MSN Home  |  My MSN  |  Hotmail
Sign in to Windows Live ID Web Search:   
go to MSNGroups 
Free Forum Hosting
 
Important Announcement Important Announcement
The MSN Groups service will close in February 2009. You can move your group to Multiply, MSN’s partner for online groups. Learn More
Chat Cops[email protected] 
  
What's New
  
  Remembering 9/11  
  Welcome to Chatcops  
  ChatCop Rules  
  Support Our Troops  
  Officer Down  
  Fallen Guardian Angels  
  General  
  Our Guest Book  
  Site Map  
  ~ Nikita ~  
  ~ Queeni ~  
  9/11 Tributes  
  ChatCops Sister Group  
  The Cops Prayer  
  K9 Prayer  
  Members Profile  
  Our Birthdays  
  Important Dates  
  ChatCop Awards  
  Pictures  
  Cop Graphics  
  Cop Humour  
  Drug Information  
  America's Most Wanted  
  Most Wanted Terrorists  
  FBI Most Wanted List  
  Sex Offenders in Your Area  
  THE SENIOR STAFF  
  SUPERVISOR RANKS  
  CHATCOPS INCIDENT RESPONSE CENTER  
  CHATCOPS INTERNET RESPONSE TEAM MISSION STATEMENT  
  CIRT PHASES  
  CIRT REPORTING FORM  
  ACTIVE DUTY OFFICERS  
  PATROLMAN RANKS  
  Police Around The World  
  Links  
  Cop News from Around the World  
    
  Snaggables  
  Handy Household Hints  
  THREAT ASSESMENT CHART  
  ChatCops Juke Box  
  CHATROOM PATROL OFFICER REQUIREMENTS  
  CODES OF CONDUCT  
  
  
  Tools  
 

MY experience shows that without management approval and support, creating an effective incident response team can be extremely difficult and problematic. This support must be shown in numerous ways, including the provision of resources,  and time, to the  group of officers who will act as the  team for implementing the CRT. This also includes senoir staff & managers and their officers committing time to participate in this planning process; their input is essential during the design effort.

It is important to have management's expectations and perceptions of the CRT's function and responsibilities. Without this information, a team may be built whose services and authority are not understood or appropriately used by the rest of the group.

Along with obtaining management support for the planning and implementation process, it is equally important to get management commitment to sustain CRT operations and authority for the long term. Once the team is established, how is it maintained and expanded with  personnel, and  resources? Will the role and authority of the CRT continue to be backed by management across the various constituencies or parent organization?YES, Without this continued support the CRT's long-term success may be in jeopardy.

Step 2: Determining the CRT Development Strategic Plan

I   have Thought about how to manage the development of the CRT. What administrative issues must be dealt with, and what project management issues must be addressed

  • Are there specific timeframes to be met?not as of yet, Are they realistic, and if not, can they be changed? yes & no
  • Is there a CRT TEAM IN PLACE?  Where do the group members come from? I want to ensure that all officers are represented. Some may not be on the team for the whole project, but brought in to provide subject matter expertise and input as needed. I also want to incorporate best practices in project management, organizational behavior theory, and communications theory into my plan. If anyone has a background in these areas, i will  consider having them  on the team.
  • How do you let the senior staff know about the development of the CRT? A memo sent from myself  announcing the project and asking each officer  to provide assistance in any way possible . Letting the senior staff know about the plan for a CRT in the early stages of development can help staff feel they are part of the design process.
  • once i have a   team, i will  record and communicate the information i am collecting, especially if the team is geographically dispersed

Step 3: Gathering Relevant Information

CRT will gather information to determine the incident response and  needs that the response dictates .EVERY night i will  take a look at the types of incident activity currently being reported within your command. This helps determine not only what type of help to offer but also the types of skills and expertise the CRT staff will need. For example, if CHAT COPS  has been the victim of computer virus or worm activity, I will need staff with virus experience to handle the response. I will also have virus scanning, elimination, and recovery procedures, along with the appropriate anti-virus tools. I  want people with good training and documentation skills(which i will provide for u) to help develop user awareness programs as a proactive step in dealing with virus activity.

I  know what to identify & what information i need to know to plan and implement the CRT. I will determine who has that information and how best to elicit that information, either through general discussions or interviews or by making them part of the team.

I will meet with CRT officers to discuss not only their incident response needs, but to achieve an initial consensus on the expectations, strategic direction, definitions, and responsibilities of the CRT. MY definition of what a CRT is and does may be very different from officers definition or the definition of another part of CHAT COPS.I will  use these discussions with the officers to outline and identify how each officer will need to interact with the CRT. The CRT team officers  could include but are not limited to

  •  managers. They need to understand what the CRT is and how it can help support CHAT COP processes. Agreements must be made concerning the CRT's authority over CHAT COPS GROUP  and who will make decisions if critical systems get disconnected from the network or shut down.
  • Representatives from CHAT COPS. How does the senior staff and the CRT interact? What actions are taken by senior staff and what actions are taken by CRT members during response operations?  the CRT must have easy access to network and systems logs for analysis purposes.(we can get this from MSN) The CRT must be able to make recommendations to improve the security of the organizational infrastructure of CHAT COPS 
  • Any existing MSN groups, including physical security. The CRT will need to exchange information with these groups about computer incidents and may share responsibility with them for resolving issues involving computer or data theft.
  • CRT SPECIALTIES. They can help develop threat  and vulnerability assessments, along with encouraging computer security best practices across the CHAT COPS organization.
  • General representatives from the patrolmen , CRT will &  can provide insight into their needs and requirements.

