Conducting an Incident Response Investigation for a Suspicious Login

A suspicious login is investigated to check whether any malicious actions were made during the session. The session could still be active or logged out. Accordingly, this would be determined by a CIRT team per the organization’s CIRT plan. A CIRT plan is synchronized with an organization’s policy (Kamariza, 2017).

Incident Response Terms

CIRT and CIRT plans are standard terms in incident response activities (Villegas-Ch et al., 2021). A Computer Incident Response Team (CIRT) plan guides a team responding to a security incident. The plan is documented, outlining what should be done during an incident response. A CIRT team comprises persons who are skilled in different areas.

Information Systems Control Governance and Policy Enforcement Procedures

Effective communication is required to enforce controls and policies in an organization (Kamariza, 2017). This includes what is acceptable and not within an organization. Employees should be made to understand what is required of them and what happens if they do not perform what is required of them. Steps should be defined to verify if a policy violation has occurred. After verification of policy violation, punitive measures should be implemented. For example, security system controls are sharing passwords and not logging out of the system before leaving the workstation. This could be included in an organization’s policy. If an employee shares their password, keeps their system account running or exploits their performance, they will be punished. The punishment would be as stated in the organization’s policy.

System Security-related Incidents

A system security incident (resulting from technological or human actors) harms the system. The incident could originate within or outside the organization (Jouini et al., 2014). Also, it could be accidental or deliberate. An example is a suspicious login. A user with lower system rights could guess the user’s password with higher system rights and access sensitive information. This could be discovered by a system administrator checking on audit trails.

Another example is that of malware. Malware software could be installed in the system when a user clicks on unsecured links on the internet. Consequently, the malware could corrupt files in the design, making them inaccessible. The first user who notices the corrupt files could report this incident to the system administrator.

References

Jouini, M., Rabai, L. B., & Aissa, A. B. (2014). Classification of security threats in information systems. 5th International Conference on Ambient Systems, Networks and Technologies (ANT-2014). https://www.researchgate.net/publication/315714820_Classification_of_security_threats_in_information_systems

Kamariza, Y. (2017). Implementation of information security policies in public organizations: Top management as a success factor. http://www.diva-portal.org/smash/get/diva2:1154975/FULLTEXT01.pdf

Villegas-Ch, W., Ortiz-Garces, I., & Sánchez-Viteri, S. (2021). Proposal for an Implementation Guide for a Computer Security Incident Response Team on a University Campus. Computers, 10(102), 1-23. https://www.mdpi.com/2073-431X/10/8/102/pdf

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Question

Conducting an Incident Response Investigation for a Suspicious Login

Principles of Digital Forensic
report one page that discusses the elements listed below.
 Identify terms associated with incident response.
 Describe procedures for information systems control governance and policy enforcement.
 Describe system security-related incidents.
Remember to include an introduction for the written portion of the paper. APA formatting is required, and citations and references for any paraphrased material should be present. A minimum of one connection is needed for your assignment (it can be the textbook).