Managing Organizational Risk
No longer than a decade ago, IT security professionals had to work hard to persuade organizational leaders about the importance of developing effective risk management plans. Nowadays, due to the plethora of cautionary tales that organizations history provide, business leaders are informed on the need to manage risk and understand the crucial role of an organization’s IT infrastructure on its ability to perform business.
A computer incident response team (CIRT) plan can help prepare organizations for incidents that might occur.
Homework help – Write an eight (8) page paper in which you:
1. Describe the objectives and main elements of a CIRT plan.
2. Analyze the manner in which a CIRT plan fits into the overall risk management approach of an organization and how it supports other risk management plans.
3. Provide at least two (2) examples of how CIRT plans define the who, what, when, where, and why of the response effort.
4. Analyze the manner in which the development of a CIRT plan enables management to adopt a more proactive approach to risk management. Include recommendations for remaining proactive in the continual improvement and update of CIRT plans.
5. Infer on the evolution of threats over the last decade that organizations must now consider.
6. Predict the evolution of regulatory requirements mandating risk management processes and plans.
7. Use at least four (4) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Managing Organizational Risk
The increasing security risks across the globe call for organizations to adopt effective and appropriate risk management practices to counter such risk and ensure the business operates in a safe and secure environment. Initially, IT security professionals persuade organizations to adopt risk management strategies and plans in vain. However, in recent times organizations have significantly adopted cautionary tactics aimed at addressing the security risks and threats that are likely to affect the operations of an organization. It is important to note that advancement in technology increases the level of IT insecurity, threats and risk thus inclining organizations and businesses to shield themselves by incorporating risk management practices such as the Computer Incident Response Team (CIRT). The CIRT ensures that address risks by detecting and averting risks and threats that adversely affect the operations of an organization thus ensuring that threats are countered in good time. The risk management approach, plans, and strategies that use the CIRT elements that are flexible address the dynamic threats and risks that affect organizations in the course of running their normal operations.
CIRT Plans Main elements and objectives
The CIRT plans objectives and elements are modeled and developed to ensure that risks and threats are effectively eliminated in the organizations. In the operation of the CIRT different activities are adopted and they include the protection of the organization’s assets, system and network, avoidance of risks and threats and handling the existing risks and threats to reduce their negative impacts and recover from them (West-Brown et al., 2003). The element of policy and incident is a vital aspect that ensures that documentation of the processes and procedures to be adopted in addressing the risks and threats in an organization. The procedure and processes of handling threats and risks are dependent on the type of risk and the appropriate procedures of handling them. In this regard, threats on social engineering, infrastructure, and network are defined and outlined differently making it easy for organizations to handle them as they occur.
The role and responsibility element define different roles and responsibilities and attach them to different professionals and employees (West-Brown et al., 2003). The roles and responsibilities are derived from the procedures and the process that needs to be adopted in the case an insecurity incidence occurs. The process and procedures are separated to establish specific roles that are attached to different professionals and employees based on their specialization.
There is the element that risks need to be identified and addressed to their successful completion or elimination in the interest of the organization’s safety (West-Brown et al., 2003). Upon the identification of risk, the relevant parties need to freeze, monitor and seal all the vulnerability gaps. In this case, appropriate security procedures are adopted to ensure the interest of the current and future safety needs of the organization.
The CIRT element of external support entails the incorporations and coordination with externals forces and authorities to enhance organizational security and safety. The organization in question interacts with law enforcement agencies to ensure that security issues are handled in line with the law (West-Brown et al., 2003). The IT security professionals gather intelligence and information on risk and threats with the external parties to cooperate in threat and risk elimination. This approach ensures that threats and risks are handled collectively.
The element of incident assessment and response review entails the evaluation of risks and threats before adopting the necessary process and procedures to address them. Under the incident response plan, it involves an ongoing effort that ascertains that the security plan is reviewed from time to time on an annual basis (West-Brown et al., 2003). This approach ensures that new threats are effectively handled in time and recommendations are given to avoid current and future threats. On the other hand, the response review entails the improvement of recommendations, processes and strategies adopted. The review made concentrates on the security performance objectives, crisis management communications, and external forensic investigations to ensure that attacks are effectively eliminated in organizations. Therefore, the CIRT elements are directed towards ensuring that risks and threats are effectively eliminated to the point that organizations carry their operations in a safe and secure environment.
Analyze how a CIRT plan fits into the overall risk management approach of an organization and how it supports other risk management plans.
The CIRT plans are directed towards the organizational management of risks and threats to ensure that threats are eliminated and in the case, they occur organizations can counter them and recovery. The CIRT further supports and incorporates plans that enhance risk management in the organization’s operations (Johnson, 2003). The CIRT plan man goals are to ensure that adequate preparations to mitigate risks in the organizations are adopted in the form of policies and guidelines. The CIRT plans and goals are realized through creating roles and attaching them to professionals as well as developing effective policy statements to address insecurity incidents as they arise.
