BERGRIVIER MUNICIPALITY

Similar documents
INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

Contingency Planning

Cyber Security Incident Response Fighting Fire with Fire

BERGRIVIER MUNICIPALITY

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

TEL2813/IS2820 Security Management

MANAGEMENT OF INFORMATION SECURITY INCIDENTS

Heavy Vehicle Cyber Security Bulletin

DISASTER RECOVERY PRIMER

Incident Response Services

CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

security FRAUD PREVENTION Business Checklist Safeguard your money, your credit and your good name.

RFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350

The City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.

Cyber security tips and self-assessment for business

Information Security in Corporation

After the Attack. Business Continuity. Planning and Testing Steps. Disaster Recovery. Business Impact Analysis (BIA) Succession Planning

Top considerations for implementing secure backup and recovery. A best practice whitepaper by Zmanda

T11: Incident Response Clinic Kieran Norton, Deloitte & Touche

Responding to Cybercrime:

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

Standard Development Timeline

Information Security Office. Server Vulnerability Management Standards

Information backup - diagnostic review Abertawe Bro Morgannwg University Health Board. Issued: September 2013 Document reference: 495A2013

Trust Services Principles and Criteria

GUIDANCE ON ELECTRONIC VOTING SYSTEM PREPARATION AND SECURITY

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

REPORT 2015/149 INTERNAL AUDIT DIVISION

ISSP Network Security Plan

NEN The Education Network

Data Breach Response Guide

CSIRT SERVICES. Service Categories

Carbon Black PCI Compliance Mapping Checklist

Standard for Security of Information Technology Resources

Financial CISM. Certified Information Security Manager (CISM) Download Full Version :

CYBER RESILIENCE & INCIDENT RESPONSE

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Critical Security Controls. COL Stef Horvath MNARNG Oct 21, 2015

HISPOL The United States House of Representatives Internet/ Intranet Security Policy. CATEGORY: Telecommunications Security

Incident response in the energy

DISCLOSURE STATEMENT PREPARED BY

Computer Security Incident Response Plan. Date of Approval: 23-FEB-2014

What is a Breach? 8/28/2017

Risky Business. How Secure is Your Dealership s Information? By Robert Gibbs

Education Network Security

7.16 INFORMATION TECHNOLOGY SECURITY

Lakeshore Technical College Official Policy

BASELINE GENERAL PRACTICE SECURITY CHECKLIST Guide

CYBERSECURITY PENETRATION TESTING - INTRODUCTION

Security of Information Technology Resources IT-12

Overview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks

locuz.com SOC Services

Be Secure! Computer Security Incident Response Team (CSIRT) Guide. Plan Establish Connect. Maliha Alam Mehreen Shahid

ANNEXES. to the. Proposal for a Regulation of the European Parliament and of the Council

IMF IT-Incident Management and IT-Forensics

Solution Pack. Managed Services Virtual Private Cloud Managed Database Service Selections and Prerequisites

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Principles for BCM requirements for the Dutch financial sector and its providers.

Credit Card Data Compromise: Incident Response Plan

Information Security Incident Response Plan

Policy. London School of Economics & Political Science. Network Connection IMT. Jethro Perkins. Information Security Manager. Version 1.

1. Post for 45-day comment period and pre-ballot review. 7/26/ Conduct initial ballot. 8/30/2010

Telephone System Service Level Agreement

Information Technology Procedure IT 3.4 IT Configuration Management

Leveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

ISO27001 Preparing your business with Snare

ISO : 2013 Method Statement

Cybersecurity: Incident Response Short

CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION

PROTECT YOUR DATA FROM MALWARE AND ENSURE BUSINESS CONTINUITY ON THE CLOUD WITH NAVLINK MANAGED AMAZON WEB SERVICES MANAGED AWS

WHEATON COLLEGE RETENTION POLICY May 16, 2013

Network Security Policy

Denial of Service Attacks

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

Employee Security Awareness Training Program

Information Security Controls Policy

The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services

Payment Card Industry Data Security Standard (PCI DSS) Incident Response Plan

Incident Handling. Road Map. Week 4: Incidents, Evidence and the Law. Types of Evidence. Digital Evidence. Characteristics of Evidence

Information technology security and system integrity policy.

Annual Report on the Status of the Information Security Program

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Introduction. Read on and learn some facts about backup and recovery that could protect your small business.

NIC- Computer Emergency Response Team (CERT) Information Security Incident Management Policy

NORTH AMERICAN SECURITIES ADMINISTRATORS ASSOCIATION Cybersecurity Checklist for Investment Advisers

Concept Note: GIDC. Feasibility Study(F/S) on Government Integrated Data Center (GIDC) for the Republic of Nicaragua

RSPO Certification Step by step

INFORMATION SECURITY- DISASTER RECOVERY

Modelling Cyber Security Risk Across the Organization Hierarchy

Guide to Computer Forensics and Investigations Fourth Edition. Chapter 2 Understanding Computer Investigations

PROCEDURE Cryptographic Security. Number: G 0806 Date Published: 6 July 2010

Table of Contents. PCI Information Security Policy

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

Subject: University Information Technology Resource Security Policy: OUTDATED

The Common Controls Framework BY ADOBE

The Engineering Department recommends that Council: 1. Receive this Corporate Report for information purposes.

