IT Security Incident Management
With the current increase in security breaches affecting both the civilian and federal IT infrastructure, it is clear that there are no real IT solutions that can totally protect or provide a 100% defense against threats.
Based on this assumption, what must organizations do concerning the scope and charter of incident management?
What should be the responsibilities for the security manager?
What must be the real incident management objectives, metrics, and indicators for ensuring the proper security response enforcement and threat containment in the face of growing vulnerabilities?
IT Security Incident Management
The consistent increase in security breaches on the civilian and federal IT infrastructure thus making it impossible to guarantee 100% defense against threats, and therefore the concerned parties need to make the relevant measures to mitigate the breaches as well as reducing the level of damage in the event of an incident. The threats and risks keep changing in form and shape; thus, there is no real IT solution that can fully guarantee the security and safety of the IT infrastructure. The organizations affected need to adopt multiple approaches, best practices, and techniques combined to detect and handle any security breach in the IT infrastructure. Consequently, the organizations need to adopt effective and efficient incident management strategies that ensure the right security measures are adopted, and different members of staff such as the manager perform duties within their scope to keep their organizations safe. The available IT security measures cannot fully guarantee the safety and security of the IT infrastructure due to changes in the form and shape of the attack, and; thus, the concerned organizations need to position themselves strategically to handle the IT security-related issues.
The action of organization based on scope and charter of incident management
Organizations need to employ relevant security measures and techniques based on the size and security impact of the attack. The scope entails the section of the areas being affected by the security breach. The organization needs to first contain by the incident response team, minimizing and eliminating h the attack (Peltier, 2016). Consequently, the organization needs to assess and evaluate the impact of the incident. This approach enables the organization to understand the scope of the attack. The scope determines the techniques to be used based on the aspect of the size of the scope. For instance, if the scope of the attack is large, then the organization will use advanced and sophisticated IT solutions and employ more staff to salvage the situation. Furthermore, the organization needs to gather all the relevant parties required to handle the incident, such as forensic teams, incident response teams, communication teams, and legal advisory teams. The teams ensure that a formidable solution is developed since the threats, vulnerabilities, and risks are identified, thus developing an IT-based counter strategy for them.
Responsibilities of a security manager
The security manager has the responsibility of ensuring that security and safety measures are consistently advanced and improved in line with the changes in the forms and shapes of security breaches (Salesky, 2017). In this case, the security manager establishes network security policies and procedures to regulate access to information, staff training, and organizational security operations. Additionally, the security manager needs to monitor advice and make recommendations on security gaps, and develop effective IT solutions.
The objectives of the incident management are to control the loss and impact of the security breach as well as taking measures to ensure future security breach incidents are mitigated (Doynikova and Kotenko, 2015). Additionally, the organization’s objective in incident management is to ensure that the IT security system is consistently advanced and improved to manage existing and future security breaches. On the other hand, the indicators and metrics of proper security response include the extent of collaboration between the organization and the external parties such as forensic teams and law enforcers, the ability to regularly compromise attacks, the capability of revealing the source of attacks and presenting them to through relevant authorities and the ability to revise the security policies and procedures with the changing times and technology.
The security breaches and attacks cannot be effectively covered or addressed to guarantee the safety and sure organizational operation, and thus organizations need to incorporate a combination of strategies, best practices, and approaches. The incident response management needs to handle all the IT security-related issues and assign duties and responsibilities to different parties based on their skills, knowledge, and qualifications. This approach ensures that security incidences are sufficiently handled while preventing future attacks.
Doynikova, E., & Kotenko, I. (2015, July). Countermeasure selection based on the attack and service dependency graphs for security incident management. In International Conference on Risks and Security of Internet and Systems (pp. 107-124). Springer, Cham.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.
Salesky, M. E. (2017). Roles, Responsibilities, and Motivations of the Principals. In The Project Managers Guide to IDIQ Task Order Service Contracts (pp. 39-64). Palgrave Macmillan, Cham.