Chaston Carter05/30/17Statement of PolicyPurpose: This policy outlines the incident response protocols, disaster response protocols, accesscontrol protocols, and maintenance plan, which will serve as controls and guidelines to address instances of unauthorized access to CFZ information and also as response to disastrous events or conditions that might adversely impact operations at CFZ.Incident Response Protocol Incidence Response Protocols have become integral part of information technology and they are used for detecting and handling incidents, minimizing loss and destruction, mitigating weaknesses and restoring IT services (Cichonski et.al, 2012). The incident response process has several phases which includes preparation, detection & analysis, containment, eradication and re-covery and post incident activities (Cichonski et.al, 2012). The preparation phase attempts to limit or prevent the number of security incidence that might occur by selecting controls such as regular risk assessments, host security, network secu-rity, malware prevention, and implementing user awareness training etc. that will effectively re-duce the number of incidence occurring (Cichonski et.al, 2012).Detection and analysis phase uses precursors and indicators to monitor and analyze attack vectors such as external media, attrition, web, email, impersonation, improper usage or unautho-rized accesses etc. that can be used to propagate attacks against an organization. Some of the pre-cursors that have been put in place at CFZ includes:•Intrusion Detection and Prevention systems to identify and log suspicious events, alert the necessary response team and take automated mitigative actions;
•Security information and event management (SIEM) products to generate alerts based on the analysis of log data; •Antivirus and Anti-malware softwares to detect and prevent attacks from infecting the systems; •File integrity checker to detect changes to important files during attack incidents, and •Awareness programs for both internal and external users to keep them abreast of the latestattack incidents and to create a reporting route after anomalies have been identified (Ci-chonski et.al., 2012).The Containment, Eradication and Recovery phase is used to manage incident attacks before they overwhelm the system and result into more fatal damages, using predetermined procedures such as disabling system functions or shutting down the systems and disconnecting them from the network to mitigate the effects of any attack (Cichonski et.al, 2012). Finally the post incident activity phase is used by the organization or response team to reflecton the new threats and use lessons learned to improve on incident response plan (Cichonski et.al,2012).Within CFZ, the incident response plan created will be used in responding to a variety of potential threats such as:•Unauthorized access or unauthorized privilege escalation and data breaches, •Denial or Distributed Denial of Service Attacks, •Firewall Breaches, •Viruses and malware outbursts,•Theft or physical loss of equipment, and•Insider Threats (Rouse, 2014).