Create an incident response plan, integrated with cybersecurity policy that assists with organizational recovery. Include concepts such as maximum tolerable downtime (MTD) and recovery point objective (RPO) in your answer.
There are a few things that need to be considered in the construction of an incident response plan that is being worked into the overall company’s cybersecurity policy. To help the team determine a response, the policy needs to contain related information that will help them to understand the maximum amount of time an organization can go with losing data without a severe impact on operations, also known as Recovery Point Objective (RPO) (Horn, 2020). This is critical for an organization’s incident response team to know because it shapes the speed at which they respond. It also lets them learn how to plan responses to an organization’s critical infrastructure when it is under attack. The second item that needs to be stated is the maximum amount of downtown an organization can afford before it affects their business (Horn, 2020). This is known as Maximum Tolerable Downtime (MTD). With the MTD being understood by incident response teams, they can further refine their plan of attack for the investigation. This allows them to know which machines need to be looked at and cleared as good for the business to return to its normal function.
The next part is the appropriate guidelines the organization should utilize to help plan these responses. For instance, two good guidelines are NIST 800-86 and NIST 800-61. These two guides help industries to implement incident response and digital forensics into their cybersecurity policies in a standardized method. The policy’s first step needs to discuss preparing the incident response team (IRT) (Zhao, 2022). During this phase, the policy needs to be written to ensure the IRT can understand what is going on, where it occurred, and the available equipment. This part of the policy should also dictate the creation of a cybersecurity incident response plan which will detail the critical parts of a response plan should a compromise occur.
The second phase of this plan should focus on detecting and analyzing a suspected compromise (Zhao, 2022). This part of the policy should focus on how an organization will see a potential settlement additionally how the IRT will respond to a possible detection. This can include network segregation to ensure the infection does not spread. It should also address how a team will notify those potentially affected. The next part should be containment, eradication, and recovery from a compromise (Zhao, 2022). This part of the policy will focus on how an organization desires to contain the threat and deal with it. It will also help lay out the recovery plan from an attack.
Finally, the policy should layout the post-incident response (Zhao, 2022). This is simply a way to lay out in the policy that IRTs will conduct after-action reviews and document them to learn what went well and what did not. It can also set this up to look further at what happened and assess the actual damages after the incident, and the dust has begun to settle. This layout should help to construct an incident response plan that will blend seamlessly into the company’s cybersecurity policy. Additionally, it will ensure that it is structured helping to build confidence in any process of auditing company policies.
Investigate and identify a ranking of disaster types.
Three types of disasters can affect an organization. The first of these is called natural disasters. This type of disaster is just as the name suggests and one caused by some element of nature going wild (Schmerler, 2021). This disaster can include flooding, hurricanes, tornados, or earthquakes. It is also critical that organizations understand these disasters are directly impacted by the environment in which they choose to do business. For instance, an organization looking to incorporate and build on the east coast of Florida must understand they increase their risk of being hit by a hurricane.
The second type of disaster is a physical disaster. This disaster deals primarily with the failure of artificial items such as infrastructure (Schmerler, 2021). This is important for organizations to understand since the loss of critical things such as power can lead to the loss of business. This helps to shape responses such as backup generators. An additional physical disaster could fall into something like break-ins which can be prevented with security guards and fences.
Finally, there are technological disasters. These disasters refer to any type of problem created by technology (Schmerler, 2021). This can refer to things such as ransomware attacks and data breaches. Of most disasters, organizations need to monitor the closes since they are the most faced. Additionally, it helps to improve an organization’s technological infrastructure.
What are some alternate site considerations?
When selecting alternate sites, a business needs to consider a few things. However, Opscentre (2010) focuses on five critical things which need to be focused on—reviewing this source, though three specific items stick out: location, security, and infrastructure. A business must consider the area they plan to build when looking for an alternate site. It should be far from the leading site to avoid being affected by the same disaster, yet close enough to not inconvenience staff who may need to utilize it to conduct business. The business also needs to ensure that the alternate site has the appropriate security to protect them from technical and physical attacks. This security will also help protect the infrastructure and ensure it is operational when needed.
Finally, Opscentre (2010) points out an organization needs to assess its infrastructure to maintain conducting business at the alternate site. This can range from computers to backup mediums. This also means that organizations must ensure that the building that composes the alternate site has the necessary characteristics to keep it running. This can range from providing the building with appropriate air conditioning to keeping the temperature at proper levels for electronics. Additionally, ensuring that the infrastructure has enough power to keep everything running.
Analyze backup solutions and why they are important.
Backing up data can occur in three methods: full, incremental, and differential. As the name suggests, full backups focus on copying every bit of an organization’s data (Fellows, R. & Crocetti, P., 2020). This type of backup can be beneficial for organizations since it ensures that all their data is protected should something occur. Though it takes a lot of time to conduct these types of backups, that needs to be considered. Incremental backups, however, focus on backing up only data that has changed from the last backup executed (Fellows, R. & Crocetti, P., 2020). This option is faster than running a full backup since it only targets data that has been modified and, as such, is typically the model of backup preferred by an organization during the week. Finally, with differential backups, only copy data changed from the previous full backup (Fellows, R. & Crocetti, P., 2020). This means that it will store more backed-up data than incremental.
Backing up data is critical for an organization because it ensures data availability should something occur, such as a ransomware attack. This can also be beneficial should a disaster occur that destroys data critical to the organization’s function. Having backups allow an organization to restore to specific times before data was negatively affected by malicious actors or natural disasters.
References
Fellows, R. & Crocetti, P. (2020). Types of Backup Explained: Full, Incremental, Differential, etc. TechTarget. https://www.techtarget.com/searchdatabackup/feature/Full-incremental-or-differential-How-to-choose-the-correct-backup-type
Horn, R. (2020). What is the difference between RPO, RTO, and MTD. Tandem. https://tandem.app/blog/what-is-the-difference-between-rpo-rto-mtd
Opscentre. (2010). Recommended considerations for selecting an Alternate Recovery Site. https://www.opscentre.com/blog/2010/02/26/recommended-considerations-for-selecting-an-alternate-recovery-site/
Schmerler, B. (2021). Types of Disasters to Consider for your Disaster Recovery Plan. DP Solutions. https://www.dpsolutions.com/blog/types-of-disasters
Zhao, J. (2022). How to Create a Cybersecurity Incident Response Plan. HyperProof. https://hyperproof.io/resource/cybersecurity-incident-response-plan/