stan

Contacting Law Enforcement

F.B.I. Los Angeles: (310) 477-6565
Secret Service: (213) 894-4830
Los Angeles County District Attorney’s Office: (213) 974-3512. Identity Theft
Los Angeles County Sheriff’s Office: Consumer Guide to Preventing Identity Theft (National Crime Prevention Council)
Orange County Sheriff’s Department: Scams
Orange County Sheriff’s Department: Identity Theft
FBI Internet Crime Complaint Center (IC3)

The NIST Framework — The Information Security Management Chain

Following the NIST Framework for Improving Critical Infrastructure Cybersecurity, managing the security of information hinges on five security management capabilities:

Identify: what information needs to be protected and where it is located
Protect: that information
Detect: information attacks and other incidents
Respond: to information attacks and other incidents, especially successful attacks
Recover: from the incident, returning back to normal operations

The information security management community has begun referring to these capabilities as information resilience: The ability of an organization to continue to provide an acceptable level of performance throughout all phases of the management chain, particularly respond and recover.

Contributed by Citadel Information Group
© Copyright 2017. Citadel Information Group. All Rights Reserved.

Incident Response Objectives

The objectives of incident response are to:

Verify that an incident occurred or document that one has not
Maintain or restore business continuity while reducing the incident impact
Identify the causes of the incident
Minimize the impact of future incidents
Improve security and the incident response planning function
Prosecute illegal activity
Keep management, staff and appropriate clients informed of the situation and response
Apply lessons learned to improve the process

Contributed by Citadel Information Group
© Copyright 2017. Citadel Information Group. All Rights Reserved.

Incident Response Plan Components

The plan should contain the following information necessary to maintain or resume operations and respond to an information security incident:

Names, roles and contact information for the Incident Response Team (IRT), staff, vendors (including vendors needed to respond to an incident), and key clients
Regulatory, contractual and compliance requirements
An overview of critical business functions, criticality of those functions, and resources needed to maintain or resume operations
Recovery procedures for various scenarios
An inventory of all hardware needed for the Organization business operations, including servers, workstations, laptops, printers, faxes, cell phones, firewalls, routers, switches, wireless access points, etc.
An inventory of all software needed for the Organization business operations, including workstation software and on-line software (SaaS)
An inventory of all connectivity required, including Internet, telecommunications and wide area networks (WANs)
An inventory of critical IT documents
Location of all critical business information, including back-ups and shared folders
Location of passwords and encryption keys
An inventory of vital business records

The consolidated plan documents high-level procedures to follow in the event of a suspected security incident.

The plan also documents operational workarounds in the event of an information continuity disruption to the Organization’s business operations.

The plan documents how employees will communicate, from where they will work, and how they will keep working in the event of:

Physical disruptions
Telecommunications disruptions
Disruptions to hardware / software
Unavailability of key personnel

Contributed by Citadel Information Group.
© Copyright 2017. Citadel Information Group. All Rights Reserved.

Incident Response Management and the Incident Response Team

Information Security Manager (ISM)

The Information Security Manager (ISM) is responsible for maintaining the confidentiality, integrity, and availability of the Organization’s business information. As such, the ISM has senior-level responsibility for the incident response plan.

If an incident has the potential to compromise or disrupt confidentiality, integrity or availability, the ISM has the authority to declare it an incident requiring activation of this plan, as well as the authority to suspend the plan or announce the end of the incident and return to normal operations.

In the absence of the ISM, authority passes to the chief executive or designee (i.e. Leader Alternate).

Incident Response Team (IRT)

The Incident Response Team (IRT) is responsible for working with the ISM to manage recovery from an information security incident or disruption in accordance with this plan.

The ISM will convene the Incident Response Team if n the event of an information disruption or information security incident.

The following people, at a minimum, named in the Incident Response Team worksheet of Incident-response-management-lists.xls, constitute the Incident Response Team (IRT):

The Organization’s Information Security Manager (ISM)
A representative from the Organization’s executive team
The Organization’s CIO, IT Director and/or IT Vendor
The Organization’s information security consultant
Other individuals, perhaps including in-house or external counsel

The Information Security Manager (ISM) is the Team Lead and serves as the main point of contact for all parties involved in the incident response.

Incident Response Phases; Plan & Prepare

The Five Incident Response Phases

Plan and Prepare
Detect and Report
Assess and Decide
Respond
Lessons Learned

Plan and Prepare

As part of the planning and preparation process, the Organization needs to maintain documentation on the following.

Business Impact Analysis
Disaster Recovery and Restore procedures
Business Staff Resources
Information backups and images
Offsite Preparedness
Telecommunications Preparedness
Power / HVAC and other Physical Preparedness
Critical Continuity Documentation
Incident Handling Communications
Incident Analysis Hardware and Software
Incident Analysis Resources