Incident Response Plan

a) Is the incident real or perceived b) Is the incident still in progress c) What data or property is threatened and how critical is it d) What is the impact on the business should the attack succeed Minimal, serious, or critical e) What system or systems are targeted, where are they located physically and on the network f) Is the incident inside the trusted network g) Is the response urgent h) Can the incident be quickly contained i) Will the response alert the attacker and do we care j) What type of incident is this Example: virus, worm, intrusion, abuse, damage.. b) Category two - A threat to sensitive data c) Category three - A threat to computer systems d) Category four - A disruption of services 8) Team members will establish and follow one of the following procedures basing their response on the incident assessment: a) Worm response procedure b) Virus response procedure c) System failure procedure d) Active intrusion response procedure - Is critical data at risk e) Inactive Intrusion response procedure f) System abuse procedure g) Property theft response procedure h) Website denial of service response procedure i) Database or file denial of service response procedure j) Spyware response procedure..