Incident Response Plan For ABC Organization To Protect PII - Key Components And Policies Essay.

Purpose of the Document

    The incident response plan refers to the set of instructions that are designed to assist companies to prepare are respond to network security. Most of the IRP plans are set to mitigate the technology-centric issues which include malware, data breaches and service outages. ABC organization has faced some security breaches. This paper produces a structure to build an IRP for ABC organization to protect the PII (Personally Identifiable Information). The paper includes the key components of the plan and how the individual should respond to the individual cyber security attack (Gorichanaz, 2019). That includes preparation for the key activity processes, detection and reporting of the issues and analyzation of the processes to fix the issues. To implement IRP in an organization it is important to follow the steps. The policy components of an organization include statements of what an organization should seek from the consumers, principles, values of the organization, service objectives, what the organization should be dealing with and the strategies to achieve the objectives. The paper also includes the IRP timeline details and milestones that the ABC organization should follow. The accountability of the plan has also been discussed in the plan that refers to the collaboration of the information, finances and assets of the plan.

The study's main purpose is to define the IRP for the ABC organization to assist the individual in managing security incidents. The study presents the step-by-step processes to implement the IRP in the ABC organization (Yanatori et al., 2021). The process ensures that all the security incidents are detected analysed and all the required measures are taken to mitigate the issues. The study also produces the time frame for ABC organization to implement the IRP. The study also ensures that the implementation plan is the least costly. The document provides all the steps for the organization to identify all the security and privacy incidents (Iwai, 2019).

The incident response plan refers to the procedures the security team should follow when data breaches strike. To make the incident response plan accurate and efficient, the teams must know where to apply the plan and where the alert arrives. The component will ensure whether the plan is weak or strong and where the organization needs to change the plan. This can be achieved through the practice of the plan (Mak & Marshall, 2018). The policy will make sure that the plan is effective. It also includes the identification and communication of the security instructions and weaknesses. The policies include-

• Management procedures and responsibilities to ensure a fast and orderly response to security incidents.
• The objectives of security and privacy incident management should be followed by those responsible for security incident management.
• All the security and management issues should be reported as quickly as possible by the proper management system.
• The individual using the organization’s systems and services should update the management about the vulnerability security weaknesses of the services and the systems.
• The assessment should be done and it should be checked if it is classified as a security or privacy issue.
• The proper response should be done to the identified issues with proper documentation.
• The organization should be aware of the benefits of the formal approach to the management, program working process and expectations, the contact person responsible for handling the security issues. Limitations to the non-closure agreements.
• The communication channels should be maintained to respond to the security and privacy incident. Communication management should be maintained between the employees and the management teams (Fernandes et al., 2021).
• The event security policies include that the data controllers, PII principles and government bodies and other regulatory guidance should be notified in a specific timeframe.
• The organization should ensure that the individuals are doing the investigation in a short period.  Any type of obstruction of the investigation should directly be reported to the managers and seniors for reconsideration and solutions. The barrier or obstruction in the investigation or any disciplinary action may result in the termination (Thompson, 2018).

Key Policy Component List of IRP

The incident response plan is the process not an isolated event. To make the plan successful, the teams should make it more structured and organized. There are five important steps to make the incident response plan successful and effective (Kumar & Anbanandam, 2020). The steps include preparation, detection, analysis, neutralization and post-incident activity. The basic ways to respond to the incidents can be described as follows-

Assembling the team for the responses is the first step to the incidents. Whenever a threat or issue occurs, the organization must define the right team for the issues. Appointing the team leader with proper knowledge of such things is the first step of assembling the team for the plan (Ghobadi, Amiri & Rekabdar, 2021). The selected person must have communication skills along with management skills. Once the team is built, the organization is responsible for activating the tea for the duties for public notification and remediation. Once the team is active ABC organization is responsible for identifying and reacting to the PII threats.

