1

Incident Response Plan Draft

Marian Chukwudi Odum

MBA, Nexford University

MHY 6750: Module 4 - Assignment

Prof. Nicholas Bucciarelli

July 12th, 2023

 2

BACKGROUND

In order to develop an effective incident response plan, it is crucial to identify the "crown jewels" of

Guinness, which refers to the most critical assets and valuable applications that are vital for the

organization's operations. These are the assets that, if compromised or disrupted, could have a

significant impact on the organization's operations, reputation, or financial well-being. In this case, let's

consider the inventory management system as a mission-critical application for Guinness. The inventory

management system is a mission-critical application for Guinness as it plays a vital role in managing and

tracking the company's inventory. It is responsible for monitoring stock levels, tracking product

movement, and facilitating efficient supply chain operations. The system ensures that the right products

are available at the right time to meet customer demands, thus contributing to the smooth functioning of

the organization's overall operations.

DEVELOPING THE INCIDENT RESPONSE PLAN

1.) Introduction and Purpose of the Plan

The Cybersecurity Incident Response Plan serves as a comprehensive and structured framework

for effectively addressing and mitigating security incidents within an organization. The purpose of this

plan is to provide clear guidance and predefined procedures to the incident response team, enabling them

to detect, analyze, contain, eradicate, and recover from cybersecurity incidents while minimizing data

loss and mitigating the impact on organizational business operations. Developing and implementing an

incident response plan will help your business handle a data breach quickly, efficiently, and with

minimal damage done. (Ellis, 2017). In today's digital landscape, organizations face a wide range of

cyber threats, including malware infections, data breaches, network intrusions, and ransomware attacks.

These incidents can result in significant financial losses, reputational damage, legal implications, and

disruption of critical business operations. The plan outlines the key stakeholders, their roles and
 3

responsibilities, the incident handling process, and the necessary measures to be taken for risk

mitigation.

2.) Incident response team

Establishing a dedicated incident response team is essential to efficiently handle incidents. The

team should consist of individuals from relevant departments, such as IT, security, operations, and

management. Roles and responsibilities within the team should be clearly defined, including incident

coordinator, technical lead, communication lead, and documentation lead. Clearly define their duties and

authority during incident response.

3.) Incident response process

Cybersecurity incident response is not only about handling an incident – it’s also about preparing for any

possible incident and learning from it. (Pernet, 2022). Here are six steps for a successful and efficient

cybersecurity incident response.

 Preparation Phase

 Documenting the inventory management system’s infrastructure, dependencies, and potential

vulnerabilities.

 Conduct regular risk assessments and vulnerability scans to identify and address any

weaknesses.

 Developing incident response procedures and guidelines.

 Detection and Analysis Phase

 Implementing robust monitoring and detection systems to identify any potential incidents or

anomalies.

 Analyzing the nature and scope of the incident to determine its severity and impact on the

inventory management system.

 4

 Gathering evidence and documenting all relevant information.

 Containment, Eradication, and Recovery Phase

 Isolating and containing the affected system or application to prevent further damage or

unauthorized access.

 Investigating the root cause of the incident and taking appropriate measures to eradicate the

threat.

 Implementing a backup and recovery strategy to restore the inventory management system to

its normal state.

 Post-Incident Activity Phase

 Conduct a thorough post-incident analysis to identify lessons learned and areas for

improvement.

 Updating incident response procedures based on the findings from the analysis.

 Providing necessary reports to management, stakeholders, and regulatory authorities, if

applicable.

4.) Risk Factors and Mitigation Strategies

 System Downtime and regular patching updates - Any disruption or downtime of the

inventory management system can severely impact Guinness's operations, leading to delays in

order processing, inaccurate inventory levels, and potential customer dissatisfaction. Mitigation

strategies include implementing redundancy and failover mechanisms, conducting regular system

maintenance, Keeping the inventory management system up to date with the latest patches and

security updates, and having a backup plan for manual order processing if needed.

 Data Breaches and Security Threats - As the inventory management system stores sensitive

inventory and customer data, it is crucial to mitigate the risk of data breaches and security
 5

threats. Strategies include implementing strong access controls and multi-factor authentication to

ensure that only authorized personnel can access the application, encryption of data at rest and in

transit, regular security audits, and employee awareness programs to prevent phishing attacks

and ensure the secure handling of data

 Data Encryption and Integration challenges - The inventory management system may need to

integrate with other systems within Guinness's technology ecosystem, such as ERP systems,

point-of-sale systems, and e-commerce platforms. Proper planning, testing, and monitoring are

essential to ensure a smooth integration, data synchronization, and seamless flow of information.

Encrypting sensitive data within the inventory management system to protect against

unauthorized access or data breaches.

 Scalability and Performance - As Guinness grows, the inventory management system should

be scalable to handle increased product volumes, transactions, and user loads. Regular

performance testing, capacity planning, and infrastructure upgrades should be conducted to

ensure optimal system performance.

 Regular Backups - Implementing a robust backup strategy to ensure data can be restored in case

of data loss or system failures.

 Employee Awareness and Training - Just having an incident response plan won’t help you in a

data breach. Your employees need to be aware of the plan and be properly trained on what

they’re expected to do should they get breached. (Ellis, 2017). Conduct regular security

awareness programs and training sessions for employees to educate them about potential risks,

phishing attacks, and incident reporting procedures.

 6

By implementing robust risk mitigation strategies and having an effective incident response plan in

place, Guinness can minimize data loss, protect the integrity of its inventory management system, and

ensure minimal disruption to its business operations in the event of incidents or emergencies.

CONCLUSION

In today's complex and evolving cybersecurity landscape, organizations must be prepared to effectively

respond to security incidents. The Cybersecurity Incident Response Plan serves as a roadmap for

Guinness Nigeria, enabling them to navigate the challenges posed by cyber threats and protect their

critical assets. By implementing this plan, Guinness can detect incidents promptly, mitigate their impact,

and restore normal operations efficiently. Regular review, testing, and improvement of the plan are

crucial to adapt to emerging threats and maintain an effective incident response capability. They also

must subscribe to threat intel feeds and intel sharing across verticals, combining the capability to bring

people, processes, and technology together to respond to attackers. (Deb, 2019). With a well-prepared

and proactive incident response plan in place, Guinness can safeguard its operations, customer trust, and

reputation in the face of cybersecurity incidents.

References

Deb, A. K. (2019). Cybersecurity Incident Response and Managing Risk. Bank info security.com

https://www.bankinfosecurity.com/blogs/cybersecurity-incident-response-managing-risk-p-2734

Ellis, D. (2017). 6 Steps to Making an incident response plan. Security metrics.

https://www.securitymetrics.com/blog/6-steps-making-incident-response-plan

Pernet, C. (2022). Cybersecurity incident response: The 6 steps to success. Tech Republic.

https://www.techrepublic.com/article/cybersecurity-incident-response-the-6-steps-to-success/