1 / 29

Incident Command System in IT: Roles, Hierarchy & Testing

Understanding the integration of Incident Command System (ICS) into Information Technology (IT), covering roles and responsibilities, hierarchy, incident types, response phases, and testing methods. Learn about the structure, importance of assignation, and its applicability in various IT scenarios.

krista
Télécharger la présentation

Incident Command System in IT: Roles, Hierarchy & Testing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BC 32: How the Incident Command System fits into Information Technology Erika Voss, CORM Washington State Department of Corrections IT Security Group – BC/DR

  2. Objectives • Definition of each role & responsibility of ICS for IT personnel • How to make technicians work in the structure • When is it important to assign ICS roles & responsibilities

  3. National Incident Management System • National Response Framework • Incident Command System • Provides a unified setup • One goal, one mission • Same Language • Uniformity across the board

  4. Incident Command System “ICS” • ICS was generated from the National Incident Management System (NIMS) in • ICS provides a command structure that can expand or extract during any type of incident • ICS allows for one person to manage the incident with experts working collaboratively for the end goal

  5. Command Staff • Liaison Officer • Safety Officer • Communications Officer • Deputy Incident Commander

  6. Incident Commander • Provides overall leadership for incident response. • Delegates authority to others. • Takes general direction from agency administrator/official. • Ensuring incident safety. • Providing information services to internal and external stakeholders. • Establishing and maintaining liaison with other agencies participating in the incident.

  7. Communications Officer • Advises Incident Commander on Information • Media/Public Relations • Works in conjunction with Planning Chief • Establishes one line of communication • Ensures communication is up to date, accurate, and reported to necessary stakeholders

  8. Liaison Officer • Coordinates efforts with external agencies, contractors, or vendor support • Works with Emergency Response Personnel • Emergency Operations Center

  9. Safety Officer • Responsible for Worker Safety • Specialized skills to match specific disasters • Chemical Incident – Hazmat Expert • Radiation Incident – Detection & Exposure Limits • Works with Emergency Responders

  10. Deputy Incident Commander • Perform specific tasks as requested by the Incident Commander. • Perform the incident command function in a relief capacity. • Represent an assisting agency that shares jurisdiction. • Is responsible for all activities and functions until delegated and assigned to staff. • Assesses need for staff. • Establishes incident objectives. • Directs staff to develop the Incident Action Plan

  11. Section Chiefs • Operations Chief • Planning Chief • Logistics Chief • Finance / Admin Chief

  12. Operations Chief • Coordinates operations to carry out the organizational / incident action plan • Directs resources • “Hub” of Incident Response

  13. Planning Chief • Develops action plans • Collects information • Evaluates information to monitor progress • Works with Communication Officer • Central collection point for reports, data, personnel, etc.

  14. Logistics Chief • Provides resources from all areas • Provides support to meet incident needs • Site of interagency coordination of assets and resources with operations and planning chief

  15. Finance / Administrative Chief • Monitors the costs of the operation • Provides accounting figures and legal affairs • Ensures lodging is accounted for • Ensures meals and staffing hours are recorded • Provides expenditures and resources • Assists in the after action report

  16. How many is too many? • 15 technicians in one room • 1 Chief Information Officer • 3 Deputy Chief Information Officer’s • Infrastructure Manager • Enterprise Network Manager • Chief Security Officer/CISO • Helpdesk/Desktop Support Manager

  17. Types of Incidents • Pandemic Influenza • Natural Disaster • Technological Disaster • Data Center Build • Disaster Recovery • Incident Response • Continuity of Operations

  18. When to Expand an Incident? • Law Enforcement ? • Vendor Support ? • US Cert ? • Computer Security Team • Critical Incident Review Team

  19. Incident Response • Introduction • Report the Event • Validate and Prioritize • Organization and Structure • Containment • Recovery • Resolution

  20. ICS HierarchyInitial Response Framework

  21. Incident Command Org Chart – Full Scale Response

  22. How do you test the ICS? • Orientations • Drills • Table Top Exercises • Simulation • Full Scale Exercise • On-line / E-Learning • Classroom Based / Workshop

  23. Outside Resources • Vendors • Subject Matter Experts • Local Law Enforcement • Forensics Analysts • IT Security Experts

  24. Call Center Technician Structure

  25. Network Services

  26. Operational Security

  27. Application Infrastructure

  28. Wrap Up - Questions • Questions? • Comments? • Concerns? • Resources Available? • Additional Information

  29. Thank You Erika Voss 206.817.9317 esvoss@yahoo.com

More Related