Incident Response Plan

Incident Response Plan

A user was at their desk in open their personal email and began reading the emails that they received. Later on they notice strange things were happening to their computer. Right away they contacted the IT department letting them know about the situation. The IT department came to user desk to look at the computer and tried everything to detect what the problem could be. After they were not able to find the problem to right away they contacted the IR Team about the situation. (Security Disciplines for Objective 3: Detection and Recovery)

The IR team reviews the information that they received from the IT department and conducted an initial assessment to find out what was the situation. They then spoke to the individual to get a better understanding of the incident. What they recovered that the individual had been receiving personal emails and that whatever was sent to them had cause the problem with their computer. The IR team collected enough evident and information for the user computer to determined that there had been an incident and that the attack very critical. They determined that it was a virus that could affect not only his system but anybody that they could have sent an email to after they received the email. The team had set up an alert roster which is set up any emergencies that could accrue. The alert roster notified the head of the administrator that was the head of each department informing them the incident. The IR team also sent an alert message by phone to all the employees of the company informing them of the incident and telling them not respond or open any email until they are notified by someone from the IR team and the notification will be by phone. Now that the IR team has communicated the information to the correct individuals, then they would send it out to all employees by voice communication through their phone. After this they will figure out the damage and the risk that it have caused to the company's systems. Then they did an assessment of the damage and the cost to reinstall the individual's computer by installing the software, hardware, and all files with the data information in it. Once they have found the nature of the attack they must quickly protect the database, all the company files, hardware and software against the virus that they detected. Even though the virus was detect through the individual personal email the IR team need to make sure that it was not an attack that was meant for the company. The IR team and the IT team will work together to make sure that the virus have not affected any other computer within the company. After finding out that no other computer has been affected both team will work on restoring the individual computer that was contaminated with the virus. It is important that the IR team had to send out a memo stating the incident and also make sure that the employees know that they have the