Project 4: Part 1
Incident Response and Business Continuity Plan
You have been hired by Greiblock Credit Union (GCU), a $5 billion financial services firm, as a cybersecurity consultant. Based on your forensic expertise, the firm has contracted with you to develop a comprehensive incident response and business continuity plan for their organization.
There are four steps to this project. Your deliverable to GCU will consist of reviewing and synthesizing the analysis described in Steps 1–3 and, in Step 4, concluding by developing techniques that your manager, Yvonne, can share with the organization to ensure preparedness to handle any future network intrusions.
Now that you have an idea of the task ahead, review the scenario below and then click on Step 1 to get started.
Define Relevant Organizational Policies and Procedures
It is important for all organizations to have a solid set of cybersecurity policies, procedures, and metrics in place related to cybersecurity.
In this step, you will write a set of standards, policies, and guidelines for Greiblock Credit Union (GCU) for Yvonne to distribute to GCU for feedback. You should address the following areas:
- dynamic vulnerability assessment
- intrusion detection and prevention (IDS/IPS) systems
- incident response
Policy components should include the critical aspects of each area in measurable terms, as well as the role various technologies play in executing the policy and procedure strategy.
Use the Organizational Policies and Procedures Template to prepare your work and then submit it for feedback after reading the instructions below.
The development and enforcement of cybersecurity policies are critical for the ability to protect networks and data. Such policies can be developed locally based on an organization’s unique mission or requirements, or they can be broadly developed to accommodate a general audience. There are organizations that develop cybersecurity standards, which are then implemented via policies. The International Organization for Standardization (ISO) is such an organization.
While cybersecurity policies focus specifically on data and networks, management policies are also required, in order to guide the activities of personnel, identify responsibilities and accountabilities, and ensure the effective operation of the organization. Often, an organization establishes a central policy structure to oversee the development and management of policies. Cybersecurity policies should be synchronized with the organization’s mission and vision.
Standards, Policies, and Guidelines
Security standards, policies, and guidelines define the rules and controls needed to protect information and ensure effective business operations. They are components of an organization’s overall management and governance framework.
Standards are controls, optimally mandatory, that ensure the consistent application of security policies. Security standards can be communicated in specific directions regarding parameters and characteristics, to include thresholds, frequency of change, cryptographic requirements, or all of those things.
Policies are high-level statements regarding an organization’s intent for information security and thus communicate the organization’s security philosophy or vision. Policies are usually generated, endorsed, and communicated by senior leaders, who are then responsible for promulgating them through an organization. Security policies define information that needs to be protected and identify the implementing documents and can be used to satisfy a regulation or law.
Guidelines are recommended practices and standards, generally based on industry best practices. While guidelines are usually not required, they can be put in place to provide instructions in areas where there may not already be established policies or standards.
Cybersecurity Policy Components
Cybersecurity policies are critical to establishing and maintaining security of networks and data, communicating expectations to employees, and determining consequences for actions. Such policies represent an expression of expectations. Here are the key elements of a good cybersecurity policy:
- Definitions,which explain terms in the context of the organization’s mission and culture.
- Access to computers and data, which explains the processes for gaining access privileges and approvals, and the expectations regarding use of company IT assets. Password expectations would also be established herein.
- Use of external (e.g., mobile) devices,to include any restrictions on use of outside devices on internal company IT assets.
- Security procedures,explaining the reporting requirements should malicious acts be discovered.
- Internet use,to include acceptable use policy and what, if any, filtering might be used. This policy also explains personal use of the internet on work-related computers.
- Data storage and recovery,defining storage requirements (length of time, type of data to be stored), and the expectations regarding recovering from unexpected outages or losses.
- Remote access,which explains expectations regarding remote access to company IT assets, and expectations regarding that privilege.
- Auditing,which describes frequency and type of review for cybersecurity and IT assets.
- Training,which explains requirements for maintaining or learning skills or policies needed for cybersecurity.
Organizational Policies and Procedures Report Template
Use this template for Step 1.
Required Components of Report
- Title Page
- Table of Contents
- Include references
- Policies and Procedures (organized using the following subheadings):