Cybersecurity and Hospitals: A Board Perspective

Cybersecurity Checklist Business Action Items

Information Security Incident Response Plan

Transcription:

BERGRIVIER MUNICIPALITY INCIDENT HANDLING POLICY APRIL 2012 C:\Users\HJanuarie\Desktop\New folder (6)\INFORMATION TECHNOLOGY\Incident Handling Policy.docx/cmd 1

INCIDENT HANDLING POLICY REVISION NUMBER DATE AUTHORISED FOR DISTRIBUTION 1. INTRODUCTION The aim of this policy is to: Allow Bergrivier Municipality to keep a record of all faults/problems and systems changes and to document such changes. Allow the System Administrator to monitor all computer faults within the departments so that any matters arising can be monitored. Allow the respective Department to monitor all requests to vendors. Monitor cost to establish if it is still economically viable to repair certain equipment, or to allow management to make decisions to replace equipment that is no longer economically viable to be repaired or outdated and obsolete. 2. POLICY STATEMENT The following statements describe the incident policy and exclude all financial applications: The occurrence of all incidents and change and service requests must be logged with the IT Department on ithelpdesk@bergmun.org.za or (022) 913 6033. This policy covers a new service being required, a problem being experienced or further information being requested. No action will be taken or assistance and support provided unless it is logged and a reference number provided. However, in most cases the staff member logging the call will be able to provide the required information or help immediately. Depending on the nature of the problem or request, there are different procedures to follow when requesting a change, service or information or reporting a fault or a problem. However the policy is that: The staff member must report the problem/fault to his or her manager. This can be done verbally, in writing or via e-mail. The ICT Department will then attend to the problem and issue a complaint number to enable them to reference the logged problems/faults. In addition, no staff member may request any work directly from any ICT vendor without first following the above policy. The vendors have been instructed that any requests attended to without the proper policy and procedure having been followed will not be for the account of Bergrivier Municipality. In cases where a staff member does not follow this procedure, any charge levied by the vendor, will be for the account of the relevant staff member. C:\Users\HJanuarie\Desktop\New folder (6)\INFORMATION TECHNOLOGY\Incident Handling Policy.docx/cmd 2

3. GENERAL GUIDELINES During an emergency situation the following guidelines and principles are advised: Remain calm A compromised system is a call to action but not a cause for panic. Take good notes Take detailed, organized and complete notes while handling any computer security incident preferably in an automated manner following a template so that no critical detail is missed especially if it may be required as evidence in the future. The documentation should be time stamped and auditable. Notify the right people and get help Inform those who need to know about the incident. Again this should be an automated process. Enforce a need to know policy This is one of the hardest things about handling an incident as they can be misdiagnosed early on. It is better therefore to inform those who need to be appraised of the situation so as to manage consistent communication. Use out-of-band communications Whenever possible, use telephones and faxes during a computer security incident. If the attackers have full access to the Help Desks computers and they can read the mail. If the Help Desk s computers are used, this allows the intruder to know when the incident is reported and what response is received. Contain the problem The first time that the compromised computer is touched, it should be to disconnect from the network, even if it is a core infrastructure resource. In order to contain the problem and regain control, all communication between the compromised host and other hosts on the network must be stopped. Make backups - Make backups of system information as well as file-system information. Process tables, network connections and other volatile data sources should be dumped to files and then backed up with the rest of the file-system. Get rid of the problem The problem must be completely eradicated. Determine the cause of the incident, then reload a clean operating system and improve the system s defences by installing the appropriate software. Only then can the system be reconnected to the network. Get back in business The goal is to make the recovered system resistant enough so that Bergrivier Municipality has a fair chance of determining that it is under attack before it falls. 4. INCIDENT HANDLING PROCEDURE The following phases are the constituents of Bergrivier Municipality s incident handling procedure: 4.1 Phase 1 Identification Assign a person in the IT Department to be responsible for the incident. Determine the extent of the incident utilizing diagnostic tool kits. C:\Users\HJanuarie\Desktop\New folder (6)\INFORMATION TECHNOLOGY\Incident Handling Policy.docx/cmd 3

Be careful to maintain a provable chain of custody particularly when it relates to a security incident as the evidence may be required in a court of law. Examples of this could be: - Identify every piece of evidence with a witness. - Sign, seal and date a copy of everything. - Place everything in a tamper-proof locked place that only a very limited number of people have access to (and be able to prove only a limited number of people have access). - Sign, seal and date a copy of everything. Coordinate with the people who provide your network services as they can proactively block incoming and outgoing traffic and can help trace security violators. Notify the appropriate officials. 4.2 Phase 2 Containment Deploy IT Department Staff to survey the situation avoiding disruption of normal routines. Task somebody to be the recording secretary so that nothing is left to memory. Keep a low profile so as to contain the problem and not raise tension at Bergrivier Municipality unnecessarily. Back up the system. Determine the risk of continuing the operation of the system. Continue to consult with the System Owners so that they are informed and will not disrupt the team that is handling the incident. 4.3 Phase 3 Eradication Determine the cause and symptoms of the incident. Improve defenses. Perform vulnerability analysis. Remove the cause of the incident. Locate the most recent clean backup. 4.4 Phase 4 Recovery Restore the system. Validate the system. Decide when to restore operations when it would have least business impact. Monitor the systems. 4.5 Phase 5 Follow-up C:\Users\HJanuarie\Desktop\New folder (6)\INFORMATION TECHNOLOGY\Incident Handling Policy.docx/cmd 4

Develop a follow-up report. C:\Users\HJanuarie\Desktop\New folder (6)\INFORMATION TECHNOLOGY\Incident Handling Policy.docx/cmd 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback