Premium Essay

Sec280 Week 6 Case Study

In:

Submitted By hallock211
Words 870
Pages 4
SEC280
Week 6 Case Study

Gem Infosys, a small software company, has decided to better secure its computer systems after a malware attack shut down its network operations for 2 full days. The organization uses a firewall, three file servers, two Web servers, one Windows 2008 Active Directory server for user access and authentication, ten PCs, and a broadband connection to the Internet. The management at Gem needs you to formulate an incident-response policy to reduce network down time if future incidents occur. Develop an incident-response policy that covers the development of an incident-response team, disaster-recovery processes, and business-continuity planning.

Gem Infosys Incident Response Policy

To ensure timely response to a network disruption, an Incident Response Team has been formed. This team comprises contacts in several departments throughout the organization. The following policy outlines who to contact and what steps to take in case of an incident involving network related tasks.
Incident Response Team Contacts

DUTIES TEAM MEMBERS EXTENSION
Team Lead Edward Einright 7001
Network Analysts Dave Firuzio 7002 Paul Gerschadt 7003
Security Analysts Rob Jensen 7004 Natalie Pierson 7005
Legal Affairs Frank Saddich 7006
Public Affairs Michelle Davenport 7007

Duties
Team members will establish and implement policies in the following areas:
a) Worm response procedure
b) Virus response procedure
c) System failure procedure
d) Active intrusion response procedure - Is critical data at risk?
e) Inactive Intrusion response procedure
f) System abuse procedure
g) Property theft response procedure
h) Website denial of service response procedure
i) Database or file denial of service response procedure
j) Spyware response procedure
Quick Response

Once an incident is discovered

Similar Documents

Premium Essay

Sec280 Week 6 Case Study

...range from hurricanes to a server failure to a virus that shuts down the network. In order for your business to survive these disasters it is essential to develop process that plan for these situations. No network is full proof that’s why it’s essential to have a plan in case of such a disaster but it’s not just enough to have a plan, you have to practice the plan. You have to have a team of people that practice the processes in order to keep your business up and running. I. Security Incident Response Team (SIRT) A. Identify a group of people (about 5-6) that will be essential to bringing the network back online in case of security breaches. This team should have a wide-range of knowledge and should include a leader to designate a task list to each member. They should also be given adequate authority to make decisions in security breach situations. This team will conduct random drills with other employees to ensure that everyone knows what to do in case of an emergency. Drills that need be conducted should include natural disasters such as a fire, network outage due to a hacker, and an onsite intruder. II. Disaster Recovery Processes A. Offsite backups provide businesses a redundancy safe guard in case of a disaster. This service can usually be done with just a monthly fee and includes automatic backups of your entire network. Tape drives which used to be the best practice for backups but they are expensive to maintain and require a large amount of space to store the...

Words: 564 - Pages: 3

Premium Essay

Week 6 Case Study

...Kent Johnson SEC280 Instructor: R. Booth Week 6 Case study Here at gem security, it is important for our network and its resources to be kept secure from possible intrusion from outside sources. Installing of an IDS policy is an important thing in keeping the network safe. Installing a Network IDS (NIDS) onto a network requires a significant amount of thought and planning. In addition to the technical issues and product selection there are resource issues, from product cost to manning the sensor feeds and supporting the infrastructure that must also be considered. When installing an IDS a policy needs to be developed to ensure responsibilities are clearly defined. This is especially important when delivering an IDS capability remotely or to another organization's network. On the subject of failing hardware, people administering the target network must be made fully aware that if network taps are used, even fail safe taps can take up to a second for the interfaces to re-negotiate and could potentially disrupt services, though recent improvements have reduced this latency considerably. If the network is remote then it is advisable for the policy to reflect that the target network manpower can be called upon for a predefined duration for power resets, etc. Attempting this retrospectively through contractual alteration, if required, can be expensive and time consuming. If you rely on the distant network for support, ensure you have a telephone authentication system...

Words: 537 - Pages: 3

Premium Essay

Case Study: Creating an Ids Policy.

...SEC280 Week 6 Assignment – Joseph Ercole Case Study: Creating an IDS Policy. As the need to secure corporate networks continually increases, the task of ensuring the security of sensitive company data so that it is not compromised becomes increasingly difficult with each day. Gem Infosys, a small software company, has decided to secure their computer systems. The organization uses ten PCs and a broadband connection to the Internet. The management at Gem needs to formulate an IDS policy. We need to identify the steps to be performed when formulating the IDS policy. One of the best ways to protect company networks and data from attackers is to have an Intrusion Detection System in place. Today, IDS’s are an integral part of many organizations’ network infrastructure. But having the IDS in place and not understanding why it’s in place, how it works or who will deploy and run it or how to respond in the event of an attack is counter-productive to its existence. This is why we need to formulate the IDS policy. Before the IDS is deployed, we will create a basic outline of what we are trying to accomplish with the IDS and from there, devise a strategy. So, what are we protecting the network from and how strict will we make accessibility? Sometimes beginning with the end in mind is a good way to execute the first step of any plan or strategy. Knowing how tightly or loosely you want to allow traffic to flow on the network in order to have better control over it is a good start. We...

Words: 831 - Pages: 4