Incident Response Procedures
Purpose To ensure proper response to an emergency is carried out in a way that does not undermine the BCP (business continuity plan) but ensures a quick recovery and assessment of the emergency response.
Scope Incident response procedures are needed to ensure that proper steps are taking place to restore Laskondo Healthcare’s business back to normal. Without proper steps in place getting the buisness back
Policy Notification When there is a need for response to an incident the proper channels must be notified. The first step is to notify the hospital administrator and their immediate manager of the incident and fill out an incidence reporting form. The hospital administrator will then notify the proper department of the incident to start the incident response procedure. The immediate manager can then oversee and report any new or changing issues with the incident. When an incident is reported to the hospital administrator the administrator will notify the incident response team to begin incident response. The incident response team can contact the managers of the affected area(s) for any current updates to the incident. The incident response team will need to ascertain the classification and level of response needed to respond to the incident properly.
Incident Reporting Form The incidence reporting from will include the following information:
1. Name and contact information of person reporting the incident. 2. Date of the incident 3. The nature of the incident 4. Location of the incident and what was affected. 5. What/who was involved: people, equipment, etc. 6. How the incident was detected 7. Classification and threat level Incident Classification Every incident reported will need a classification. Classifications will help in assessing what areas the incident is affecting. This will allow for the proper set of steps to initiate fixing the incident. There will be 6 classifications. § Class 1: Patient, visitor, employee, vendor § Class 2: Communications § Class 3: Laskondo Healthcare infrastructure § Class 4: Transportation § Class 5: Data and information § Class 6: IT systems, hardware, and network Incident Threat Level The incident threat level will allow the incident response team to determine the threat level Laskondo Healthcare can expect. This will allow the incident response team to triage the incident accordingly. There are 3 threat levels colored accordingly. Level 1 is blue, level 2 is orange, and level 3 is red. § Level 1: No mission critical systems or resources are at risk. § Level 2: Mission critical systems or resources may be at risk. § Level 3: Mission-critical systems or resources are at risk.
IT Incidence and Response
Incidence Reporting Form When there is an incident involving Laskondo Healthcare’s data or information. The incident response team will need further information beyond the general incidence reporting form. The Form will need to include: § Type of equipment § Name of operating system and location § IP address (when possible) § Threat level (perceived) The incidence response team will then need to consider not just how to respond to the incident but also the impact it will have on their patients, vendors, employees, and volunteers. They will also consider how it will impact the Hospitals name. The incident response team may have to raise or lower the incident threat level based on this assessment. Three more things must be considered as well. § Was this an attack from outside or inside the network? § Is the incidence ongoing or just a one-time issue? § What type of incident is this, (worm, DDOS, virus, etc.)?
Possible Solutions Depending on the type of IT incident the incident response team will determine the type of forensic tools that will be used. Incident response team members can view system logs and security tapes. They may interview witnesses and help the appropriate authorities when necessary. If there has been a breach in system authorization passwords, then all thoes affected will need to create new passwords.
Post Incident Response The post incident response will include the incident response team and managers of the affected area(s). They will go over what happened, how it happened, and how it was resolved. This will help in mitigating a repeat of the incident in the future. There must be a file created that will include what the incident was, what was affected, what and how it was fixed, who was involved (both in the incidence response and who caused it), and any other pertinent information regarding the incident. Sensitive information may be redacted to preserve confidentiality if needed. The incident response team can suggest adding or changing the current incidence response form as needed based on the event of the incident. If changes are needed, then they will be updated following the conclusion of the incident.
Resources Beazley Breach Insights Incident Response Plan Template (n.d.) 10 Incident Response Plan in MS Word | Pages |Google Docs | PDF https://www.examples.com/business/plans/incident-response-plans.html
Definitions Data or Information - To include all information about Laskondo Healthcare’s buisness, PII, PHI, employee data, and all other information obtained by and though Laskondo Healthcare
Revision
|