General IT policies
• The purpose and content of general security-related IT policies and their effectiveness,
including:
o understanding the requirements to prepare a cyber security policy using the
Plan-Do-Check-Act loop derived from part of the International Organization for
Standardization (ISO) 27001:2013
o organisation policies and their application, including policies on internet and email
use, security and password procedures, staff responsibilities, staff IT security training
o security audits and their application to check compliance against policies
o backup policy – selection of data, methods (full and incremental),
frequency and storage
o data protection policy – to ensure organisational compliance with the
relevant legislation.
Incident response policy
• The purpose and content of an incident response policy and associated procedures:
o assembling the Computer Security Incident Response Team (CSIRT), roles in the
team, including team leader, incident lead, associate members
o incident reporting procedures, including what constitutes a security incident,
and how to report it and to whom
o initial assessment of the incident, including identifying if this is a real incident,
the type of attack and its severity
o communicating the incident to the CSIRT and other relevant individuals
o containing the damage and minimising the risk
o protect people’s safety:
– protect sensitive data and other data, protecting the most valuable first
– protect hardware and software
– minimise disruption to computing resources
o identifying the type and severity of the compromise, including the nature of the
attack, its intent, its origin and the systems and files that have been compromised
o protecting evidence and creating backups for evidence and data recovery, including
the removal and storage of original hard disks
o notifying external agencies, if appropriate, and discussing options with legal
representatives, contact external agencies such as law enforcement, external security
and virus experts
o recovery of systems and identification of the point in time when the compromise
occurred and restore backups from before that point in time
o compile and organise incident documentation, including documentation created by
the CSIRT identifying the details of the breach and actions taken
o know the importance of preserving and collating documentation that may be needed
to prosecute offenders
o review outcomes to update policies and improve training.
Disaster recovery policy
• Understand the topics typically covered in a disaster recovery plan and their purpose:
o identification of critical systems, definitions of recovery time objective (RTO) and
recovery point objective (RPO)
o prevention, response and recovery strategies for critical systems, including:
– people responsible
– facilities and equipment required
– data backup location and format
– network connectivity and bandwidth
– suppliers of equipment and people
o definition of recovery procedures for each critical system
o disaster recovery plan structure following ISO 27031/24762 or other relevant
international equivalents, including:
– introduction
– roles and responsibilities
– incident response procedures
– activating the disaster recovery plan
– procedures to be followed.
Links to Learning Outcomes |
Links to Assessment criteria |
|
|---|---|---|
Anonymous Assessment - Learners assess an anonymous piece of work containing deliberate mistakes against given success criteria.