After identifying the threats, the team of administrators, security staff and network heads handle the threats and analyze the plan to fix the issues. The individuals are responsible for checking the files with software using the algorithm to detect when the important files get missed and get altered, and the individuals are also required to manage the anti-malware software for the safety of the information (Ahmadi et al., 2020). The administrators can manage the logs which can be systematically reviewed to look at the anonymous activity in the user areas, storage areas, network areas, operating system and to execute the tasks the individual can utilize cloud services, security applications, operating securities.

After detecting the issues, ABC organization handles executes the plan of containing and recovering the data and information. This can be done by temporarily disabling the network services installing security patches to protect from malware attacks vulnerabilities in networks.  To prevent the threats in PII, the individual can resent the password of the lockers, systems and other issues where the chances of breaches can occur (Ross et al., 2020). The breaches can affect data and other areas. To prevent data loss, the ABC organization can set the back process for all types of data, especially the important ones, to preserve the current state.

As long as the reason for threats is not clear, it cannot be prevented by the organization properly. The issues are managed by the individual depending on the criticality of the issue because the response to the issue will be dependent on the severity (Shinde & Kulkarni, 2021). The severity of the services is divided into three parts. The severity parts include very critical incidents with high impact that includes customer service issues, privacy breaches, customer information or data loss. The major incident with notable impact includes the issues like unavailable customer service core functionality and the minor incidents with low impact, including the minor inconvenience to the customers and performance mortification. The individual is assigned to make the plan to mitigate the issues based on the levels.

Incident Response Process

ABC organization must ensure the notification process for the different issues. Any kind of threat in the areas like identities, personal information sold be notified to the individual. The individuals need to get notified about the issues that will help the individual to prevent the issues in advance (O'Neill, Ahmad & Maynard, 2021). Notification and taking measurements should be considered the last step of the process. Once the individuals identify the incident, similar incidents can be identified easily.  Prevention of the same type of events can be done by following the previous processes. ANC organization soul reviews the processes once it is done in case there are any changes required to do in the processes and policies of IRP.

The accountability of the plan depends on the roles and responsibilities of the individual. The individuals are assigned to take the responsibilities for the task which are needed to be done. The core members who handle the plan are- CISO, VIP or deputy general counsel, data protection officer, the privacy team, security team and IT team. The individuals are assigned specific duties. For instance, CISO is responsible for spreading awareness to the employees by providing training on specific things (Wright et al., 2018). The individual is also responsible for managing the security guidelines in the organizations and maintaining the communication by security practices, identifying the security objectives and purchasing the security objectives and matrices. To maintain the regulatory compliances of a company, it is important to maintain and take action for executing an incident response plan. To maintain the plan, it is important to know the policies and regulations and make the employees aware of the regulations (Yang & Liu, 2020). The deputy general counsel manages all the legal areas of the organization and ensures that all the employees are aware of the policies and regulations. The laws and regulations include the personal rules, regulatory policies of using IRP and the organizational laws. The data protection manager is responsible for managing all the appropriate levels of data and privacy compliances (Engelbrecht, Yasseen & Omarjee, 2018). The individual handles governance of new project initiatives and ensures then implements the IRP in that area. Communicates with the seniors and stakeholders and ensures the process of IRP. The privacy team, the security team and the IT team provide technical assistance to the company and identify all the possible threats and the issues that areas to the stakeholders for assistance in IRP processes. Some other groups and individuals are responsible or can assist in the incident response plan for the organization like senior leaders, human resources, Contractors, building staff, communication resources and even end-user support (Syafrudin, 2018).

