[Mile2Test]

Discuss some of the policies that should be in place for a competent incident response within a company/organization.

[Seth Brumfield]

A policy should be established that makes a plan on who will do what, and how it will be done. You need to igure out who is accountable, prepare by making procedures, detect and respond, document and then continue the loop with continuous improvement. You can’t just make a plan after the fact, teams will fall apart when its like a pickup-game! There are also ISO policies and other data policy that you could adopt so that you have a basic foundation. Just because you don’t have to meet that policy, doesn’t mean it would be a good place to start.

Communication and escalation policies are also critical. Cyber incidents often require immediate reporting and rapid escalation depending on the severity of the threat. Policies should specify who must be notified, when notifications must occur, and what communication channels should be used. These policies help ensure that executives, customers, and law enforcement agencies receive information. Proper communication policies also reduce misinformation and panic during a crisis. It reminds me of my time in the Air Force when we had a play book for every type of response imaginable! If an aircraft crashes do this, if there is a bomb threat do this.

https://www.sygnia.co/blog/incident-response-policies/

[Eugene Estes]

The contrast is with reactive responses, where action is taken only after an incident has already happened. This is the process of preparing for responding. to and recovering from significant events that threaten an organization’s operation is its reputation. Determine the right steps with authority involved in reporting and addressing an incident as it develops, ensuring the right people are involved at the right time.

[Rodnika Brown]

I agree. Having policies and procedures in place before an incident happens is important because it gives everyone a clear understanding of their roles and responsibilities. Communication and escalation procedures are really critical since quick reporting can make a big difference in limiting damage. I also like your Air Force example because it shows how having a prepared response plan helps reduce confusion and allows people to act quickly and effectively during a crisis. Organizations that take the time to plan ahead are usually much better prepared when an incident occurs.

[Eugene Estes]

Malware attacks, data breaches, illegal access, and system failures are just a few of the security risks that organizations face today. Because of these threats, every organization should have robust incident response procedures in place to guarantee that security issues are found, managed, and promptly rectified. In order to minimize damage and downtime during emergencies, incident response plans offer employees and IT staff defined protocols.
The incident reporting policy is one crucial policy. This policy outlines how staff members should report any suspicious activity, security lapses, or technological issues. When an event happens, staff personnel should know who to call and what details to give. Rapid notification enables the IT staff to take action before the issue affects all of the company’s systems. Incidents could go unreported and seriously harm business operations in the absence of appropriate reporting protocols.
The access control and authentication policy is another crucial policy. This policy makes sure that sensitive data and company systems are only accessible to those who are authorized. Strong passwords, multi-factor authentication, and permission levels according to job duties are all part of it. Restricting access lowers the likelihood of account penetration, insider threats, and unauthorized data exposure during a security incident.
A data backup and recovery policy should be put into place by organizations. This policy guarantees that critical business data is routinely backed up and can be restored in the event of a system failure or attack. The business can swiftly resume operations without losing important data in the case of ransomware hardware damage or unintentional loss. In order to minimize financial losses and ensure business continuity, backup procedures are essential.
The communication and escalation strategy is another crucial policy. Employees, management, and technical teams need to communicate well during a security event. This policy specifies who should be notified, what should be done, and how occurrences should be reported to higher management or outside authorities if needed. During emergencies, effective communication lowers confusion and enhances coordination.

[Seth Brumfield]

To me this course has introduced some new ideas, but I have also had to do some independent research on understanding security. I think think how you set up the hardware is important as well. I learned about sub-netting and how you can separate front end app software, from a database server, for the payment stuff. Then if you front end gets hacked they have to go deeper into the other servers where there are firewalls and protocals. I think this is important along with having a plan.

[Rodnika Brown]

I think a company should have clear incident response policies in place so everyone knows what to do if there is a cyberattack or security issue. One important policy is an incident response plan that explains the steps for identifying, reporting, and fixing security problems. Companies should also have password and access control policies to help protect sensitive information.

Another important policy is employee training because many incidents happen from human mistakes like phishing emails. Backup and recovery policies are also important so the company can restore important data if something goes wrong. Overall, having strong policies in place helps a company respond faster and reduce damage during a security incident.

[Author]

Posts