Question

"The mitigation risk treatment strategy is the treatment approach that focuses on planning and preparation to reduce the impact or potential consequences An incident response plan he mitigation risk treatment strategy is the treatment approach that focuses on planning and preparation to reduce the impact or potential consequences of an incident or disaster." Incident Response is one of the four types of plans: Develop an incident response plan for an online retail site. The audience for this plan is the Board of Directors within the company.

Answer 1

A good and acceptable response policy should contain the following in it:

1. Clarity abbout portfolio of products/ services the company is offering.
2. Determining the responsibility: This means knowing who will be authorized to remove/ contain a compromised system, its impact on availability of higher- level function.
3. Prioritising the needs of the organisation, Examples: COO goal would be setting a response team to get the pbusiness operations back on track with services/ products being avaialble to meet the business requirements; the legal counsel may be prioritising the investigation of the incident and collecting evidence. This can also include assessing these situations and fleshing out arrangements to tackel the response or in the archives that are identified.
4. Assessing the level of tolerance of the organisation is also a key.

Sunsequently, the draft presentation should also address when the company consults its legal counsels, its cyber risk insurance provider and the public relations team to communicating with stakeholders/ customers.

According to the best practices, it is advisable to use the 6 step framework while building a company specific plan. The steps included in the framework are as follows:

• Prepare: The company's emergency response task force requires to be fined tuned to face any incident.There needs to be a defined security policy that can be implemented. The security policy usually contains acceptable use of data, security breaches and defining the incident which can qualify for the activating the plan.
• Identify: Defining the criteria for activating the security risk. It can also include cumulative steps/ circumstances triggering the risks. This can include any risks within information systems or even inventory management syatems
• Contain: How can the threat be restricted. The company's incidence response policy should encompass steps to be taken immediately or to restrict the risk in long run. The steps taken immediately can include backing up data and preventing the spread of risk. Long term containment usually includes helping the systems and process recover and get back to normalcy to restore business operations.
• Eradicate: Bringing in process to restore all affected systems. Removing any traces of the security bug/ security issues that caused the security incident. Updating the system security and installing necessary updates that will prevent similar incidences in future.
• Recover: Verifying processes to ensure they are free from any errors that could cause any new security incidences infuture. Initiating systems and procedures to bring back business operations to full restore normalcy (containing business growth as normal).
• Learn: It is very important for any company to learn from previous mistakes/ errors. The company should update its procedures including guides for incidence/risk management to tackel any such risks in future.