Plans & Procedures

Change management

Change management focuses on ensure that changes are beneficial to the organization.
It focuses the change goes through a lifecycle to ensure all procedures are followed.
The change has to be approved by the Change Management Board.
The change has to be evaluated to determine what is being changed and how it is going to affect the users and the employees.
Helps reduce the downtime of the network and resources within an organization.
Helps reduce the risks of the organization.

It's important to document and keep track of all incidents that occur within the organization.
Keeping proper documentation can help a professional to determine if a similar incident had occurred in the past and what actions were taken.
When documenting an incident, it's important to include as much details as possible in the description, record the time and date, location, persons involved, actions taken to resolve the issue and lessons learnt.

When an incident occurs, its important the right persons are involved to help resolve the issues.
The organization may have a dedicated incident response team who is trained in resolving security incidents.
The IT Security Management team, IT Technical staff may also be involved in remediating the security incident.

Whenever an incident occur, it should always be reported with as many details as possible.
When reporting a security incident, it's important to be very detail.
Keeping track of incidents can help security professionals to keep track of incidents and look for any patterns of similar incidents in the past records.
The report should include as much details as possible in the description, record the time and date, location, persons involved, actions taken to resolve the issue and lessons learnt.
If a person within the Technical team is unable to resolve the issue, the incident should be escalated to someone senior with more expertise in security.

Some companies will have a Cyber-Incident Response Team (CIRT) which is responsible for the monitoring and resolving of all security incidents within the organization.
The CIRT is made up of professionals who are trained and qualified in various security incident response techniques.
Most importantly, the CIRT is focused on incident response, analysis and reporting.

Designing an Incident response plan is good but the plan needs to be test regularly.
The plan should be testing a few times per year.
The testing of the plan should be scheduled.
The plan should be tested before an actual security incident occur.
It's important to document the outcome after testing to plan. Look for any areas which needs improvement and test again.

The SANS institute has defined the following 5 steps for Incident Response:
- Preparation
- Detection & Analysis
- Containment, Eradication & Recovery
- Port-incident (Lessons learned)

Gathering a list of all the company's assets. These may include network devices, servers, computers and applications.
Create a baseline by monitoring and determine what is considered to be "normal" traffic flow to and from these assets.
Develop a communication plan which outlines who to contact if an incident should occur.
Create a plan of action for each possible security incident that can occur.

Professionals must be trained to quickly identify a security event as it happens on a system or network.
It's important to gather as much details as possible of the security event to improve analysis of the threat.
Try to determine who the threat has entered the system or network.
It's important you have security appliances and applications actively monitoring your systems and networks to identify threats as they occur in real-time.

When a security incident occur, its important the incident (threat) be contained.
The goal of this phase is to stop the spreading of the threat such as virus to other systems on the network.

During the eradication phase, the objective is to remove the threat from the compromised system or network.
Ensure all compromised systems are disinfected thoroughly to ensure there are no longer any infections present on any systems within the organization.

In the recovery phase, data and applications are restored on the system
This may include data recovery from backups.
Replacing a compromised system or re-installing the operating system and applications.

Security professionals uses is phase as an opportunity to learn from the experience of a cyber-attack.
The lessons learnt will help improve the response and actions taken by the security team in future security events.
Updating of existing procedures and documentation may also be required.

The system life cycle simply defines the the lifespan of a system that is supported by a vendor.
If organizations uses end-of-life systems on their network, it increases the security risks of the organization.
End-of-life simply means the vendor is no longer providing updates, patches and even support for the system.
Without security patches, newly discovered security vulnerabilities on the system will not be rectified.
System life cycle affects both hardware and software.
System life cycle usually contains the following phases:
- Procurement - Planning, negotiating and acquiring.
- Deployment - Installing and integrating systems.
- Management - Supervisory and support.
- Decommission and Disposal - Replacing, preserving and retiring.

These are step-by-step instructions for performing a task or action.
Used to improving the efficiency of performing a task or action.
Sometimes are need for compliance.
Reducing the risk of miscommunication and failure.
Contains details about the organization's daily business processes.
Outlines the method and sequence used to complete a task.
There should be a procedure for everything within the business.
These standard operating procedures should always be well documented and clearly defined.

Back

Page updated

Google Sites

Report abuse