The CIRT plans operations related to the risk management entails identification and marking of the crucial data and information that need to be protected. Organization’s operations and activities are recorded in the form of data and information that is accessed by other parties they can result in a loss (Johnson, 2003). This information can be used against the organizations thus making it insecure to conduct financial operations and leaving the business vulnerable. The CIRT plans to protect information regarding business operations and confidential information such as payroll records and sales databases Therefore, sensitive information and data need to be protected to enhance customer confidentiality and business safety.
The CIRT plan is modeled and inclined towards making the policies and strategies implementable in the interest of addressing the organizational security demands and needs. The fact that CIRT plans to ensure that the security needs of an organization ensure that risk management plans are implemented as they complement each other (Johnson, 2003). In the case, that an incident of breach of data occurs the right and specific procedures for such an incident are given as opposes to the implementation of general directives. Therefore, in the case of data breach or attack takes place procedures directed towards covering and recovery of the damage are initiated. The procedures initiated include identification and seclusion of people and parties affected by the breach of data, handling the security concerns of [parties that are affected and cannot be reached and further making attempt to reach them, determining critical data that need protection such as financial and personal information, preservation and protection of breached data in forensically sound approach, identification and determination of parties affected and related to the data breach to ensure that all matters on the issue are streamlines. Finally, there is the determination of the procedure and approach to be adopted in informing the law enforcers and cyber-incident reporting organizations.
The CIRT plan is developed from resources and documents that have been developed through research and have been approved over the years thus they are effective in addressing cyber security-enhancing risk management operations (Johnson, 2003). The CIRT has the buildup of innovations and knowledge for the management of risks and threats that are occasionally experienced in organizations. The documents and resources that are incorporated in the creation of the CIRT plans include plan templates from the American Institute of Certified Public Accountants (AICPA), Incident Response Consortium website, and Incident Response Policies and Plans. Therefore, the CIRT plan is effectively developed from rich documents and resources to ensure that the organizational management of risks can be effectively implemented.
The CIRT plan is aligned with the Incident Response Plan enhances risk management operations. The CIRT plan is incorporated with risk management plans and policies making it effective and operations in handling risks and threats (Johnson, 2003). Risk management policies that are incorporated in the CIRT ensure that barriers and conflicts are eliminated in the course of managing risks. For instance, the configuration of policies ensures that there are defined procedures for and no chances of overlap of function in the plans thus achieving high levels of efficiency in the risk management operations. Therefore, the organizational IT policies need to be configured with the CIRT plans to ensure that there is effective and efficient execution of operations.
The regular testing and updating of the Incident Response Plan that is based on research and recommendations made ensure that new and old threats and risks to the organizations can be effectively be eliminated (Johnson, 2003). The CIRT plans are regularly tested to discover their inefficiencies and barriers that affect their operations and level of output regarding management and handling of risks. The testing and updating of policies and strategies under the CIRT plan enable organizations to adopt new and updated strategies and practices that ensure a fast response to incidences in the case such as data breach. Therefore, testing and updating of Incident Response Plan through research and recommendation effectively alight CIRT with risk management operations.
Provide at least two (2) examples of how CIRT plans define who, what, when, where, and why of the response effort.
The CIRT operations related to handling or risks and threats are based on the priority on the parties and the extent of the damage. For instance, in the case an attack or data breach incident occurs in a financial organization the response will depend on the parties that are affected and the extent of the damage caused. Upon an attack or data breach, the affected organization needs to notify the affected parties of the attack since it leaves them vulnerable and they need to work together in recovering from the attack.
Additionally, medical institutions experiencing data breach through hacking of the health record of the patients affect the patients and make them vulnerable thus the need to take immediate steps. The response plans and efforts to be adopted will depend on priority to ensure that the patients are protected from any harm arising from such incidents. In this scenario, the law enforcement agencies notified to enhance the apprehension of the cybercriminals involved in the data breach.
4. Analyze the manner in which the development of a CIRT plan enables management to adopt a more proactive approach to risk management. Include recommendations for remaining proactive in the continual improvement and update of CIRT plans.
The CIRT plan needs to adopt advanced proactive approaches in the course of risk management to ensure that they can effectively handle new risks and threats affecting their organizations. The proactive approaches are adopted through recommendations in the interest of updating and improving the CIRT plans (Ahmad, Maynard and Shanks, 2015). The incorporation of a proactive approach in the CIRT ensures that incidences such as data breach are effectively controlled as opposed to taking action after the incidences when it is too late. In this case, the CIRT plans become safe and secure in the course of handling risks and threats. The proactive measures and approaches taken include the instilling of discipline in the organization activities to ensure that the organization activities are streamlined thus eliminating risk and threats. Additionally, strategies, policies, and discipline that shield organizations from attacks need to be applied consistently in the interest of the organization. Therefore, organizational policies and strategies need to be developed to enhance detecting, avoiding and eliminating risks and threats to an organization.
