Friday, September 20, 2024
HomeMiscellaneousArchive
Archive

What are the Benefits of an IRP?

murdok
By murdok
0
85

The major benefit in an organisation for having an IRP is that of damage limitation. In the event that an incident should occur within an organisation that has an IRP in place, the damage and the ensuing financial loss that is incurred due to this incident will be minimised. Other benefits include:

  • Standardisation: within an organisation all incidents are dealt with in the same way
  • Efficiency of recovery: the ability to return to normal business operations as soon as possible
  • Repeatability: the probability of the same incident occurring twice is dramatically reduced
  • Awareness: within the organisation on what to do when an incident occurs.
  • Knowledge: build up of a knowledge base of incidents that have occurred within your organisation.

    • It goes without saying that as well as having an IRP, a well-developed awareness programme is crucial to the success of your IRP. An IRP is useless if no one within the organisation knows about it.

    Who should have one?

    Every organisation that wishes to protect its information assets should have its own Incidence response programme. However not every organisation requires its own incidence response team. An organisation’s IRP will guide and inform employees within an organisation on how to identify a security incident and notify the relevant bodies about the incident.

    Typically, an organisation should have at least one member of staff who is designated as having full responsibility for the organisations IRP. This individual is then responsible for ensuring that the programme works and is made public. In this case the individual responsible is not required to know how to handle the incident, however he/she is able to seek the correct advice and assistance to handle the incidence in accordance with the organisations IRP.

    Typically, the IRP will contain the processes outlined above in section 1.2.1 mapped to the organisations policies, processes and procedures.

    Establishing an IRP

    The deployment of an IRP within an organisation should not be underestimated. It is worth having a look at public organisations such as the Forum of Incident Response and Security Teams (FIRST). Such organisations are able to provide extensive knowledge in the implementation of IRP’s as they are made up of a variety of public resource, vendor and commercial teams. For further information see: http://www.first.org/

    The establishment of an IRP will require a full time resource such as a corporate security officer to set up the IRP in accordance with the organisations security policies procedures. Where this does not exist, the first task will be to document the organisations technical and managerial policies and procedures.

    The following are considered as the major steps for implementing an IRP within an organisation:

  • Senior management support: It is important that the development of the IRP has support from board level. In order to obtain this a business case outlining the benefits vs. the cost of not implementing an IRP will need to be developed and presented.
  • Documentation: Once buy-in has been obtained, ensure that the relevant documentation required to start planning your organisations IRP is in place. The following documentation should be available:
  • Corporate security Policy
  • Technical Policies and Standards
  • In addition to this a definition as to what constitutes an incident within your organisation and typical incident types that are likely to occur within your organisation will need to be developed. A lot of this type of information is readily available on public resource sites such as http://www.cert.org
  • Resourcing: depending on whether you intend to develop an internal team or use an external commercial team, a decision as to what type of resourcing is best suited to your organisations business operations will need to be made. Support from all business units will be key in ensuring the success of the IRP. Resources such as human resources, marketing, Business continuity and representatives from the relevant business function.
  • Incident Types: The definition of Incident types that are likely to occur within your organisation must be investigated. For example the distinction between an incident that is considered as critical to business functions vs. non critical.
  • Define services: Buy-in from business units as to what services they require from the IRP.
  • Roles and responsibilities: the Incident response team and each business unit need to be made aware of their responsibilities within the programme.
  • Awareness Training: All employees need to be made aware of the IRP, and need to understand its function and their roles within it.

    • Fire drills: The IRP must be tested to ensure its usability within the organisation.

    The above steps are high-level descriptions of how to start developing your organisations IRP, each step involves several more processes to complete the individual task.

    Summary

    In conclusion, any organisation that has a computer network, an Internet presence and is involved in e-Commerce activities should have an IRP. However not all organisations will require an internal Incidence response team, this is mainly due to the effort involved in acquiring experienced staff and the on-going training that is required to keep the level of skills up to date. The IRP should be looked upon as cost of business. When an organisation builds a data centre, the appropriate measures would be put into place in the event of a fire or theft. Preventative measures such as fire officers, security guards, regular fire drills, burglar alarms and fire extinguishers will be implemented. This is not because one expects a fire or to be burgled, however in the event that any of these incidents should occur, you have the confidence in knowing that you are prepared to deal with it. The same principle should be applied in the protection of your information assets. It is important for an organisation to be prepared to protect itself from incidents that could have an impact on business operations and lead to financial loss.

    Trinity Security Services (Trinity) is a leading independent information
    security solutions and services provider. Customers include a range of FTSE
    250 customers across UK and Europe

    Trinity provides its customers with market leading expertise, delivering
    solutions ranging from the technical such as IDS, VPN and E-commerce, to
    strategic services including security policy and procedure development.

    Previous article
    Are Long Copy Salesletters Scams?
    Next article
    3 Tips For Magnetizing Your Copy
    murdok
    murdokhttps://murdok.org

    Related Articles

    LEAVE A REPLY

    Please enter your comment!
    Please enter your name here

    Latest Articles

    Load more

    If you have any questions let us know.

    Contact us: rngibson@gmail.com

    © Copyright - MDOK