The organizations' information assets ought to be securely kept in this age of interconnected computing environment, this posed a challenge to the Gem infosy's management following the recent predicaments where the whole information system halted due to a security breach., the advent of new 'e' products and intruder mechanisms has made it difficult for most organizations to stabilize their data security.
Organizations have come to the realization that there is no one solution for security systems and data banks hence they definitely need multi-layered strategies for the entire security, under this layers the security incident Response Team must be included due to the following reasons; reports of computer security incidents have generally increased, evolution of new regulations and laws that influence how organizations need to protect information assets (Harney, 2004). The Gem infosy information system is composed of computer system assets that include a firewall, three file servers, two web servers, one windows 2008 Active directory server for user access and authentification, ten PCs and a broadband connector.
Development of Incident Response Team for Gem Infosy
Computer and network security products do not offer necessary security that is needed hence the requirement for other advanced means like the security incident response team. Firewalls help in preventing unauthorized traffics in a given network, mechanisms for authentification prevents unauthorized person while encryption prevents unauthorized reading of data files. Despite all these mechanisms for prevention a real time detection and response like the security incidence response team is required for effective security by constantly dealing with threats and actively taking steps to curb such evolving threats. The incidence response is basically a mechanism that detects an intrusion and time period for affecting it, the addition of personnel designated to perform this forms the team.
The policy highlights the procedure for hiring staff of the team, responsibilities of team members, communication protocols, staging of drills, outsourcing of incident response, the record keeping, carrying out forensics after attack to determine the source/perpetrators and finally prosecuting the culprits. In addition to these, a computer security incidence response team should have a well developed mission statement to help its members to be focused.
Disaster Recovery Process
This involves recovering the information technology assets after a disastrous interruption hence it aims at stopping further damages. The stragies under the data recovery process after a disaster includes the following; making of backup disks and copying to off-site disk, replication of data through storage area network technology and use of high availability systems to keep away data and off-site replication system (Naval Research Laboratory, 1997)
Business Continuity Planning
This is a proactive planning process which is aimed at ensuring the delivery of critical services and products incase of a disruption due to the occurrence of disaster.
It consists of the following sections governance framework, plans/arrangement/measures, business impact assessment, and procedures for readiness and quality assurance (Dimattia, 2001). It has plans, arrangements and measures which ensure that the organization recovers data, valuable facilities and assets. It also helps in the identification of the most necessary resources such as personel, financial, infrastructure, accommodation, legal advisory and information that supports the continuity of the business operations. Business continuity plan improves the organizational efficiency of a business.
Organizations have come to the realization that systems and network administrators are not sufficient in the protection of organizational systems and assets.This prompts for the development of the incident response policy which should ensure that events of information security, vulnerability related to information assets and data banks are communicated promptly to enable corrective action.
For data recovery process and business continuity plan the failure to deliver critical services/products causes severe consequence. Organizations that are unprepared normally faces potential disasters and risky environments there these two factors allows an organization to moderate risks and continuously deliver products/essential services.