Accountability of IRP Plan

 The incident response plan mainly handles the cyber security department for the organization. ABC organization was facing continuous threats and issues especially in PII. The trouble in threat in PII is a serious issue for any organization as it can harm the organization in many ways. To implement the plan successfully, it is important for the organization t not only properly implement the plan and update the plan regularly (Chaple et al., 2018).  
Preparation- the main step of an incident response plan is preparation. A strong plan is required to support the team in identifying an incident response plan. The preparation plan includes four steps documentation of IR policies, defining the communication guidelines, incorporating threat intelligence feeds, assessing the threat detection capabilities.
Detection- The phase mainly focuses on detecting the events to present the security incidents. This phase mainly operates in four major steps that are monitoring, detecting, alerting and reporting (Kumar, Shankar & Vrat, 2021).
Analysis- The proper scoping and analysis of security issues occur in this phase. To gather information from tools and systems for indication, the resources should be used. To make the plan successful, the individual should know about digital forensics, memory analysis and Malware analysis (Ramanto & Parikesit, 2019). The analysis is mainly done in three major areas which are endpoint analysis is mainly done to determine the tracks that may have been left behind; binary analysis is done to investigate the malicious binaries and enterprise analysis that are done to analyze the existing systems and event log technologies.
Neutralization- This is considered one of the most critical stages of incident responses. The neutralization phase depends on the gathered intelligence and indicators during the analysis phase (Shuai et al., 2020). Once the system is restored and security has been identified the operation is resumed by following a few steps like coordinated shutdown which means informing all the team members about the proper timing and issues. Wiping the infected systems and rebuilding the systems from the ground is another neutralization step. Threat mitigation requests are also done once the domains are identified (Whitman & Mattord, (2021).
Post incident activity- Once the incidents are resolved and issues are identified, the proper documentation is required to ensure everything to prevent similar occurrences from happening again. The steps of post-incident activity include completion of an incident report where the proper documentation is done to improve the IR plan, monitoring post-incident, updating the threat intelligence, identification of preventive measures and gaining cross-functional buy-in, which means coordination through the organization (e et al., 2022).

 Even though the incident response plan follows the proper structure and processes, there are still some areas where the individual can change or improve the plan. For instance, hiring the right staff for technological activities can help investigate.  The proper team roles and responsibilities should be defined. The proper employees should be assigned the proper tasks so that individuals can execute the tasks properly.  Defining each responsibility will also reduce confusion and increase efficiency. ABC organization can increase the awareness of the end-user as the individual becomes the victim of the company’s defense. It becomes the organization’s responsibility to spread awareness about using the network and personal data among the users. Another action that the ABC organization can improve the plan is by using the right tools. The proper trackable, coordinated, centralized intelligence-driven technology is important. The proper tools are required to assist in controlling the right information, managing the data with the business, providing visibility to the gathered data and context. Regular updates and monitoring of the systems are required. The regular update of the systems ensures that all the data are correct and real-time.

Conclusion:

 The incident management plan assists one organization in mitigating all the issues by preparing the response to the network security. In this paper, it is to be concluded that most of the IRP plans are set to mitigate the technology-centric issues which include malware, data breaches and service outages. The paper also concludes the implementation process of IRP that includes preparation, detection, analysis, neutralization and post plan activity. The different processes of the plan are handled by different people like CISO, VIP or deputy general counsel, data protection officer, the privacy team, security team and IT team. In this paper, it has also been concluded that dividing the responsibilities ensures the plan's safety and increases that efficiency. This paper has also concluded a structure to build an IRP for ABC organization to protect the PII (Personally Identifiable Information). The paper also discusses the key components of the plan and how the individual should respond to the individual cyber security attack. Even though the incident response plan follows the proper structure and processes, there are still some areas where the individual can change or improve the plan provided in this paper.

References: 

Ahmadi-Assalemi, G., Al-Khateeb, H., Epiphaniou, G., & Maple, C. (2020). Cyber resilience and incident response in smart cities: A systematic literature review. Smart Cities, 3(3), 894-927.

Chaple, A. P., Narkhede, B. E., Akarte, M. M., & Raut, R. (2018). Interpretive framework for analyzing lean implementation using ISM and IRP modeling. Benchmarking: An International Journal.

Engelbrecht, L., Yasseen, Y., & Omarjee, I. (2018). The role of the internal audit function in integrated reporting: A developing economy perspective. Meditari Accountancy Research.

Fernandes, A., Oliveira, A., Santos, L., & Rabadã, C. (2021, June). A Strategy for Implementing an Incident Response Plan. In European Conference on Cyber Warfare and Security (pp. 120-XIV). Academic Conferences International Limited.

