Incident Response and Management: NASA Information Security Incident Management
Total Page:16
File Type:pdf, Size:1020Kb
Information Security Handbook Incident Response and Management: NASA Information Security Incident Management ITS-HBK-2810.09-02 Effective Date: 20110824 Expiration Date: 20130824 Responsible Office: OCIO/Deputy CIO for Information Technology Security NASA Incident Response and Management Handbook (ITS‐HBK‐2810.09‐02) Contents 1.0 Introduction ............................................................................................................................................................................ 1 2.0 Incident Management Lifecycle Overview ................................................................................................................................ 2 3.0 Definition and Categorizations ................................................................................................................................................. 3 3.1 Definition of Incident ....................................................................................................................................................................... 3 3.2 Categorizations ................................................................................................................................................................................ 3 3.3 Indicators ......................................................................................................................................................................................... 3 3.4 Priority ............................................................................................................................................................................................. 3 3.5 Dispositions...................................................................................................................................................................................... 4 4.0 Incident Management Roles and Responsibilities ..................................................................................................................... 5 4.1 Overview .......................................................................................................................................................................................... 5 4.2 Core Incident Response Team Roles ................................................................................................................................................ 5 Center Privacy Manager (CPM) ......................................................................................................................................................... 5 Forensic Analyst (FA) ......................................................................................................................................................................... 5 Incident Response Manager (IRM) .................................................................................................................................................... 6 IT Technician (IT) ............................................................................................................................................................................... 7 Network Incident Analyst (NIA) ......................................................................................................................................................... 7 Technical Investigator (TI) ................................................................................................................................................................. 7 4.3 Auxiliary Incident Response Roles ................................................................................................................................................... 8 Information System Security Official (ISSO) ...................................................................................................................................... 8 Subject Matter Expert (SME) ............................................................................................................................................................. 8 4.4 Related Roles/Organizations ........................................................................................................................................................... 8 Center Chief Counsel ......................................................................................................................................................................... 8 Center Human Resources Employee Relations .................................................................................................................................. 8 Center Public Affairs Office ............................................................................................................................................................... 8 Computer Security Official (CSO) ....................................................................................................................................................... 8 Contracting Officer (CO)/ Contracting Officer’s Technical Representative (COTR) ........................................................................... 8 Incident Reporter .............................................................................................................................................................................. 9 Information System Owner (ISO)....................................................................................................................................................... 9 NASA Information Systems Network (NISN) Network Operations Center (NOC) .............................................................................. 9 NASA Security Operations Center (NASA SOC) .................................................................................................................................. 9 Office of the Inspector General (OIG ) ............................................................................................................................................... 9 Office of Protective Services (OPS ) ................................................................................................................................................... 9 Senior Agency Official for Privacy (SAOP) ......................................................................................................................................... 9 System Administrator/Service Provider ............................................................................................................................................. 9 United States Computer Emergency Response Team (US‐CERT) ...................................................................................................... 9 4.5 Incident Response Team .................................................................................................................................................................. 9 5.0 Incident Management Lifecycle .............................................................................................................................................. 12 5.1 Overview ........................................................................................................................................................................................ 12 5.2 Incident Preparation ...................................................................................................................................................................... 12 5.3 Incident Identification ................................................................................................................................................................... 12 a. Reporting a Suspected Incident ................................................................................................................................................... 12 b. Initial Response ........................................................................................................................................................................... 13 c. Categorizing and Prioritizing Incidents ........................................................................................................................................ 13 d. Additional Requirements for Specific Classes of Compromised Data .......................................................................................... 13 5.4 Incident Containment .................................................................................................................................................................... 13 a. Overview of Incident Containment .............................................................................................................................................. 13 b. Selection of a Containment Strategy ........................................................................................................................................... 13 5.5 Incident Eradication ....................................................................................................................................................................... 14 a. Overview of Incident Eradication ................................................................................................................................................ 14 b. Guidelines for Incident Eradication ............................................................................................................................................