Scribd
Upload
52 views

Incident Handling Response Plan-Example

The document outlines an incident handling and response plan for an agency's law enforcement information systems. It establishes procedures for adequate preparation, detection, analysis, containment, recovery and response to security incidents. This includes promptly reporting incidents to the appropriate authorities and security point of contact. Reporting procedures for suspected or actual security breaches include changing passwords and immediately notifying the security point of contact. The document also provides procedures for virus reporting and collecting security incident information to complete an incident response form.

Uploaded by

Charag E Zindgi
Copyright
© © All Rights Reserved
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
52 views

Incident Handling Response Plan-Example

The document outlines an incident handling and response plan for an agency's law enforcement information systems. It establishes procedures for adequate preparation, detection, analysis, containment, recovery and response to security incidents. This includes promptly reporting incidents to the appropriate authorities and security point of contact. Reporting procedures for suspected or actual security breaches include changing passwords and immediately notifying the security point of contact. The document also provides procedures for virus reporting and collecting security incident information to complete an incident response form.

Uploaded by

Charag E Zindgi
Copyright
© © All Rights Reserved
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 3

Agency’s Name Incident Handling and Response Plan Date:

LEDS Security Incident Response Plan - There has been an increase in the number of accidental
or malicious computer attacks against both government and private agencies, regardless of
whether the systems are high or low profile. The following establishes an operational incident
handling procedure for Agency’s Name CJIS, NCIC, and LEDS information systems that includes
adequate preparation, detection, analysis, containment, recovery, and user response activities;
track, document, and report incidents to appropriate Agency’s Name personnel and/or
authorities. Agency’s TAC/LASO/Chief/Sheriff is the department’s point-of-contact for security-
related issues and will ensure the incident response reporting procedures are initiated at the
local level.

Reporting Information Security Events - The department will promptly report incident
information to appropriate authorities. Information security events and weaknesses associated
with information systems shall be communicated in a manner allowing timely corrective action
to be taken. Formal event reporting and escalation procedures shall be in place. Wherever
feasible, the department will use email to expedite the reporting of security incidents. All
Dispatchers will be made aware of the procedures for reporting the different types of event and
weakness that might have an impact on the security of agency assets and are required to report
any information security events and weaknesses as quickly as possible to the security point-of-
contact.

Reporting Procedures for Suspected and Actual Security Breaches:

• If you become aware of any policy violation or suspect that your password may have been used
by someone else, first, change your password and, then, report the violation immediately to the
security point-of-contact.

Virus Reporting Procedures and Collection of Security Incident Information:

• Upon identifying a problem, disconnect the network cable.

• Notify XXXXXXXXX and the appropriate Chain-of-Command.

• Notify XXXXXXXXX Local Information Technology Security Administrator.

• Notify OSP CJIS ISO at (503) 378-3055, Ext. 55002.

• Identify who will run your traffic in the meantime while you fix the problem.

478650258.doc Page 1 of 3 6/2013


• Notify Contractor(s) of situation if required.

• Compile information for completing an IT Security Incident Response Form (also


attached in word & pdf).

• Suspected cause for incident (Name, virus, etc.)

• Was Antivirus software running at the time of infection?

• How and when the problem was first identified?

• Has Local IT staff been notified/are they involved?

• Number of workstations infected?

• Any other equipment infected?

• Action plan for removal.

• Will infected workstations be re-imaged before reconnection?

• When was the last update of signature files?

• When was the last operating system update?

• Was any CJIS data or personnel identification information compromised?

• The LEDS system will remain disconnected from NLETS until XXXXXXXXXX can guarantee
your systems are free from virus infection.

• Once free from infection and given clearance by the OSP CJIS ISO, the system can be
reconnected to LEDS and NLETS.

478650258.doc Page 2 of 3 6/2013


LEDS SECURITY INCIDENT RESPONSE FORM
REPORTING FORM

DATE OF REPORT: DATE OF INCIDENT:

REPORTING PERSON:

PHONE/EXT/E-MAIL:

LOCATION(S) OF INCIDENT:

SYSTEM(S) AFFECTED:

METHOD OF DETECTION:

NATURE OF INCIDENT:

INCIDENT DESCRIPTION:

ACTIONS TAKEN/RESOLUTION:

PERSONS NOTIFIED:

478650258.doc Page 3 of 3 6/2013

You might also like