Risk Management in Organizations - Using CIRT Plans - Essay Example

Risk Management in Organizations- Using CIRT Plans s 9 March Risk Management in Organizations- Using CIRT Plans 1.0 Introduction Risk is defined as the possibility of an occurrence of loss or harm. Risk Management involves the process through which an organization perceives and anticipates the risk or the potential of their activities to causing harm or loss. Risk management also includes monitoring an organization’s activities while also taking the necessary corrective actions and other proactive steps that consequently lead to a minimization of loss. Typically, risk management entails four main elements; identification of risks, evaluation of the probability or severity of a risk, management of the risk and ultimately implementing the most effective method of risk management (Waring & Glendon, 2001, p. 7). There are many forms of risks in any organization today chief among them being the information security risks. The ever-growing number of technically well conversant users, as well as the easily available internet to most of the world population, today makes it increasingly riskier in this aspect. For this reason, the need to protect information and other related details has become one of the most important parts of organizations today. In response to these risks, a large number of organizations today have established various security plans and programs that facilitate the prevention and handling of a myriad of growing threats and intrusion activities. These programs have been phenomenal in protecting most organizations from potential vulnerabilities and threats. However, it is worth noting that these programs may not always be efficient in handling the respective risks, and thus more plans are continuously being added to reinforce the risk protection of the organizations today. In this light, many organizations are quickly adopting a method of developing their own Computer Incident Response Teams (CIRT) or even opting to outsource in this field. Simply put, a CIRT provides organizations with a well-structured and a clearly defined plan that deals with probable threats and incidents. 2.0 Objectives of a CIRT plan in an organization A CIRT is an organizational entity typically made up of several staff members that is tasked with the responsibility of providing management of incidents in an organization. The CIRT coordinates and supports incidence response by handling incident activities. The role of a typical CIRT plan in an organization include; Determining the scope, impact and nature of an incident or event. Understanding the technical of an incident/event. Identifying other additional threats or incidences that may have resulted from a particular incident. Researching and formulation of solutions and recommendations. Supporting and coordinating the implementation of response strategies in an organization. Disseminating information about the current attacks, threats and risks while also corresponding mitigation strategies through modes such as providing advisories, alerts and other technical publications. The CIRT also maintains and stores a repository of the incident and other vulnerability data and all related activities that may help to provide future source of information for correlation, lessons and trends for an efficient and improved security management in the organization. As seen, the overall goal and purpose of a CIRT plan is to maintain a security service by ensuring that the organizational information remains confidential and in the reach of only the specified audience. In summary the CIRT serves various objectives in an organization namely; To define the incidents response procedures, services and policies. To create a capability for incident reporting. To efficiently handle events and incidences in an organization through identification, containment and eradication of the incident. To facilitate the recovery process of the organization from the incident. To help in the investigation process of the incident through determination of the cause, evidence available and consequently assigning the blame. To assist in the prevention of any future reoccurrence of the respective incident. Having an effective CIRT plan in an organization can be very beneficial in a variety of ways. It is especially beneficial to three most important area such as the economic aspect, public relations and the legal part. A CIRT plan helps reduce the resources, both fiscal and human, required for handling an incident in an organization. Additionally, a CIRT may help reduce incidences that may damage the organization’s reputation through negative exposure caused by the occurrence of the event. In a legal angle, a CIRT may help an organization avoid liability issues that may arise in the event of non-compliance with government regulations if the establishment of a CIRT plan in organizations is made a necessity by the law (Bhaskar & Ahson, 2008, p. 63). 3.0 Elements of a CIRT plan 3.1 Trained staff/team members A CIRT may take many forms of organizational structures depending upon the organization it is serving and this means that various CIRTs have varying elements that compose them. In some cases, the CIRT can be made up of staff specifically assigned to handling incidences and related activities. In other organizations, CIRT can comprise of an ad hoc team of staff created for a moment based on their responsibility and expertise in case of a computer incident occurrence. A typical CIRT may consist of a security manager, incident handlers, network specialists, operating systems specialists (administrators) and Internal audit and governance officers among others. 3.2 Policy This is an element of CIRT that helps to govern the team’s response to incidents. Common components of a CIRT policy include the purpose and objectives, definitions of computer incidents, performance measures, priority ratings of various incidents and reporting forms. 3.3CIRT plan A CIRT plan should tie back to the organization’s functions, size, mission and structure. This, therefore, means that the plan encompasses the strategies, goals, mission, communication plan, metrics that measures the effectiveness of the response to incidents and management approval. 3.4 Standard Operating Procedures (SOPs) These are the specific technical processes, forms and checklist and procedures that are to be used by the incident response team. These measures are important in minimizing errors and thus should be validated for usefulness and accuracy. 3.5 Adequate funding In creating a CIRT, the issue of funding should be addressed since it is certainly a part the process of making the team. The budget for the proper functioning of CIRT should be determined and allocated. For example, the services charges for the team should be determined in order to ensure the recovery of costs such as those incurred by the party responsible for causing the incident. There are several methods through which to fund a CIRT plan, for example, a cost recovery model and an insurance model. 