290 likes | 405 Vues
Understanding the integration of Incident Command System (ICS) into Information Technology (IT), covering roles and responsibilities, hierarchy, incident types, response phases, and testing methods. Learn about the structure, importance of assignation, and its applicability in various IT scenarios.
E N D
BC 32: How the Incident Command System fits into Information Technology Erika Voss, CORM Washington State Department of Corrections IT Security Group – BC/DR
Objectives • Definition of each role & responsibility of ICS for IT personnel • How to make technicians work in the structure • When is it important to assign ICS roles & responsibilities
National Incident Management System • National Response Framework • Incident Command System • Provides a unified setup • One goal, one mission • Same Language • Uniformity across the board
Incident Command System “ICS” • ICS was generated from the National Incident Management System (NIMS) in • ICS provides a command structure that can expand or extract during any type of incident • ICS allows for one person to manage the incident with experts working collaboratively for the end goal
Command Staff • Liaison Officer • Safety Officer • Communications Officer • Deputy Incident Commander
Incident Commander • Provides overall leadership for incident response. • Delegates authority to others. • Takes general direction from agency administrator/official. • Ensuring incident safety. • Providing information services to internal and external stakeholders. • Establishing and maintaining liaison with other agencies participating in the incident.
Communications Officer • Advises Incident Commander on Information • Media/Public Relations • Works in conjunction with Planning Chief • Establishes one line of communication • Ensures communication is up to date, accurate, and reported to necessary stakeholders
Liaison Officer • Coordinates efforts with external agencies, contractors, or vendor support • Works with Emergency Response Personnel • Emergency Operations Center
Safety Officer • Responsible for Worker Safety • Specialized skills to match specific disasters • Chemical Incident – Hazmat Expert • Radiation Incident – Detection & Exposure Limits • Works with Emergency Responders
Deputy Incident Commander • Perform specific tasks as requested by the Incident Commander. • Perform the incident command function in a relief capacity. • Represent an assisting agency that shares jurisdiction. • Is responsible for all activities and functions until delegated and assigned to staff. • Assesses need for staff. • Establishes incident objectives. • Directs staff to develop the Incident Action Plan
Section Chiefs • Operations Chief • Planning Chief • Logistics Chief • Finance / Admin Chief
Operations Chief • Coordinates operations to carry out the organizational / incident action plan • Directs resources • “Hub” of Incident Response
Planning Chief • Develops action plans • Collects information • Evaluates information to monitor progress • Works with Communication Officer • Central collection point for reports, data, personnel, etc.
Logistics Chief • Provides resources from all areas • Provides support to meet incident needs • Site of interagency coordination of assets and resources with operations and planning chief
Finance / Administrative Chief • Monitors the costs of the operation • Provides accounting figures and legal affairs • Ensures lodging is accounted for • Ensures meals and staffing hours are recorded • Provides expenditures and resources • Assists in the after action report
How many is too many? • 15 technicians in one room • 1 Chief Information Officer • 3 Deputy Chief Information Officer’s • Infrastructure Manager • Enterprise Network Manager • Chief Security Officer/CISO • Helpdesk/Desktop Support Manager
Types of Incidents • Pandemic Influenza • Natural Disaster • Technological Disaster • Data Center Build • Disaster Recovery • Incident Response • Continuity of Operations
When to Expand an Incident? • Law Enforcement ? • Vendor Support ? • US Cert ? • Computer Security Team • Critical Incident Review Team
Incident Response • Introduction • Report the Event • Validate and Prioritize • Organization and Structure • Containment • Recovery • Resolution
How do you test the ICS? • Orientations • Drills • Table Top Exercises • Simulation • Full Scale Exercise • On-line / E-Learning • Classroom Based / Workshop
Outside Resources • Vendors • Subject Matter Experts • Local Law Enforcement • Forensics Analysts • IT Security Experts
Wrap Up - Questions • Questions? • Comments? • Concerns? • Resources Available? • Additional Information
Thank You Erika Voss 206.817.9317 esvoss@yahoo.com