Questions krw ian indent identi is an inoident identified w

Questions krw i·an in-dent identi is an inoident identified? : whar are the procesdares for handling procedares for handling an inciders? 3 Describe five different types of incidents. a What is the difference between a mid-level incident and a high-kvel noder Describe the reasons that some organizations don\'t report compuners relanod ncilen

Solution

Solution:-

(1)

Incident identification refers to the fact that incidents have to be known about, before work can start of fixing them. Incidents are generally identified in one of two ways. Either through a report from an end-user (typically to the Service Desk) or via a system generated incident that can be referred to as an event.

An Incident occurs when there is an interruption in the flow of service, or if the quality of the process has reduced. For example, (power cut scenario – finance company – server down).

(2)

Incidents are handled on different stages described below-

Mitigate risk: Incident management guides you to identify the chances, potential risks, or threats that may cause interruption.

Prepare: Preparing is nothing but planning. Remember – Prevention is always better than cure.

Recover: In the recovery phase, the Business Continuity Plans (BCP) are implemented .

Resume: In this phase, incident professionals need to analyze the outcome of the BCP so conducted, whether it has a positive or negative response.

Post the analysis, they need to make necessary changes depending on the response.

(3)

The exact number of Types is to be determined, but should clearly represent the major course through the organization. Some examples include:

(4)

A mid level incident which is not yet high level, but might lead to a potential high level incident. Partial users at a particular location are affected but not all the users in all locations.

The high level incidents are When a critical system or network component or key application is under outage (or imminent outage) with critical impact on customer service delivery in terms of services and revenue. Additionally, no work around options are available.

(5)

Computer related incidents are severe some times but in some organisations they count computer related incidents less severe if their clients and operation is not affected or there any alternative system. So sometimes they don\'t report computer related incidents.

(6)

Change control is a systematic approach to managing all changesmade to a product or system. The purpose is to ensure that no unnecessary changes are made, that all changes are documented, that services are not unnecessarily disrupted and that resources are used efficiently.

When an incident reported then to resolve it sometimes it is necessary to make some changes to system. So perform changing in controlled manner is called change control.

(7)

The steps are as follows:

Step 1: Obtain management support-

without management approval and support, creating an effective incident response capability can be extremely difficult.

Step 2: Determine the CSIRT strategic plan-

Think about how to manage the development of the CSIRT. What administrative issues must be dealt with, and about project management issues.

Step 3: Gather relevant information-

Gather information to determine the incident response and service needs that the organization has.

Step 4: Design the CSIRT vision-

define the vision for the CSIRT and its goals and functions.

Step 5: Communicate the CSIRT vision and operational plan-

Communicate the CSIRT vision and operational plan to management, your constituency, and others who need to know and understand its operations.

Step 6: Begin CSIRT implementation-

Once management and constituency buy-in is obtained for the vision, begin the implementation.

Step 7: Announce the operational CSIRT-

When the CSIRT is operational, announce it broadly to the constituency or parent organization.

Step 8: Evaluate CSIRT effectiveness-

Once the CSIRT has been in operation for a while, management will want to determine the effectiveness of the team and use evaluation results to improve CSIRT processes and ensure that the team is meeting the needs of the constituency.

(8)

The examples of CSIRTs are the enterprise CSIRT which works for whole enterprise operation, IT CSIRT which works only on IT related incidents and project management CSIRT which handle incidents which are project management related.

Different CSIRTs are created by different expert which work in their respective field.