This Incident Response Policy depicts the general plan for responding to information security incidents at GCU. It also characterizes the roles and responsibilities of members, characterization of incidents, connections of different policies and procedures, reporting requirements. The objective of the Incident Response is to recognize and respond to computer security incidents, identity their risks, respond to the incidents, convey the outcomes and risks to all GCU partners, and prevent the probability of the incident from happen again (Raderman, 2016).
3.2 Scope Incident Response incorporates all activities made to rapidly reestablish basic IT services and to limit effects on daily operations. This policy also provides incident handling guidance …show more content…
The policy also demonstrates the metrics for measuring the program in both short and long terms. In order to establish a formal incident response capability, GCU is prepared to react fast and adequately whenever a security incident occurred. The validity and capability of the incident response team depend on the specialized aptitudes and critical thinking skills from each individuals of the team. Major technical skills to include but not limited to – technical support, system/network administration, programming, and intrusion detection – are highly helpful. Communication and collaboration skills are additionally required for incident handling task. Incident handling training is necessary to all incident response team members.
3.4 Enforcement
All GCU employees must report any suspicious or identified breach with PII data on individuals to GCU IT Department instantly upon discovery. This includes any notice received from a third-party vendors and business partners with whom GCU shares PII information …show more content…
The quantity of incidents that are taken care of should be recorded quarterly and annually to demonstrate the workload of GCU Incident Response team. The time for each incident can be measured by the aggregate time spent on each incident by the team, and how long it took the team to respond to the incident.
Dwell Time – is the idea that a host is compromised sooner or later in time and this compromised is not recognized until some further point in time. It is essential to comprehend that this metric doesn’t mean much, as time advances along with the development of the Incident Response program, the Dwell Time begins to slant downwards. “Ultimately, with a clean environment and proper detection in place, your (GCU) hope is to get that Dwell time down to weeks, days, hours- let alone minutes” (Mason, 2014). Containment Time - is another key metric that ought to be measured. This fundamentally comes down to how rapidly GCU can mitigate the risk postured by compromised assets for other resources on the