USF Cyber Security Incident Response Management Team Questions

Answer all  questions.

• 1. Why is it a good idea to include human resources on the incident response management team?

2. How do an incident response plan and incident response team help reduce risks to the organization?

3. Why is a post-mortem review of an incident the most important step in the incident response methodology?

4. Why is a policy definition required for a computer security incident response team?

5. Why is it critical to align the RTO and RPO standards within the policy definition itself?

6. How do risk management and risk assessment relate to a business impact analysis for an IT infrastructure?

7. Why should organizations update their BCP, BIA, RTOs, and RPOs?

8. Create an organization-wide policy defining and authorizing a security or computer incident response team to have full access to and authority over all IT systems, applications, data, and physical IT assets when a security or other incident occurs. Create this for the Sunshine Credit Union, which has the following characteristics:

The organization is a regional XYZ Credit Union that has multiple branches and locations throughout the region;Online banking and use of the Internet are the bank’s strengths, given its limited human resources;The customer service department is the organization’s most critical business function;The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees;The organization wants to monitor and control use of the Internet by implementing content filtering;The organization wants to eliminate personal use of organization-owned IT assets and systems;The organization wants to monitor and control use of the e-mail system by implementing e-mail security controls;The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into its annual security awareness training;The organization wants to create a security or computer incident response team to deal with security breaches and other incidents if attacked providing full authority for the team to perform whatever activities are needed to maintain chain of custody in performing forensics and evidence collection;The organization wants to implement this policy throughout the organization to provide full authority during crisis to the CIRT team members over all physical facilities, IT assets, IT systems, applications, and data owned by the organization.Using the following template, in your text document, create a computer incident response policy granting team members full access and authority to perform forensics and to maintain a chain of custody for physical evidence containment. Create this policy for the Sunshine Credit Union organization