Incident Project

M.A. MacLeod
Company X
Location: Austin
Product: Computer Software
Competitors: HP, Compaq, Dell

Risk Assessment
Incident Response Plan
Identification

Identification of an incident is the process of analyzing an event and determining if that event is
normal or if it is an incident. An incident is an adverse event and it usually implies either harm, or
the attempt to harm the <xxxx>. Events occur routinely and will be examined for impact. Those
showing either harm or intent to harm may be escalated to an incident.

<detail who is responsible for this step and the process that will be used>

The term incident refers to an adverse event impacting one or more <xxxx>s information assets
or to the threat of such an event Examples include but are not limited to the following:
Unauthorized use
Denial of Service
Malicious code
Network system failures (widespread)
Application system failures (widespread)
Unauthorized disclosure or loss of information
Information Security Breach
Other


Incident Response Plan (cont.)
Incidents can result from any of the following:
Intentional and unintentional acts
Actions of state employees
Actions of vendors or constituents
Actions of third parties
External or internal acts
Credit card fraud
Potential violations of Statewide or <xxxxx>s Policies
Natural disasters and power failures
Acts related to violence, warfare or terrorism
Serious wrongdoing
Other

DR Plan
Purpose
Mandatory
The purpose of this DRP document is twofold: first to capture all of the
information relevant to the enterprises ability to withstand a disaster,
and second to document the steps that the enterprise will follow if a
disaster occurs.
Note that in the event of a disaster the first priority of <<Organization
Name>> is to prevent the loss of life. Before any secondary measures
are undertaken, <<Organization Name>> will ensure that all
employees, and any other individuals on the organizations premises,
are safe and secure.
After all individuals have been brought to safety, the next goal of
<<Organization Name>> will be to enact the steps outlined in this DRP
to bring all of the organizations groups and departments back to
business-as-usual as quickly as possible. This includes:

DR Plan (cont.)
Edit this list to reflect your organization
Preventing the loss of the organizations
resources such as hardware, data and physical IT
assets
Minimizing downtime related to IT
Keeping the business running in the event of a
disaster

BCP Plan
Recovery Plan Phases
The activities necessary to recover from a <ORGANIZATION NAME> facilities
disaster or disruption will be divided into four phases. These phases will
follow each other sequentially in time.
1. Disaster Occurrence
This phase begins with the occurrence of the disaster event and continues
until a decision is made to activate the recovery plans. The major activities
that take place in this phase includes: emergency response measures,
notification of management, damage assessment activities, and declaration of
the disaster.
2. Plan Activation
In this phase, the Business Continuity Plans are put into effect. This phase
continues until the alternate facility is occupied, critical business functions
reestablished, and computer system service restored to <ORGANIZATION
NAME>s Departments. The major activities in this phase include: notification
and assembly of the recovery teams, implementation of interim procedures,
and relocation to the secondary facility/backup site, and re-establishment of
data communications.
BCP Plan (cont.)
3. Alternate Site Operations
This phase begins after secondary facility
operations are established and continues until the
primary facility is restored. The primary recovery
activities during this phase are backlog reduction
and alternate facility processing procedures.
4. Transition to Primary Site
This phase consists of any and all activities
necessary to make the transition back to a primary
facility location