Unit 3 Assignment Directions: Design an Incident-Response Plan
Purpose
In this activity, you will write a paper that provides a detailed incident-response plan (IRP) for a breach. As a governance professional, you must design an IRP that aligns with your organization’s requirements and industry best practices. This means you have policies and procedures that adhere to regulatory requirements and industry standards. It also means that the IRP contains technical and policy knowledge about the relevant laws, regulations, and contractual obligations such as data breach notification laws and industry-specific regulations.
Demonstrating effective governance means establishing multidisciplinary teams with cross-functional capabilities. This type of work structure requires senior management, IT teams, legal counsel, and compliance officers to work together to help you communicate with stakeholders about the cybersecurity breach and explain how the company manages it. Once the breach is found, it must be immediately contained, so rapid, effective communication is paramount.
Directions
Write a 10- to 12-page IRP. It must be well-structured and easy to understand. It should require regular review, updates, and testing. It also should ensure that employees understand how to recognize and report cybersecurity incidents promptly and accurately. If you discuss technology, it is fine to list options such as automated detection and response technology, or enhanced detection and response, for example. It is more important for the executive team and as a governance practice, however, that you also explain the complexitiesT of integrating ever-changing technology into a system or network. Your analysis should demonstrate how you plan to continually upgrade your practices and document them to show compliance.
You may create your IRP any way you choose, as long as all elements of the prompt are covered. The following is a recommended way to do it:
- Research: Before conducting research, read the prompts below. Review the Unit 2 Learning Resources. In Unit 1 Learning Resources, “The Ultimate Guide to Cybersecurity Planning for Businesses” is a good article on what businesses look at in considering a cybersecurity plan. Revisit the key federal documents or laws that govern responding to a data breach in your industry. You will not need to cite these laws, but you must explain which one governs your industry sector and what you must do to show compliance with the specific law. That explanation can be as simple as “United Health Care is in compliance with HIPAA data requirements, and our IRP team will review the checklist to make sure that we are managing personal health data and personal financial data under HIPAA regulations.”
- Outline: During and after the research phase, outline your IRP.
- Writing: Once you understand the topic, write out a plan for your industry. For many businesses, it is a new function to have a detailed strategy, a risk management approach, an IRP, and the incorporation of that into their governance structure in an extremely specific and tactical way. For that and other reasons, providing solid analysis to support your recommendations is critical for corporate and employee buy-in, so that the organization follows the requirements and so that you get a budget supported by other company divisions for your work.
Make sure that your IRP addresses each of the following prompts:
- Policies for data access, legal and regulatory requirements, and/or other industry standards:
- State and explain the organizational policies and procedures for data and information access.
- List and explain several legal and regulatory requirements that apply to your chosen industry.
- Provide additional information on a governing body and/or other industry standards that apply.
- Provide a detailed timeline of the various departments
in the organization with their corresponding roles and responsibilities to respond to an incident, including specific hours/weeks and other time-sensitive information needed for the response to be effective.
Map the business to key NIST or other industry best practices to demonstrate compliance:
- List company policies such as access control, recovery procedures, and restoration procedures, and analyze how to map them to NIST or another IR protocol
- Discuss improvements (e.g., continuous training, updated internal controls, buying software or hardware, and contracting with third-party vendors for additional monitoring), and analyze how they would help.
- List all the reporting that is required by either federal or state requirements after a breach, and analyze how other business departments (e.g., legal, HR, and finance) should be involved in the response.
Evidence of skills: Demonstrate your knowledge of incident management protocols, security awareness programs, and recovery planning.
Write the paper with an organized, logical flow of information. Cite authoritative sources sufficient to show that your analysis is based on the documents provided and other documents you find through your research. Please use a consistent citation style.
To remind yourself how to cite references, visit the Library’s APA Document Formatting (7th Edition) and APA 7th Edition Citation Examples.
Format
You may cite a case study and then use your IRP as an example of an ideal response to the breach.
The paper should be well organized and contain the following elements:
- A title page
- A table of contents
- An executive overview of the plan and response
- A description of the incident using a case study or scenario you create
- Key sections outlining major areas of focus and using your references to support your position
- Analysis of why your approach will work, including pros and cons based on industry standards
- A matrix with a timeline showing the business function or office, time frame to respond, action taken, and follow-up needed
- Recommendations and next steps for your organization
- A conclusion
- A References page
You may of course add other sections. Each section should have a title and contain a linking sentence to the prior paragraphs(s) so that the reader can logically follow your perspective. Keep in mind that an IRP needs a narrative component, a matrixed timeline of the response, and explanatory information about the tasks and roles for those unfamiliar with all the components. The executive team and the board must be able to see your executive overview as a coherent whole. They may not read your entire report. Each paragraph should have a clear topic sentence, several sentences that support that topic, and a concluding sentence that links to the paragraph that follows.
The following are sample matrix categories for your IRP response:
- Incident description if using a specific case study or situation
- Scope of the response and an explanation of the type of data you are concerned about
- List of the key dedicated response team members, their roles or responsibilities, timeline for response (e.g., first 24 hours/immediate, within 72 hours, first week, other milestones such as reporting updates over a specific period)
- Indication of the threat contained and internal and external intelligence sharing, with an explanation of how to coordinate this
- Mapping to regulatory requirements: A few key federal or state laws that govern breaches and the timeline and requirements for a response
- Mapping to company policies such as access control, recovery procedures, and restoration procedures
- Improvements such as continuous training, updated internal controls, buying software or hardware, and contracting with third-party vendors for additional monitoring
- Reporting (e.g., federal or state, insurance, or legal) requirements
Related; CJUS 840 Research Paper: Part 1 – Topic Selection with Research Questions Assignment Instructions
Order This Paper
Reviews
There are no reviews yet.