The major benefit in an organisation for having an IRP is that of damage limitation. In the event that an incident should occur within an organisation that has an IRP in place, the damage and the ensuing financial loss that is incurred due to this incident will be minimised. Other benefits include:
It goes without saying that as well as having an IRP, a well-developed awareness programme is crucial to the success of your IRP. An IRP is useless if no one within the organisation knows about it.
Who should have one?
Every organisation that wishes to protect its information assets should have its own Incidence response programme. However not every organisation requires its own incidence response team. An organisation’s IRP will guide and inform employees within an organisation on how to identify a security incident and notify the relevant bodies about the incident.
Typically, an organisation should have at least one member of staff who is designated as having full responsibility for the organisations IRP. This individual is then responsible for ensuring that the programme works and is made public. In this case the individual responsible is not required to know how to handle the incident, however he/she is able to seek the correct advice and assistance to handle the incidence in accordance with the organisations IRP.
Typically, the IRP will contain the processes outlined above in section 1.2.1 mapped to the organisations policies, processes and procedures.
Establishing an IRP
The deployment of an IRP within an organisation should not be underestimated. It is worth having a look at public organisations such as the Forum of Incident Response and Security Teams (FIRST). Such organisations are able to provide extensive knowledge in the implementation of IRP’s as they are made up of a variety of public resource, vendor and commercial teams. For further information see: http://www.first.org/
The establishment of an IRP will require a full time resource such as a corporate security officer to set up the IRP in accordance with the organisations security policies procedures. Where this does not exist, the first task will be to document the organisations technical and managerial policies and procedures.
The following are considered as the major steps for implementing an IRP within an organisation:
Fire drills: The IRP must be tested to ensure its usability within the organisation.
The above steps are high-level descriptions of how to start developing your organisations IRP, each step involves several more processes to complete the individual task.
Summary
In conclusion, any organisation that has a computer network, an Internet presence and is involved in e-Commerce activities should have an IRP. However not all organisations will require an internal Incidence response team, this is mainly due to the effort involved in acquiring experienced staff and the on-going training that is required to keep the level of skills up to date. The IRP should be looked upon as cost of business. When an organisation builds a data centre, the appropriate measures would be put into place in the event of a fire or theft. Preventative measures such as fire officers, security guards, regular fire drills, burglar alarms and fire extinguishers will be implemented. This is not because one expects a fire or to be burgled, however in the event that any of these incidents should occur, you have the confidence in knowing that you are prepared to deal with it. The same principle should be applied in the protection of your information assets. It is important for an organisation to be prepared to protect itself from incidents that could have an impact on business operations and lead to financial loss.
Trinity Security Services (Trinity) is a leading independent information
security solutions and services provider. Customers include a range of FTSE
250 customers across UK and Europe
Trinity provides its customers with market leading expertise, delivering
solutions ranging from the technical such as IDS, VPN and E-commerce, to
strategic services including security policy and procedure development.
