert system that works with the IDS to group incidents as they relate and allow the CSIRT to identify patterns and trends. These logs must be reviewed on a regular basis and audited as part of a routine for the CSIRT (www.networkcomputing.com).
3.3. Incident Response
This is the specific approach that GCU will take in the occurrence of a security breach or a cyber attack. Following these steps will minimize exposure area, reduce costs, down time and damage to the business interests.
3.3.1. …show more content…
Lessons Learned
It is vital that the organization captures lessons learned in order to prevent such an incident from happening again.
• Update all policies to ensure the incident doesn’t happen again
• Check for flaws or shortcomings in user knowledge or policy that may have been a contribution to the incident
• Validate the success and/or failure of the response plan against the incident
• Validate the contact roster
• Maintain the information captured by the CSIRT during the identification process
4. Enforcement
Managers have the sole task of enforcement for this policy under the governance of law and policies for specific business processes.
5. Metrics
Incident Response Metrics allows IT staff to clearly define the landscape of cyber security to senior management. This will help in guiding improvements in the process and assist IT staff in gaining funding for improvement in the Incident Response process. IR Metrics are fact based analysis that give visual depictions in a graphical manner of trends of incidents, reaction time and process success to managers to assist in the decision making process (seanmason.com).