Ramm

Author:

October 21st, 2022

1
Contingency Plan
Student’s name
Instructor
Due Date
2
Introduction
The IBM X-Force Treat Intelligence Index 2020, released by the IBM, mainly
highlights the way cybercriminal attacks have progressed within the last decades because of
the software flaws and access to corporate and personal records. The IBM Security report
shows that the top malicious forms of threats encompass of the computer hacking, Span
URLs, malware, phishing URLs, anonymization services, and botnet command and control
(1). Additionally, the IBM-Force analysis is based on the insight and observation from more
than 70 billion security incidents per day in over 130 countries. Thus, due to such prevailing
computer security incidents, the DLIS requires to design a computer incident response team,
CIRT, to adequately prepare itself for the computer security events, which could happen.
Further, the CIRT plan would also be utilized as the contingency plan, which leverages the
disaster recovery planning, DRP, and business continuity planning, BCP.
Purpose and Primary Elements of a CIRT Plan
The computer security incidents at DLIS headquarters could lead to the loss of
availability, confidentiality, and integrity of services or information. however, Gibson (2)
highlights that if the DLIS would implement effective CIRT with the expertise could
significantly reduce the damages resulting from various attacks, the company will restore
normal operations and ensure they remain operational. Thus, in the event of attack, the CIRT
plan would guide the CIRT members. Essentially, the CIRT plan aids a company in preparing
itself for computer incidents and reduce the effect of such attacks by identifying members
aligned to their responsibilities. Several forms of incidents that could influence DLIS consists
of denial of services attacks, malicious code, authorized access, inappropriate application,
and multiple components (2). Therefore, the CIRT plan would aid the company in the
identification of the optimal responses to reduce the possible damage.
3
The CIRT plan entails several different components, which includes policy
information, communication techniques, incident response processes, and information on
membership of the CIRT (2). The plan entails an executive within the upper-level
management to make core decisions and offer management support. The executive is
engaged in the security activities procedures like selecting the team, creating policies,
assessing security, and adopting the plan. Also, information security team members, the
individuals who are mainly responds to and handle computer incidents, evaluate the damage
levels, implement plan for containment and recovery. Thirdly, the IT and MIS, which are the
IT workers that assess where information is accessed and assist the information security team
with technical details. Further, the IT auditor observes, assess why the incident occurred,
ensures that procedures are followed, and collaborates with the security/IT team to avert
future issues. Another core element of CIRT plan is the policies, which are the statement that
guides the team during an incident. Such policies are associated to communication, safety,
and evidence. The communication procedures identify the processes and protocols applied to
recall the CIRT members after an attack is declared and determined.
The Relationship between a CIRT Plan and Risk Management
DLIS have implemented certain risk management plan, which ensured that the leaders
create frameworks that makes risk management as a crucial aspect of planning and
implementation of the firm missions. Ruefle et al. (3) note that the CIRT plan fits into the risk
management procedures by aiding the DLIS adequately prepare and respond to computer
incidents. Additionally, the plan highlights the key responsibilities of the members and
contains the risk management procedures including preparation, detection, as well as
analysis, containment, eradication, and recovery and follow-ups. These phases are the
components of the incident addressing procedures that outlines steps implemented during
incidents. The initial stage of preparation entails the creation of CIRT plan, definition of
4
elements and members identification based on the roles and responsibilities. The second
stage, detection and analysis, is where the CIRT team uses different controls in the incident
identification. The third phase, containment, is where the source of the attack is contained
and eradicated after detection. Finally, the post-incident recovery assesses an incident, which
has already happened and outlines the lessons that can be learned from the attack.
The five Ws in the CIRT plan
According to Van der Kleij, Kleinhuis and Young (4), the cause of the slow response
experienced by DLIS headquarters might be a resultant of DoS attack, which prevents the
servers from offering services or malicious codes like Trojan horses, viruses, or worms that
have infected the servers. Hence, the five Ws in CIRT plan is perceived as the starting point
in identifying the plan. The what would assess the form of computer incidents that has
happened such as DoS attack or malwares. Thus, understanding what has happened would aid
DLIC establish the impact and prioritize its response. The where highlights the location of the
computer attack. Thus, CIRT plan would assist DLIS in identifying the signs on the servers
that leads to the attack. The who element would aid DLIS in identifying the attackers, which
involves the IT auditors with the responsibility of assessing the systems logs, router logs, and
firewall (2). Thus, if the attack stems from the internal source, the logs would reveal the user
accounts that facilitated the attack. The When would help the company in recognizing the
period the computer event happened. Finally, the why will assist the DLIS in identifying the
motive of the attackers.
Leverage of BCP and DRP to Develop and Support the CIRT Plan
DRP and BCP are the essential components of the CIRT planning at DLIS as both
components are involved whenever a computer incident happens. Nevertheless, these
components have different goals in development and support of CIRT planning (3). The BCP
goal is to ensure the firm’s operations running after the occurrence of a computer incident.
5
While, DRP ensures that DLIS restores normal corporate operations after the attack.
Nonetheless, the two concepts have universal components during risk recovery efforts (3).
Thus, the DLIS would use DRP and BCP project elements in developing and supporting the
CIRT plans. The DLIS will leverage the support from the management, consisting of
adequate budget, manpower, and statement backing the CIRT plan. For effective CIRT plan,
the management should provide clear statements that identify the roles of individuals
involved and the DRP and BCP priorities, time, budgets, and urgency. Also, the firm can
leverage the involvement of executives in DRP and BCP projects to support CIRT plan.
Since the management and directors have implicit and explicit roles for DLIS’s capability to
recover from computer events, the executives could have level of direct involvement in CIRT
plan. Therefore, the BCP would support the CIRT plan through ensuring the continuation of
services delivery through application of various processes and tools after the incident,
whereas the DRP would ensure the resumption of normal operations.
Evolution of Threats and How the CIRT Plan Should Be Updated
The computer incidents threats have evolved to encompass the discovery of the new
destructive malware like ZeroCleare, that mainly targets the energy sector (1). Hence, firms
are needed to be concerned with new and old threats that require enhanced detection and
containment abilities. The past attacks were mainly focused on the creation and evolvement
of ransomware and banking Trojans whereas maintaining greater efforts in developing and
modifying crypto-mining malware stains. The two attributes that contributed to such
evolution includes the exploitation and scanning of vulnerabilities that resulted in more than
30% of the incidents. Another contributing factor is the misuse of previously acquired
credentials, which has remained the utmost preferred point of entry in most of the computer
attacks. Thus, the DLIS can update its CIRT plan in different ways to prevent and fight
attacks. The firm should utilize an IDS that would alter firewall rules and trigger it to block
6
the ICMP when a substantial number of packets are identified (2). Also, the IDS must be
configured to block the IP addresses after a reasonable number of attempts. Further, for
malware prevention, the DLIS must utilize and configure, and update its antivirus software.
Besides, the company should individuals in the CIRT and teach the users to identify
suspicious URLs and email attachments. Overall, the firm should design processes for all
forms of incidents, assess the cause of incidents, investigate them, and share the information
with the relevant IT personnel and document the issues and their resolutions.
Practices to Follow When Developing A CIRT Plan
Several practices should be followed during the CIRT plan development. The
computer incident requires to be defined in particular situations that would empower the
CIRT personnel to enact an action that can deliberately block the access to the servers or
prevent others from performing their duties (2). Besides, the firm requires to offer CIRT
policies that its employees would strictly follow. Also, the firm should provide the CIRT
employees with a continuous technical training and awareness of training other staffs on
attack identification. Next, the company should include all relevant specifications on control
in the protocol that requires steps to be implemented in a prescribed order and reference for
other controls. Finally, the firm must subscribe to security awareness reports from the
renowned bodies like the US-CERT.
7
Sources
1) IBM Security. (2020). The X-Force Threat Intelligence Index 2020.
https://www.ibm.com/downloads/cas/DEDOLR3W
2) Gibson, D., & Igonor, A. (2020). Managing risk in information systems. Jones &
Bartlett Learning.
3) Ruefle, R., Dorofee, A., Mundie, D., Householder, A. D., Murray, M., & Perl, S. J.
(2014). Computer security incident response team development and evolution. IEEE
Security & Privacy, 12(5), 16-26.
https://ieeexplore.ieee.org/abstract/document/6924672
4) Van der Kleij, R., Kleinhuis, G., & Young, H. (2017). Computer security incident
response team effectiveness: a needs assessment. Frontiers in psychology, 8, 2179.
https://www.frontiersin.org/articles/10.3389/fpsyg.2017.02179/full
…

