Principles And Practices Of Incident Management And...

CHAPTER TWO PRINCIPLES AND PRACTICES OF INCIDENT MANAGEMENT AND INCIDENT RESPONSE STRENGTHS The information security incident management policy of Blyth’s Books was created in 2010 and has been reviewed four times in five years. Those covered by its scope are clearly stated. It stresses the importance of incident management to the organisation and has the support of upper level management. This policy complies with the Computer Misuse Act (1990) which was an act made to secure computer systems and networks from unapproved access. By complying with legal obligation, Blyth’s Books can pursue legal or disciplinary action against anyone (employee or otherwise) guilty of breaching their systems. WEAKNESSES The Data Protection Act (1998) provides the principles which must be adhered to in order to ensure the total protection of data while the International Organisation for Standardisation (ISO) 27035 presents organisations with guidance in the management of information security incidents. This standard stipulates that an organisation should have a clear and concise information security incident management policy. The security incident management policy of Blyth’s Books while compliant with the Computer Misuse Act (1990) does not show that it is compliant with the Data Protection Act (DPA) (1998) and the DPA (1998) being a legal aspect of the International Organisation for Standardisation (ISO) 27035, which must be adhered to, this policy is also not compliant with the standard.Show MoreRelatedPrinciples And Practices Of Incident Management And Incident Response1380 Words   |  6 PagesCHAPTER TWO PRINCIPLES AND PRACTICES OF INCIDENT MANAGEMENT AND INCIDENT RESPONSE STRENGTHS The information security incident management policy of Blyth’s Books was created in 2010 and has been reviewed four times in five years. Those covered by its scope are clearly stated. It stresses the importance of incident management to the organisation and has the support of upper level management. This policy complies with the Computer Misuse Act (1990) which was an act made to secure computer systems andRead MoreEssay on The National Response Framework852 Words   |  4 PagesThis is especially true during the response phase. The National Response Framework (NRF) is a great example of a national community reference. According to FEMA’s publication, â€Å"The National Response Framework,† from 2013, the NRF is a guide which describes the basis of national response to any form of disaster. The NRF was developed from a long line of response guidance plans. The first was the Federal Response plan which was replaced by the National Response Plan. Then in 2008, the NRF was developedRead MoreEssay on The National Incident Management System1118 Words   |  5 PagesThe National Incident Management System Our experiences of domestic terrorist attacks have taught us many things. For one, it showed how the localized structures and preparedness are not sufficient to effectively and efficiently respond to actual events and threats. It showed how the involvement of agencies at various levels of government could have increased response capacity and how a national approach could have ensured a level of preparedness that is proportionate to the levels of threat thatRead MoreThe National Incident Management System1579 Words   |  7 PagesThe National Incident Management System is a systematic guideline on how to effectively plan, mitigate, respond and recover, from significant incidences especially those that encompass diverse interest and involves all levels of governments. It works hand in hand with the National Response Framework, which provides structure for incident management while NIMS provide the guide for all departments and agencies at all levels of government, nongovernmental orga nizations, and the private sector to workRead MoreEssay on NIMS1075 Words   |  5 Pagesemergency responders at all levels of government will use to conduct response operations. NIMS helps improve cooperation and interoperability among organizations. The framework is adaptable and accessible. It encourages all hazards preparedness. NIMS enables a variety of organizations to contribute successfully in emergency management and incident response. NIMS creates uniform professional emergency management and incident response practices. NIMS applies to all events and all levels of stakeholders comprisingRead MoreThe Public Platform Address System Essay1595 Words   |  7 Pagesservices. Each performed their own duties in isolation of the other services (Fennell, 1988). Recommendations from the report: The Fennel report stressed the importance of creating a positive safety culture at King’s Cross Station. It states â€Å"management failed to observe the many warnings about fires, believing that it could live with them rather than take preventive action† (Fennell, 1988). Fennell notes that the risk of escalator fires in the underground was communicated in previous reports byRead MoreWhat Are The Fundamental Principles Of Siem?1679 Words   |  7 Pagesactions in response to an incident or event. These processes include the system logs, event logs, audit trails and transactional records. In lieu of a SIEM system each of these logs, audit trails and records would need to be individually evaluate. In addition to allowing prompt response to security related events, this centralized collection also provides for reporting to management to achieve legal compliance within the designated framework of an organization. What are the underlying principles of SIEMRead MoreU.s. Department Of Homeland Security1668 Words   |  7 PagesHomeland Security to create best practices and strategies in the IT security system. 2. Scope This policy needs to be applied to all users, employees, contractors, suppliers and to all IT resources such as e-mails, files, data, messages and documents controlled or administered by The Department of Homeland Security. 3. Policy Intention The Department of Homeland IT security policy must be uniform, stable, consistent, efficient, effective and compatible with best practices Information Security in theRead MoreImportance of Security Planning966 Words   |  4 PagesOrganizations should have specific policies covering each of these topics defined within their security plan document. Also, standard operating procedures should be available for technicians to follow whether performing day to day tasks, or responding to an incident. It is a fact that emails are commonly used to perform what is known as social engineering. According to Dictionary.com, the aim of social engineering is to trick people into revealing passwords or other information that compromises a target systemsRead MoreFederal Emergency Management Agency ( Fema )1652 Words   |  7 PagesFederal Emergency Management Agency There exist numerous types of situations that could cause an emergency response, nonetheless, who is supposed to provide emergency response to large scale emergencies? The answer is the Department of Homeland Security (DHS); specifically the Federal Emergency Management Agency (FEMA). The Department of Homeland Security was created in lieu of one single event that happened on September 11th, 2001. There stand several entities under the DHS program, additionally;