IRP is a set of laid out instructions designed to give a fast, efficient, and organized response to the incidences of computer breach resulting from attacks, and unauthorized intrusion into both wired and wireless networks. IRP is an effective measure that organization employee with an aim of reducing losses that would otherwise result from data loss, and their recovery. In addition, in situations where data is lost, the process of compensating the customers can be weightier and as such require this effective security plans in place. In an event where an organization has no proper IRP in place, the detection of attacks may be difficult and following of the proper protocol that may help in the containment of the attacks as well as their recovery may be difficult in instances where a breach occurs. This paper focuses on the incident response plan (IRP) of both wired and wireless devices.
Overall purpose of Incident Response Plan
The main objective of Incident Response Plan is providing reliable guidelines for the security of secret messages in such a way that the organization is prepared for the unknown as well as the unknown. Furthermore, Incident Response provides a reliable method for identifying a security incident immediately when it occurs, allowing an organization to establish a series of best practices to stop an intrusion before it causes damage. Also, the IRP benefits an organization in providing an outline on how to reduce the time and the damages that result from a particular security incidence (Rouse, 2014). An effective IRP also streamlines the forensic analysis to add on quickening the recovery time. An IRP specifies the tools and technologies needed in order to recover any data that has been compromised through the attack. Moreover, an IRP should be that which defines the roles of various individuals within the security response team responsible for conducting tests on the plan as well as launching into action.
Recommended process for wireless device forensic data acquisition and examination
The basic idea of IRP is to expedite proper intermediate procedures which allow faster response and transfer of information more tightly. There are several incident Response Plan techniques used in wireless device forensic data acquisition and examination. In order to design these methods various factors such as imperceptibility, robustness, capacity, complexity, hiding and retrieving time, and modification of the data in wireless devices are taken into consideration (Lee, 2015).
These factors are very significant since they influence the capacity and detectability of the Incident Response Plan methods. Firstly, for effective Incident Response plan for wireless devices, login standards and procedures should be established. Secondly, systems should be configured to record the right events which should be monitored effectively.
Recommended process for the wired device forensic data acquisition and examination
For wired devices, Sufficient historical data should be maintained to prevent logs from being overwritten or insufficient storage space of the system. In addition, appropriate event logs should be available in a suitable format for investigators. In data acquisition of wireless devices, Firewall logs should be considered since they may store the source IP address that was used, whereas an application log may only contain a username (Lord, 2017).
A Network Intrusion Detection System sensor may also be put in place to detect a network security attack launched against the organization. In order to achieve various underlying characteristics, the proposed method attempts to strike the right balance between imperceptibility and capacity as the most fundamental requirements of through the design of a new edge Incident Response Plan method while incorporating the existing techniques.
Differences between the wireless/wired device acquisition, examination, and reporting processes
Wired devices involve high Speed of operation, higher System Bandwidth as Frequency Spectrum is an available resource, lower costs are incurred. Wired device networks are cumbersome and require more time to configure as compared to the installation of wireless network. The time used in the installation and configuration of the wireless devices is less making them to be advantageous over the corresponding wired devices. Wired devices are less mobile as its operation is only limited to the area where the connections are present. In addition, for effective network coverage in wired network, hubs and switches must be incorporated into the network which is not necessary with the wireless networks. On the other hand, the wireless network has a wide area coverage making it highly reliable.
In incident Response Plan for wired/wireless networks, Channel Interference and signal power loss should be more considered in wireless devices than in wired devices where the interference since the interaction of a particular wireless device is not influenced by the other. According to Lord (2017), wired devices are more reliable compared to the wireless owing to their long time existence and their increased performance as compared to the wireless. Reliability in the wireless network is questionable as a result of the unprecedented failure of the router which may have an impact on the whole system.
Stability is another area that has drawn more research as it focuses on enhancing the incident response plans efficiency by minimizing the various processes to be put in place. This reduction in the various processes enables the monitoring and immediate response to larger sections of the networks. A myriad of sources has come up to the conclusion that A wired connection is always more stable since the device would be connected to a router, or switch physically.
Overall conclusions reached
Due to the continuous evolution in the wired and wireless technology, businesses need to integrate incident response plans in their operations in order to secure their information and provide a faster means of assessing to various security breaches to be able to remain competitive in the market.