ISTM283A Disaster Recovery and Business Continuity

Assume that you have been tasked by your employer to develop an incident response plan. Create a list of stakeholders for the IR planning committee. For each type of stakeholder, provide the reasons for inclusion and the unique aspects or vision that you believe each of these stakeholders will bring to the committee.

Introduction

Incident response refers to an organized approach to managing the consequences of an attack or security breach. The file is based on given case based on the development of an incident response plan. It also consists of a list of stakeholders with the reason behind their inclusion.

Incident Response (IR) Plan

I am working as a senior doctor in healthcare organization which is suffering from safety issues. To handle the recent incident of fire occurring due to lack of security, employer of the company provides me responsibility to create a IR plan. As per the given case, development of incident response plan is as following:

Preparation: In this step, healthcare employees and another security team will be prepared for handling the potential incidents that arises in the organization. Concerning it, the company will conduct training sessions for informing workers about the type of risks, risk handling, etc.

Identification: In this, proper analysis of the working environment will be conducted to identify if there is an area which requires adequate security for reducing the risk of attack or injury. This will help in evaluating those areas which are insecure and can harm the patients and employees both. Along with this, the place where fire took place will also be analysed properly for handling it correctly (Campbell, 2016).

Containment: In this the occurred damage due to the incident will be treated with the help of appropriate equipment and strategies. The affected area due to the fire will be isolated for preventing further damage to the company or human beings.

Eradication: After the containment process, the cause of the fire incident will be identified for eliminating the affected areas from the working environment. Also, proper security measures will also be installed in the organization for ensuring future safety (Szabó, Blandin & Brett, 2017)..

Recovery: The affected area will be recovered by making sure that no threats remain. This will allow employees to reuse the working area for their work. Along with this, fire extinguisher, fire alarm, etc will be installed in the healthcare organization.  

Lessons learned: In this, proper documentation of the complete incident response plan will be conducted. Kind of incidents, type of injury or harm occurred, measures are taken for handling the event, problems occur during handling process, etc. will be recorded accurately. This document will help in improving the mistakes and handling the incidents in future. This lesson will make an organization not to make the similar mistakes and conduct proper security check before using any area or system or equipment (Bollinger, Enright & Valites, 2015).

List of stakeholders for the IR Planning Committee

For developing IR plan, it is necessary to create a list of stakeholders for the IR planning committee.  The list of stakeholders for the IR Planning committee are as follows:

Human resource team: This team will help in developing the IR planning committee effectively. HR manager will play an essential role in delegating the task to the committee according to their expertise and specialization. Along with this, this team will also help in developing friendly and open working environment among the board members. Apart from this, this department will assist the company if any employee found to be involved in an incident (Zhi, Merrill & Gershon, 2017).

IT Team: These staff members will help in making decisions regarding installation of new tools and techniques for handling incidents. IT team will also lead to managing the risks occurred in the system of the organization.

Management: Employees of this department will help in fulfilling the provisions of resources, funding, time commitment, etc. with respect to incident response planning and execution (Bandos, 2017).

Audit and Risk management Experts: These specialists will lead to creating threat metrics while encouraging best practices for handling threats or incidents across the company.

Public Relations: The role of PR will be to communicate with the team leaders and ensuring the accurate account of any incident or issue. This will help in maintaining healthy relationships with the stockholders and other media partners.

Incident Response manager: The role of incident response manager will be to oversee the event and prioritizes the actions for detection and containment of an occurred issue. It is the duty of the manager to covey the particular needs of high severity issues or hazards to the employees of the company (Leigh, Jackson & Dunnett, 2016).

Security Analysts: They will work directly with the affected area for analyzing the time, location and other details of the incident.

Threat Researcher: The duty of threat researcher will provide threat intelligence and context for an issue. By combining the information regarding external and internal events, researchers will maintain a database of internal intelligence.

Users: These will be included in committee for identifying if they face any issues concerning company products or services.  

Conclusion

From the above, it is found that incident response plan is essential for an organization which leads to reducing the number of incidents and helps in providing a safe working environment to the employees. Along with this, the involvement of all stakeholders in the IR committee will help in taking appropriate decisions for the plan.

References 

Journals and Books

Bollinger, J., Enright, B., & Valites, M. (2015). Crafting the InfoSec Playbook: Security Monitoring and Incident Response Master Plan. " O'Reilly Media, Inc.".

Campbell, T. (2016). Digital Evidence and Incident Response. In Practical Information Security Management (pp. 179-191). Apress.

Leigh, J. M., Jackson, L. M., & Dunnett, S. J. (2016). Police officer dynamic positioning for incident response and community presence.

Szabó, J., Blandin, S., & Brett, C. (2017, May). Data-Driven Simulation and Optimization for Incident Response in Urban Railway Networks. In Proceedings of the 16th Conference on Autonomous Agents and MultiAgent Systems (pp. 819-827). International Foundation for Autonomous Agents and Multiagent Systems.

Zhi, Q., Merrill, J. A., & Gershon, R. R. (2017). Mass-fatality incident preparedness among faith-based organizations. Prehospital and disaster medicine, 1-8.

Bandos, T., 2017. Building your incident response team: key roles and responsibilities. [Online]. Available Through :< https://digitalguardian.com/blog/building-your-incident-response-team-key-roles-and-responsibilities>. [Accessed on 16^th September 2017]