Incident Response Plan

Mission

The mission of this document is to have a plan that helps MUSA respond rapidly to all sorts of

security risks and accidents.

Introduction

This incident response plan is a document that outlines the procedures to be taken if an incident

happens. The Incident Response Plan contains a direct approach and guideline to address

security risk and breach in the organization so that it does not deviate from the way to handle a

potential threat. The risks may be to the facilities, data on a server or device and the network of

the organization. The strategy would detail the roles and duties of the Incident Management

Team.

Strategies and goals

Response to incident are incident specific that implies that, each one would have separate

solutions techniques. The strategies and objectives are listed below:

• Workers will be able to return within short time after a data or network security incidents.

• Prompt the incident response team to address the case

• Aim to mitigate the effect on the business.

• React immediately to the event and attempt to control the incident.

• Provides mechanism to avoid some sort of event in the future.

• When any network security breaches or attacks occur, they must be resolved promptly.

1
 • The network of MUSA must be secured while preserving the integrity and availability of

the system

• Reaction time to accidents must be reduced and security should be enhanced for future

occurence.

• Administrator will be aware about all reported events and will communicate regularly

with incident response team regarding the case and actions to fix it.

Roles and Responsibilities

• Incident response Manager: tracking and prioritizing activities until the incident is

reported, analyzed and contained.

• Security Analysts: Assist the manager and collaborate closely with the affected

individuals to investigate location and time along with event information.

• Risk Researchers: consult with experts to educate and contextualize the event.

• Administrator: management is important in reaction to an event to authorize

personnel and resources, internally and externally.

• Human resources: assists in the event whenever an audit discovers that an individual

is concerned.

• Experts in audit and risk management: support and improve hazard measurements

and risk evaluations. They frequently foster ethical policies throughout the

organization.

• Public Relations: consult with other staff members in order to ensure information are

correct and then notify all stakeholders through various media channels.

It is crucial to realize that interacting efficiently across all divisions is essential for all group

members.

2
Management Approval

The management assists the CIRT by giving them the equipment they need in order to

accomplish their jobs and services (Brooks, 2017). If there are some kind of irregularities, fraud

and safety accidents, the CIRT and senior management should be alerted promptly.

CIRT's key focus and obligation is to ensure that the incident response is carried out and its steps

are accepted by the board. Communication is the secret to reacting to the many security breach

incidents that may take place. In the case of a security breach or attack, CIRT develops a

proposal and sends it to the senior management and after approval, the team takes the requisite

measures to react to the occurrence.

Organizational Approach to Incident Response

An organization’s approach to an incident determines the speed of recovery or whether the effect

can be mitigated early. A constructive attitude to an event may be a guide to using various

resources to either fix or avoid this occurrence while therefore getting the correct team members

to provide faster responses is also important (Thompson, 2018).

Some of possible incidents are: computer theft, malicious code attack, DOS Attack,

Unauthorised access to sensitive business data, destruction or theft of confidential data, etc.

Communications and Incident Response

The CIRT and the upper management will monitor the various possible accidents that MUSA

may face. When all teams have the details, the federal law enforcement agent is contacted

particularly when it involves a local incident within the jurisdiction of the law enforcement

3
agents. If cyber violations of some sort arise, foreign organizations will be notified to

respond appropriately. The methods to be used to communicate will depend on the type of

incident and the magnitude of event.

Measuring Capability and Effectiveness of Incident Response

Measuring the capability of the response team is essential to determine whether their responses

are prompt, accurate and impactful. Any form of occurrence which has occurred would be well

known and recorded in all measures. The incident response team will be audited periodically to

assess their performance over time. The incident response team’s capabilities will be examined

by how swift they detect threat, whether a users recorded the event or did a device administrator.

The pace at which a decision is made, able to assess if the event is a false alert or a true. Setup

team immediately to fix the incident and how long it takes for the incident to be identified and

for the team to decide which intervention is appropriate to take care of the incident (Thompson,

2018).

Ability to respond to incidents

The amount of time it takes to report and response can be checked periodically and see if the

team wants to make further improvements or develop its skills. The annual assessments by

MUSA would help increase its reaction time, minimize accidents and improve the measures

taken in case of incidents. If organizations do not perform performance evaluations, they would

not be informed of any events which arise and will not strengthen their security (Ogunyebi, Swar

& Aghili, 2018).

The following aims to increase protection through incorporating safety elements.

• periodic audit of computer and device Warehouse to determine theft.

4
 • Traffic control by monitoring inflow and outflow of traffic

• Reviewing the logs, check data breach and any data loss on the server.

• Boost system reliability contributing to risk elimination.

Procedures for Notifying Outside Organizations

When confidential details is accessed by either an intruder or employee, law agencies are

notified in connection with people who may have been impacted by the data theft. When data

identified as critical was either leaked by an insider, the senior management and CIRT are told to

take appropriate steps. When there is some sort of violation that affects the general public, the

CIRT would inform the public and warn about the breach and the victims of the breach (Staves

et al, 2020). The law enforcement would be aware about all forms of safety accidents. The CIRT

team should have one point of touch to contact some external source in the event of security

breach that requires external assistance. If there is need to block more network threats, there may

be the need to inform the internet service provider for assistance. Also, exchanging information

with other organisations to enhance their security or visibility and to enable MUSA adjust more

rapidly in the event that they have witnessed the same incident.

Fitting the Program in the Overall Organization

As the amount of thefts and security accidents in various organizations rises per year, an

emergency management strategy must be set in action to prevent some sort of incident. The spike

in cyber attacks annually indicates that MUSA needs to strengthen its security to discourage any

potential attacks. In cybersecurity threats, it is important to safeguard the network. When the

incident response plan is followed, the risks of data theft or security breaches are minimized thus

increases the efficacy of the response team in the company (Lekota & Coetzee, 2019).

5
References

Brooks, F. (2017). Why cyber incident response planning is a critical enterprise

capability. Governance Directions, 69(6), 343.

Lekota, F., & Coetzee, M. (2019). Cybersecurity Incident Response for the Sub-Saharan African

Aviation Industry. In International Conference on Cyber Warfare and Security (pp. 536-

XII). Academic Conferences International Limited.

Ogunyebi, O., Swar, B., & Aghili, S. (2018, March). An Incident Handling Guide for Small

Organizations in the Hospitality Sector. In World Conference on Information Systems

and Technologies (pp. 232-241). Springer, Cham.

Staves, A., Balderstone, H., Green, B., Gouglidis, A., & Hutchison, D. (2020, May). A

Framework to Support ICS Cyber Incident Response and Recovery. In the 17th

International Conference on Information Systems for Crisis Response and Management.

Thompson, E. C. (2018). The Significance of Incident Response. In Cybersecurity Incident

Response (pp. 1-10). Apress, Berkeley, CA.

Thompson, E. C. (2018). Cybersecurity Incident Response: How to Contain, Eradicate, and

Recover from Incidents. Apress.