EZTrackIt

Version 4.2

Revised      Dec. 2021

INCIDENT RESPONSE PLAN

Introduction

EZTrackIt inc. has created, trained, and implemented this Incident Response Plan for ensuring that all robust processes and procedures are understood by the employees.  In this Information Security Incident Response Plan, EZTrackIt has laid out all actions and processes that should be followed, should an incident occur. This plan should act as a training guide and response step by step plan in the case of an incident.

This guide is written as a result of a gap analysis to see what security gaps there are at EZTrackIt, and has resulted in step by step instructions and actions plan that should occur to mitigate risk.  Each instruction shall be followed to provide fast and effective responses and mitigate further risks that could occur.  Each of the main parties/departments involved in each action is detailed in this document, along with specific roles and responsibilities of each.  Furthermore, each procedure has a dedicated outcome and mode of communication to the company and others.  In addition, the training plans for each person responsible are outlined.

Roles and Responsibilities

There are many people who have functions that need to occur when a security incident happens.  Each critical member of the team is detailed below.

Chief Information Security Officer- Role and responsibilities include: highest IT security personnel in EZTrackIt Inc. that is responsible for the total security, mitigation, and response to any security incidents.  This personnel should ensure that the Incident Response Plans are up to date and also comply with all company, IT, state, and legislative regulations. In addition, they must make sure to keep the plan up to date to include all new and potentially harming issues and responses.

Incident Response Liaison- This person is in charge of communicating down the incident response team to ensure all are updated.  They are to also act as a project manager, communicating with each party and level of the company to update the latest test status.

Information Owner – Responsibilities of this person or persons is to ensure that only necessary individuals have access to view and change important data.  They are to make sure that employees who do not need access to certain resources do not obtain access.  These personnel put in place strict guidelines for how to apply for access and what type of role a person can have.

User- The responsibilities of this group are to follow security protocol and make sure that if they are aware of a security incident that they communicate it to the right parties in the comp

Program

EZTrackIt’s Incident Response Plan consists of all information in this manual, as well as a more detailed policy and procedures that are located on the MUSA intranet.

Each policy and procedure will be reviewed and updated monthly to ensure that the information is the most up to date.  If a new incident occurs a week long review will be completed by the response team and policies and procedures will be updated, or created to ensure they will be mitigated or eliminated in the future.  The team will also have 30 days to create training and implement by business unit and user level.

The overall process steps in this plan are detailed below in chronological order.

Incident Realization

The analysts who monitor the security of the company data are responsible for noting when there is a security breach.  They must stop all they are doing and dig deeper into the incident and gather as much information as they can.  These incidents can include suspicious emails, activity, firewalls, encryptions, etc.

Classification

This process step includes digging more into the incident and getting more information on key elements of the incident, such as: who could be affected, how large is the problem, what kind of information could be compromised and who is needed in the process to correct the issue.

Decision Making

This step of the process is started about the incident is identified, classified, and now the steps forward must be discussed.  This is the step where all involved decide how urgent and how large the impact across the company could be.

Evidence Preparation and Forensics

Depending on the severity level of the incident, those involved will gather the data they can before opening back up the system for employees to continue their jobs.

Threat and Vulnerability Removal

If the incident is one that has already happened before and has processes created to fix issue, the process must be reviewed and updated to include new information and solution.  If there is no current incident process for said incident, then the group must come up with actions to remove the threat and ensure it is removed.

Restart Operation

All activity at company is restored, once it is established that the threat has been eliminated.

Out brief

Once incident is completed and all policies are updated, additional activities to log incident will commence.

Education and Training

During the onboarding process of all new employees, employees are required to read the incident response plan, as well as certify that they will ensure they act in the safest manner while working.  This certification that they will sign will also be completed yearly every year after.  In addition to the certification, each new employee must take basic computer security module testing by their 90^th day working.

Each year all employees will be assigned IT security training modules to complete quarterly.  The modules assigned will be specific to each employees job function and will be on issues that they may be confronted with.

Periodic awareness training and audits will also be conducted by the security team, at least 2x a year.  These audits will consist of ensuring the employee knows where security intranet site is as well as the actions they need to take if they come across an incident.

Communications

Due to the serious nature of incidents there are processes to follow for both internal and external communications.

For all external communications, they should be communicated by the spokesperson for EZTrackIt Inc.  If you are approached by media please send them to Patrick Weir, EZTrackIt Inc.’s spokesperson, patrick@eztrackit.com (347) 514-9905. Customer will receive a formal notification of the incident in the next 24 hours.

For all internal communication, the main POC should provide daily updates on incident response.

Implementation

The incident response plan will be reviewed quarterly and if there are any changes to be made, once approval through the organization is received, the plan will be updated.

New training modules will be developed 2x a year and will include topics that are most up to date.