Developing an Agency Incident Response Process
1.0 | Identification Data |
1.1 | BSP Number |
00015 | |
1.2 | BSP Title/Name |
Developing an Agency Incident Response Process | |
1.3 | Version Number |
1.0 | |
1.4 | Adoption Date |
02/20/2001 | |
1.5 | Approving Authority |
CIO Council Security Practices Subcommittee | |
1.6 | Responsible Organization |
Social Security Administration, OFAM, Office of Financial Policy and Operations (OFPO), Office of Information Systems Security (OISS) | |
1.7 | Level of BSP |
Candidate | |
1.8 | Security Processes or other Framework(s) Supported |
BSP
Security Process Framework, Section 7, Incident Response (C&A).
NIST SP 800-14, Section 3.7, Computer Security Incident Handling SSE-CMM, Security Base Practice PA08, Monitor Security Posture | |
1.9 | Reserved |
1.10 | Points of Contact |
Government
BSP Owner:
| |
2.0 | What This BSP Does |
2.1 | BSP's Purpose |
This process has made it possible for the SSA to respond quickly and effectively to attempts to compromise our systems resources. | |
2.2 | Requirements for this BSP |
Office of the President
| |
2.3 | Success Stories |
The Social Security Administration has successfully used our Incident Response Process to deal with multiple security incidents. Additional information can be provided to Federal Agency Information Systems Security Officers through the process outlined in Section 3.1, below. | |
3.0 | What This BSP Is |
3.1 | Description of BSP |
Providing a BSP for incident response is a challenge, since for obvious reasons, we cannot post our incident response procedures to an open web site, but the openness of the BSP process is the feature that makes it most useful to individuals searching for effective security practices. As a result, we have come up with the following compromise that we hope will prove effective: |
3.1.1 | Inputs
|
3.2 | Relationship to Other BSPs |
BSP 00007, Incident Handling at BMDO, offers the procedures of a small office. | |
4.0 | How To Use This BSP |
4.1 | Implementation Guidance |
| |
Appendices | |
A | Executive Overview and Briefing |
None applicable | |
B | Reference List |
National Institute of Standards and Technology, Information Technology Laboratory (ITL) Bulletin, "Computer Attacks, What They Are and How to Defend Against Them", May 1999 | |
FEDCIRC Security Document Index Understanding Incident Response | |
C | Procurement Information |
None Applicable | |
D | Evaluation Information |
None Applicable | |
E | Recommended Changes |
None Applicable |