Professional Documents
Culture Documents
Mission
The mission of this document is to have a plan that helps MUSA respond rapidly to all sorts of
Introduction
This incident response plan is a document that outlines the procedures to be taken if an incident
happens. The Incident Response Plan contains a direct approach and guideline to address
security risk and breach in the organization so that it does not deviate from the way to handle a
potential threat. The risks may be to the facilities, data on a server or device and the network of
the organization. The strategy would detail the roles and duties of the Incident Management
Team.
Response to incident are incident specific that implies that, each one would have separate
• Workers will be able to return within short time after a data or network security incidents.
• When any network security breaches or attacks occur, they must be resolved promptly.
1
• The network of MUSA must be secured while preserving the integrity and availability of
the system
• Reaction time to accidents must be reduced and security should be enhanced for future
occurence.
• Administrator will be aware about all reported events and will communicate regularly
with incident response team regarding the case and actions to fix it.
• Incident response Manager: tracking and prioritizing activities until the incident is
• Security Analysts: Assist the manager and collaborate closely with the affected
• Risk Researchers: consult with experts to educate and contextualize the event.
• Human resources: assists in the event whenever an audit discovers that an individual
is concerned.
• Experts in audit and risk management: support and improve hazard measurements
and risk evaluations. They frequently foster ethical policies throughout the
organization.
• Public Relations: consult with other staff members in order to ensure information are
correct and then notify all stakeholders through various media channels.
It is crucial to realize that interacting efficiently across all divisions is essential for all group
members.
2
Management Approval
The management assists the CIRT by giving them the equipment they need in order to
accomplish their jobs and services (Brooks, 2017). If there are some kind of irregularities, fraud
and safety accidents, the CIRT and senior management should be alerted promptly.
CIRT's key focus and obligation is to ensure that the incident response is carried out and its steps
are accepted by the board. Communication is the secret to reacting to the many security breach
incidents that may take place. In the case of a security breach or attack, CIRT develops a
proposal and sends it to the senior management and after approval, the team takes the requisite
An organization’s approach to an incident determines the speed of recovery or whether the effect
can be mitigated early. A constructive attitude to an event may be a guide to using various
resources to either fix or avoid this occurrence while therefore getting the correct team members
Some of possible incidents are: computer theft, malicious code attack, DOS Attack,
Unauthorised access to sensitive business data, destruction or theft of confidential data, etc.
The CIRT and the upper management will monitor the various possible accidents that MUSA
may face. When all teams have the details, the federal law enforcement agent is contacted
particularly when it involves a local incident within the jurisdiction of the law enforcement
3
agents. If cyber violations of some sort arise, foreign organizations will be notified to
Measuring the capability of the response team is essential to determine whether their responses
are prompt, accurate and impactful. Any form of occurrence which has occurred would be well
known and recorded in all measures. The incident response team will be audited periodically to
assess their performance over time. The incident response team’s capabilities will be examined
by how swift they detect threat, whether a users recorded the event or did a device administrator.
The pace at which a decision is made, able to assess if the event is a false alert or a true. Setup
team immediately to fix the incident and how long it takes for the incident to be identified and
for the team to decide which intervention is appropriate to take care of the incident (Thompson,
2018).
The amount of time it takes to report and response can be checked periodically and see if the
team wants to make further improvements or develop its skills. The annual assessments by
MUSA would help increase its reaction time, minimize accidents and improve the measures
taken in case of incidents. If organizations do not perform performance evaluations, they would
not be informed of any events which arise and will not strengthen their security (Ogunyebi, Swar
4
• Traffic control by monitoring inflow and outflow of traffic
• Reviewing the logs, check data breach and any data loss on the server.
When confidential details is accessed by either an intruder or employee, law agencies are
notified in connection with people who may have been impacted by the data theft. When data
identified as critical was either leaked by an insider, the senior management and CIRT are told to
take appropriate steps. When there is some sort of violation that affects the general public, the
CIRT would inform the public and warn about the breach and the victims of the breach (Staves
et al, 2020). The law enforcement would be aware about all forms of safety accidents. The CIRT
team should have one point of touch to contact some external source in the event of security
breach that requires external assistance. If there is need to block more network threats, there may
be the need to inform the internet service provider for assistance. Also, exchanging information
with other organisations to enhance their security or visibility and to enable MUSA adjust more
rapidly in the event that they have witnessed the same incident.
As the amount of thefts and security accidents in various organizations rises per year, an
emergency management strategy must be set in action to prevent some sort of incident. The spike
in cyber attacks annually indicates that MUSA needs to strengthen its security to discourage any
potential attacks. In cybersecurity threats, it is important to safeguard the network. When the
incident response plan is followed, the risks of data theft or security breaches are minimized thus
increases the efficacy of the response team in the company (Lekota & Coetzee, 2019).
5
References
Lekota, F., & Coetzee, M. (2019). Cybersecurity Incident Response for the Sub-Saharan African
Ogunyebi, O., Swar, B., & Aghili, S. (2018, March). An Incident Handling Guide for Small
Staves, A., Balderstone, H., Green, B., Gouglidis, A., & Hutchison, D. (2020, May). A
Framework to Support ICS Cyber Incident Response and Recovery. In the 17th