Calculate the price

Make an order in advance and get the best price

Type of paper

Academic level

Deadline

Pages (550 words)

$0.00

*Price with a welcome 15% discount applied.

Pro tip: If you want to save more money and pay the lowest price, you need to set a more extended deadline.

We know how difficult it is to be a student these days. That's why our prices are one of the most affordable on the market, and there are no hidden fees.

Instead, we offer bonuses, discounts, and free services to make your experience outstanding.

How it works

Receive a 100% original paper that will pass Turnitin from a top essay writing service

step 1

Upload your instructions

Fill out the order form and provide paper details. You can even attach screenshots or add additional instructions later. If something is not clear or missing, the writer will contact you for clarification.

step 2

Control the process

Once you place an order with our professional essay writing services, we will email you login details to your account. There, you'll communicate with the writer and support team and track the writer's progress.

step 3

Download your paper on time

As soon as your work is ready, we’ll notify you via email. You'll then be able to download it from your account and request a revision if needed. Please note that you can also rate the writer's work in your account.

Pro service tips

How to get the most out of your experience with StudyAcademia.com

One writer throughout the entire course

If you like the writer, you can hire them again. Just copy & paste their ID on the order form ("Preferred Writer's ID" field). This way, your vocabulary will be uniform, and the writer will be aware of your needs.

The same paper from different writers

You can order essay or any other work from two different writers to choose the best one or give another version to a friend. This can be done through the add-on "Same paper from another writer."

Copy of sources used by the writer

Our college essay writers work with ScienceDirect and other databases. They can send you articles or materials used in PDF or through screenshots. Just tick the "Copy of sources" field on the order form.

Testimonials

See why 20k+ students have chosen us as their sole writing assistance provider

Check out the latest reviews and opinions submitted by real customers worldwide and make an informed decision.

11,595

Customer reviews in total

96%

Current satisfaction rate

3 pages

Average paper length

37%

Customers referred by a friend

OUR GIFT TO YOU

15% OFF your first order

Use a coupon FIRST15 and enjoy expert help with any task at the most affordable price.

Claim my 15% OFF Order in Chat

Ramm

Related