· Incident Response and Contingency Planning
Unit 6 covers the concepts of incident response and contingency planning. The percentage of businesses that survive and are still in business five years following a major incident or disaster is very low. The reality is that planning for events that may never happen often does not get a high priority in many organizations, despite these grim figures of the impact on those businesses for failure to plan. Information security professionals are not always in a position to influence enterprise-level planning; however, prudent professionals examine the environment and include their own planning for how security can be maintained in the event of an emergency.
Most organizations do not have trained forensics professionals in-house, so they are unprepared when an incident occurs that requires collection of evidence. An effective security professional will have initiated activity toward identifying resources, creating procedures, and having the framework for a response to a critical incident that may end up being litigated in a court of law. Unit 6 covers some of the resources and strategies that are available to security professionals toward accomplishing those objectives.
To successfully complete this learning unit, you will be expected to:
Explore the relationship between IT contingency planning and overall enterprise business continuity planning.
Recommend appropriate workflows within a specific organization in response to a potential incident.
Evaluate security controls that would have aided in discovery, data collection, and analysis following a specific incident within an organization.
Evaluate the impact to multinational organizations of having network segments in underdeveloped countries.
Exhibit proficiency in writing, critical thinking, and research topic areas in IT security fundamentals.
· Required Reading
Complete the following required reading:
Use Information Security Management Handbook to read Chapter 11, “CERT Resilience Management Model: An Overview,” pages 135–152.
Use Computer Security Incident Handling Guide to read pages 1–51.