Chris Hopkins

May 27th

CYSE368

Reflection Paper 3

This week, I was tasked with assisting the Department of Information Technology (DIT) in developing their incident response plan. My responsibilities included referencing policy-to-procedures and risk-based vulnerability management frameworks. I was assigned to the blue team, which focused on both internal and external risk analysis and mitigation. Our objective was to create a comprehensive response plan tailored to the unique security needs of the City of Richmond, the main objective of this was to have a certified and issued “Red Book”; which is a ominiversal set of guidelines regarding incident response.

The incident response plan encompassed several critical components, including detailed procedures for user and computer management, event reporting, and tabletop response testing. These elements were designed to ensure that the DIT could effectively identify, respond to, and mitigate security incidents. By addressing both internal and external risks, we aimed to fortify the department’s overall security posture.

During the development process, we identified several critical chokepoints in the existing documents concerning security. These included a lack of quality policies, inconsistency in the application of these policies, and inadequate documentation. To address these issues, I focused on drafting clear, consistent policies and ensuring thorough documentation of all procedures. This effort was essential to provide a reliable reference for future security measures and to promote a culture of accountability and preparedness within the department. To enhance my understanding and effectiveness in this role, I was referred to NIST Special Publication 800-61 Rev. 2 also known as 800-62, which outlines best practices for incident response. Familiarizing myself with this document allowed me to align our response plan with established industry standards and the existing processes of the department. This knowledge was invaluable in ensuring that our approach was both comprehensive and compliant with recognized guidelines.

By integrating these components, we aimed to create an incident response plan that not only addressed current vulnerabilities but also provided a foundation for continuous improvement and adaptation. This assignment significantly enhanced my knowledge and skills in risk management and incident response, better preparing me for future challenges in information technology security.

Photos of the incident response plan diagram/team sections: 

Referenced Works

National Institute of Standards and Technology. Special Publication 800-61 Revision 2. Natl. Inst. Stand. Technol. Spec. Publ. 800-61 Revision 2, 79 pages, August 2012. NIST.SP.800-61r2.pdf