Preventive risk management and identification programs need to be incorporated in the security operations of the organization to ensure that they have effective precautionary measures. The approach ensures that the businesses significantly exposure to threats as threats can be detected and addressed as they occur (Ahmad, Maynard and Shanks, 2015). The programs ensure that suspicious activities and threats from both internal and external sources can be detected thus making it easy to eliminate them before they cause harm to the organization. Therefore, preventive risk management and identification program are part of the proactive approaches adopted and they ensure that risks are eliminated before they infiltrate in the organization’s activities and functions thus compromising them.
Leverage software solutions can be incorporated in the CIRT plans to reduce risks and inconsistencies that can result in the attack in the organization (Ahmad, Maynard and Shanks, 2015). The leverage software solution introduces an organizational culture where every professional and employee have a role and responsibility regarding organizational operations and enhancing security. Under the leveraging technology, advanced analytics and reporting tools are adopted to enhance business intelligence such that risks and threats can be handled and effectively addressed in their preliminary stages.
Infer on the evolution of threats over the last decade that organizations must now consider.
Organizational risks and threats are dynamic and they keep on changing to become complex and complicated. The organization operating under the CIRT plan needs to understand the evolution of threats to ensure that such threats are effectively eliminated (Ruefle et al., 2014). In this case, organizations need to know that cybercriminals have advanced and intensified their operations. Previously, cybercriminals were pranksters, organized gang, lone wolves but technology and innovation have made them transform to nation-state hackers and hacktivist organizations that course large scale attacks. Government and critical infrastructure are operated and managed through the internet and thus cybercriminals take advantage to disrupt and compromise operations by hacking. Therefore, the CIRT plan needs to consider the changing face and tactic of the attackers who now use extensive and sophisticated techniques.
The evolution of threats and attacks is evident through the use of sophisticated hacking tools, force techniques, and social engineering to disrupt and compromise organizational operations. The attacks have become complex and advanced thus posing great harm and losses to government and organizations (Ruefle et al., 2014). The attacking are well-coordinated and take short periods but cause irredeemable damage. The CIRT plan should consider the complexity of attacks to enhance the development of effective countermeasures.
6. Predict the evolution of regulatory requirements mandating risk management processes and plans
Threats and risks are consistently becoming complex and sophisticated and thus there is a need to ensure that equal countermeasures are adopted. In this regard, organizations and institutions need to adopt new generation cyber defense measures to eliminate sophisticated and advanced risks (Furnell et al., 2010). Under the new generation, cyber defense mechanisms, malicious activities and threats are addressed through the detecting gathering transmission characteristics and behavioral intelligence. In this regard, unusual network traffic associated with criminal activities can be identified and thus addressed through elimination from the system.
The advancement and improvement of intelligence through intelligence extension will effectively counter new generation risks and threats. The intelligence needs to be incorporated with technology and innovations to ensure that malicious activities and operations in the system or network are detected and eliminated (Furnell et al., 2010). This approach ensures that effective counter-attack measures are adopted to detect and neutralize attacks and threats.
Conclusion
Threats and attacks have increased and become complex thus compromising and disrupting business and can thus be effectively countered by employing effective and efficient CIRT plans. The security of an organization can be enhanced by adopting the CIRT since its objectives and elements are inclined towards the detection and elimination of threats and risks in the system and network. The CIRT uses the appropriate process and procedure to ensure that threats and elimination are effectively eliminated in the current and future. It is vital to note that threats and attackers have gone through an evolution making their operations complex and sophisticated and thus there is a need to develop effective and advanced countermeasures such as the adoption of new generation cyber mechanisms to enhance a safe and secure working environment.
References
Ahmad, A., Maynard, S. B., & Shanks, G. (2015). A case analysis of information systems and security incident responses. International Journal of Information Management, 35(6), 717-723.
Furnell, S. M., Clarke, N., Werlinger, R., Muldner, K., Hawkey, K., & Beznosov, K. (2010). Preparation, detection, and analysis: the diagnostic work of IT security incident response. Information Management & Computer Security.
Johnson, L. (2013). Computer incident response and forensics team management: Conducting a successful incident response. Newnes.
Ruefle, R., Dorofee, A., Mundie, D., Householder, A. D., Murray, M., & Perl, S. J. (2014). Computer security incident response team development and evolution. IEEE Security & Privacy, 12(5), 16-26.
West-Brown, M. J., Stikvoort, D., Kossakowski, K. P., Killcrece, G., & Ruefle, R. (2003). Handbook for computer security incident response teams (csirts) (No. CMU/SEI-2003-HB-002). CARNEGIE-MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST.