Ghobadi, B., Amiri, H., & Rekabdar, G. (2021). Evaluating the Isomorphism of Green Tax in the Presence of the Element of Thick Decision: The Interpretive Ranking Process (IRP). Financial Knowledge of Securities Analysis, 14(51), 45-68.

Gorichanaz, T. (2019). Information experience in personally meaningful activities. Journal of the Association for Information Science and Technology, 70(12), 1302-1310

He, Y., Maglaras, L., Aliyu, A., & Luo, C. (2022). Healthcare Security Incident Response Strategy-A Proactive Incident Response (IR) Procedure. Security and Communication Networks, 2022.

Iwai, K. (2019). Regulation of cellular iron metabolism: Iron-dependent degradation of IRP by SCFFBXL5 ubiquitin ligase. Free Radical Biology and Medicine, 133, 64-68.

Kumar, A., & Anbanandam, R. (2020). A flexible policy framework for analysing multimodal freight transportation system in India: SAP–LAP and efficient IRP method. Global Journal of Flexible Systems Management, 21(1), 35-52

Kumar, V., Shankar, R., & Vrat, P. (2021). An analysis of Industry 4.0 implementation-variables by using SAP-LAP and e-IRP approach. Benchmarking: An International Journal.

Mak, C., & Marshall, J. D. (2018). PHP74-A REVIEW OF THE INFLUENCE OF INTERNATIONAL REFERENCE PRICING (IRP) ON LAUNCH SEQUENCING IN EUROPE. Value in Health, 21, S163.

O'Neill, A., Ahmad, A., & Maynard, S. (2021). Cybersecurity Incident Response in Organisations: A Meta-level Framework for Scenario-based Training. arXiv preprint arXiv:2108.04996.

Ramanto, K. N., & Parikesit, A. A. (2019). The Binding Prediction Model of The Iron-responsive Element Binding Protein and Iron-responsive Elements The Binding Prediction Model of the IRP and IRE. BIOINFORMATICS, 2(1), 12-20.

Ross, S. W., Lauer, C. W., Miles, W. S., Green, J. M., Christmas, A. B., May, A. K., & Matthews, B. D. (2020). Maximizing the calm before the storm: tiered surgical response plan for novel coronavirus (COVID-19). Journal of the American College of Surgeons, 230(6), 1080-1091.

Shinde, N., & Kulkarni, P. (2021). Cyber incident response and planning: a flexible approach. Computer Fraud & Security, 2021(1), 14-19.

Shuai, L., Wang, J., Zhao, D., Wen, Z., Ge, J., He, X., ... & Bu, Z. (2020). Integrin β1 promotes peripheral entry by Rabies virus. Journal of virology, 94(2), e01819-19.

Syafrudin, R. (2018). The impact of society perception towards flood disaster incident response plan in Ledok Wetan village, Bojonegoro districts. In MATEC Web of Conferences (Vol. 229, p. 02003). EDP Sciences.

Thompson, E. C. (2018). Incident response frameworks. In Cybersecurity incident response (pp. 17-46). Apress, Berkeley, CA.

Whitman, M. E., & Mattord, H. J. (2021). Principles of incident response and disaster recovery. Cengage Learning.

Wright, J. G., Calitz, J. R., Ntuli, N., Fourie, R., Rampokanyo, M. J., & Kamera, P. (2018). Formal comments on the Draft Integrated Resource Plan (IRP) 2018.

Yanatori, I., Richardson, D. R., Dhekne, H. S., Toyokuni, S., & Kishi, F. (2021). CD63 is regulated by iron via the IRE-IRP system and is important for ferritin secretion by extracellular vesicles. Blood, The Journal of the American Society of Hematology, 138(16), 1490-1503.

Yang, B. S., & Liu, L. (2020). Information Resource Planning project implementation: A case study of IRP in Tianjin Port. In Frontiers in Enterprise Integration (pp. 249-252). CRC Press.