Incident Response
Once an adverse event targeting a business is confirmed, it is
Incident Response
Once an adverse event targeting a business is confirmed, it is labeled as an incident. That is the time to activate the incident response plan. After the plan is activated, procedures are followed for incident reaction. Most of the time, the incident is contained. Then, cleanup of all the problems begins and the organization makes a full recovery, with everything back to normal. This is incident recovery.
Use the guidelines provided by “SP 800-61 Rev. 2: The Computer Security Incident Handling Guide,” located in the topic Resources, to design an incident response plan (IRP) for your company. Include actions to be taken if each of the following adverse events occurs:
Ransomware attack on one PC/user
Power failure
ISP failure
If a disaster renders the current business location unusable for a long time, and there is no alternate site to reestablish critical business functions, what would you suggest in a situation like this? Hint: Use the 7-step model recommended by NIST in SP 800-34r1 to develop and maintain a viable BC program for your company.
Support the BCP with a minimum of three scholarly resources.