Information Security Management Essay Example | Topics and Well Written Essays - 1250 words

Information Security Management - Essay ExampleThe fourth step is associated with creating contingency strategies. In the fifth step, cultivation technology contingency plan is developed. The sixth step involves training, testing, and exercise. A maintenance plan document is developed, in the seventh step. The recommended standard approach to the process is to integrate the both system development and life cycle (SDLC) risk management contemplation for the process of contingency planning. 2 Incident Response Planning move The disaster response planning is associated with detailed set of processes and procedures which mitigate, detect and foresee the scope of an unexpected event directly strikeing on schooling resources and assets. Incident catching Identifying the incident to determine whether the incident has occurred due to routine operations or it is the occurrence of an actual incident. The identification of incidents, also known as incident classification, is cerebrate t o analyze the originality of an actual incident. However, reports from system administrators, including intrusion detection systems, anti-virus software may facilitate to incident classification. Incident Response After the identification of actual incident, the incident response personnel follow with a responsive approach. Likewise, the responsive approach includes informing to key personnel, allocating tasks and documenting the incident. Incident Escalation If the incident response team cannot contain the incident, the usurpation of the incident is significantly out of reach. Prioritizing business processes as per business impact is essential. For instance, (fraud risk management server) in a bank stops responding, the business impact will be most critical. Incident Recovery After the containment of the incident, the process of incident recovery initializes. The incident response team must accede with What to do to recover from the incident. The team must restore services, backu p data, continuously monitor the effected system etc. 3 Criteria for Law Enforcement Agencies The justice enforcements agencies should be involved if any incident violates civil and criminal law. It is the sole responsibility of the organization to inform law enforcement agencies. However, the involvement of what type of enforcement agencies relates to the type of abuse conducted. 4 Why businesses Continuity Plans are time-tested and rehearsed? Plans are tested and rehearsed to ensure that the ongoing projects meet the changing needs of the organization. Secondly, the plans are also tested and rehearsed to ensure that the capacity of organization is compliant with all the applicable regulations. 5 Summary for Special Publication (SP) 800-34 Contingency Planning Guide For federal information system contingency planning, this publication provides recommendations, instructions, and considerations. Contingency planning is associated with the intermediate control measures for incident s related to information system services, which may occur due to interruption. The intermediate controls constitute of recovery of information systems function by utilizing equipments exchange, performance of information systems, and relocation of information systems. This guide addresses contingency planning to three platforms. The platforms are Client / waiter Architecture, mainframe systems and Telecommunication systems. Moreover, the guide provides seven progressive steps for contingency planning process. The 7 steps are Contingency plann