3.6 Organizational Buy-In In order for the CIRT plan to be successful, there should be a buy-in from the organization. This is obtained through the creation of an understanding of the organizational needs that the CIRT plan satisfies. Additionally, there should be a clear description of the overall state of security within an organization which thus enables the understanding about how the CIRT plan improves the area. 4.0 Ways through which CIRT plan fits into the overall risk management approach in an organization As earlier mentioned, CIRT plans help to reduce or handle risk in an organization in a variety of ways. The plans can either be used to prevent an occurrence of an event or incident or handle the aftermath of an incident appropriately. This provides two main options through which CIRT plans aid in organization risk management; Real-time incident response Non-real-time incident response 4.1 Real-time incident response- activities involved CIRT plans may serve as avenues through which incidents that have just occurred in an organization are handled. This is referred to as real-time incident response and comprises of various activities such as incident handling, incident recovery and incident investigation. Incident handling entails activities such as identifying the incident, containing the incident and ultimately eradicating the incident. On the other hand, incident recovery entails activities such as identification of the damage caused by the incident, repairing the damage before restoring the system that has been damaged. The final activity carried out by the CIRT plan is the investigation into the incident. In this function, the team is tasked with the responsibility of identifying the cause of the incident, collecting enough evidence regarding everything that transpired during the incident and ultimately assigning the blame to the respective entity (Campbell, 2003). 4.2 Non-real-time incidence response As the name suggests, the CIRT can at times be tasked with the responsibility of formulating a post mortem report that highlights various aspects of an incident that has taken place in an organization. In these kinds of risks management, a CIRT plan enables the organization to understand all the activities that took place during an incident which can later be used to provide lessons and highlight areas of future improvements. In handling these activities occurring in an organization, the CIRT acts as an agency for handling risk in an organization (Campbell, 2003). 5.0 Examples of the use of CIRT plans in responding to risks in an organization In the wake of the rapidly growing trend of cybercrime and hacking activities in the world today, there has been various cases of unsolicited information misuse and unlawful sharing. For example, the case of the Anonymous Group in 2011 resulted in the hacking of the websites of the Malaysian government following a restriction on file sharing websites. In another case, the same group of hackers (Anonymous) launched attacks against big and very secure online portals belonging to PayPal, Amazon, Visa and MasterCard among in a show of solidarity to the WikiLeaks. Both cases called for great efforts to contain them, and ultimately the websites were retrieved. This just shows how much the need for CIRT has grown in the world today. 6.0 An analysis of the development of a CIRT plan in an organization and its influence in facilitating the adoption of a more proactive approach to risk management Creation of a CIRT plan in an organization has increasingly become one of the important things in the management of risk in an organization. A good CIRT plan is a sure way of reducing a huge portion of a loss or harm occurrence in an institution due to the proactive nature of the method. By looking at the various steps though which a CIRT plan can be formulated, the paper will analyze how an organization can use this method to proactively handle its risks (UC San Diego, 2014). One of the steps through which a CIRT plan is formulated is obtaining the management support and buy-in. This step might be difficult since most managements may not find the plan as important especially if it exceeds their budgetary allocation expected of it. However, the approval by the management of the adoption of CIRT plan is a sure way of showing their support to proactively handle the risks faced by the organization. Gathering all the relevant before the creation of adoption of a CIRT plan ensures that all the required details are available for an efficient handling of the risks in an organization. Collecting this information also means that various stakeholders in the organizations such as representatives from the management, IT, legal department, human resources, security, public relations and all other departments are involved. This ensures that everyone in the organization contributes towards achieving a more proactive approach to managing risks in the organization. Other steps towards the creation of a CIRT plan include creating a mission and vision statement for the plan and all management operations involved. This ensures that the plan has a roadmap to follow which, therefore, provides the organization with a target to reach in a more proactive way. Implementing and finally evaluating the effectiveness of the CIRT plan are other steps which provide the organization with a push to act in an increasingly proactive manner towards the management of available risks (UC San Diego, 2014). 7.0 Threats that face organizations today In the last few years, threats to organization have increasingly grown in numbers which can largely be attributed to the growing interest and popularity of the information technology in the world. There are various forms of threats which are presented through various common attack vectors such as the email service, attrition, web applications, improper usage, external or removable media and social engineering among others (Gibson, 2011). 7.1 Common threats today include; Computer viruses and worms - Hacking Phishing - Identity theft Credit card frauds - Identity thefts Spamming - Cyber terrorism Cyber laundering - Software piracy 8.0 Expected Regulatory requirements mandating risk management processes in the future There have been various regulatory requirements and restrictions in most parts of the world regarding the issues surrounding the use of CIRT plans in organizations today. For example, in the US, a search warrant is required for any form of intrusion of personal privacy. This encompasses the intrusion into personal files such as computer which could be a source of information for an effective CIRT plan in an occasion of searching of the required data for such. This might serve as an impediment towards gathering the necessary information for an effective risk management process in a company. In response to this, and considering the increasing complexity in handling the growing threats in today’s world, I predict that some of these regulations will be made lighter to allow for investigators more room and liberty to conduct investigations especially where the risk is beyond doubt. 9.0 Conclusion Computer Incident Response Teams are some of the most important parts of todays business in handling risks. The plans are essential in bringing together the necessary expertise that helps to deal with a variety of probable computer incidents that may arise. The paper has examined various aspects of the CIRT and its applications in the business world today. Bibliography Bhaskar, S., & Ahson, I. (2008). Information security: a practical approach. Oxford, UK, Alpha Science. Campbell, T. 2003. An Introduction to the Computer Security Incident Response Team (CSIRT) Set-Up and Operations. GIAC. Available at http://www.giac.org/paper/gsec/3907/introduction-computer-security-incident-response/106281 Accessed 9 March 2015. Gibson, D. (2011). Managing risk in information systems. Sudbury, MA, Jones & Bartlett Learning UC San Diego. 2014. Computer Incident Response Team (CIRT) Processes. Available at http://blink.ucsd.edu/technology/security/CIRT/index.html Accessed 9 March 2015. Waring, A., & Glendon, A. I. (2001). Managing risk. London, International Thomson Business. Read More