CRT OFFICERS  include anyone who will be involved in the incident-handling or notification process.I will think about who will need to be notified during different types of  incidents. There are officers in other parts of CHAT COPS organization   who can provide information or input to the CRT or with whom the CRT will need to share or obtain information. These may include other parts of the  security departments, including any other MSN groups doing vulnerability assessments, intrusion detection, or network monitoring. Knowing what the CRT will need to do will help me identify the right people to be involved in developing the procedures.

THERE may also be some resources available for review that will help in my information gathering. These may include

  • MSN systems and networks
  • critical system and risk assesment 
  • existing disaster-recovery  plans
  • existing guidelines for notifying the SENIOR STAFF  of a physical security breach
  • any existing incident-response plans
  •  any existing security policies and procedures

Reviewing these documents serves a dual purpose: first, to identify existing  resources, and second, to provide an overview of existing policies to which the CRT must adhere. As a bonus, these documents may contain text that can be adapted when developing CRT policies, procedures, or documentation. They may also include general notification lists of SENIOR STAFF who must be contacted during emergencies. Such lists may be adapted for CRT work and processes.

In addition,  CRT OFFICERS will investigate what similar groups are doing to provide incident handling services . I  have contacts at these organizations,i will  see if i  can talk to them about how their team was formed.I will  take a look at other CRTs' web sites, and check their missions, charters,  and service listing. This may give me ideas for organizing my team. I  will review any books or other publications about incident handling or CRTs. 

I WILL  attend to your online  courses & MSN messenger  conferences that include sessions for developing incident response strategies . These venues can provide us with opportunities to exchange ideas .

Step 4: Designing MY CRT Vision

As the information gathered brings to the forefront the incident response needs of the team and as we build our understanding of management expectations, WE can begin to identify the key components of the CRT. This allows me to define the vision for the CRT and its goals and functions. I need both management and officer support of these goals and functions for the CRT to be successful.

It is important to achieve clear agreement on the definition and expectations for the CRT being formed. What the CRT staff thinks the team will do and what the managers and officers think the CRT will do may be completely different. A number of officers have the perception that a CRT is a "cyber cop" for CHAT COPS. While this may be true it  is not generally the main focus of a CRT. The main focus is to prevent and respond to incidents involving any percieved threat to the chat cops group or chat rooms. The vision for the CRT will include a clear explanation of where these CRT functions fit into the current CHAT COPS structure and how the CRT interacts with its officers. The vision explains what benefits the CRT provides, what processes it enacts, who it coordinates with, and how it performs its response activities.

In creating my team ,I will identify my officers . Who does the CRT support and service.

  • I will determine the organizational model. How  the CRT structured and organized.
  • I will identify required resources. What staff, equipment, and infrastructure is needed to operate the CRT

Step 5: Communicating the CRT Vision

I will communicate the CRT vision and operational plan to management, my officers , and SENIOR STAFF who need to know and understand its operations. As appropriate, make adjustments to the plan based on their feedback.

Communicating my vision in advance will help identify process or organizational problems before implementation. It is a way to let officers know what is coming and allow them to provide input into CRT development. This is the way i begin marketing the CRT to the chat cop officers and gaining the needed input from all organizational levels.

I may receive information that was missed or not available during the information-gathering stage. I will use this information and input to make any final adjustments to the CRT organizational structure and processes.

Step 6: Begining CRT Implementation

Once management and officers input is obtained for the vision,i will  begin the implementation:

  • I  will oversee & train initial CRT officers.
  •  I will develop the initial set of CRT policies and procedures to support CRT actions.
  • I will define the specificiations for and build our incident-tracking system.
  • I will develop incident-reporting guidelines and forms for CHAT COP officers .

A main resource i will need for our CRT is your incident-reporting guidelines. These guidelines define how CHAT COP officers interact with  CRT, what constitutes an incident, what types of incidents to report, who should report an incident, why an incident should be reported, the process for reporting an incident, and the process for responding to an incident. They should be clear and understandable by the officers being served.

The process for reporting an incident includes a detailed description of the mechanisms for submitting reports: phone, email, web form, or some other mechanism. It  also include details about what type of information should be included in the report.

The process for responding to an incident details how the CRT prioritizes and handles received reports. This includes how the person reporting an incident is notified of its resolution, any response timeframes that must be followed, and any other notification that occurs.

Step 7: Announcing  CRT

When the CRT is operational,i will announce it broadly to the SENIOR STAFF . I will include the contact information and hours of operation for the CRT in the announcement. This is an excellent time to make available the CRT incident-reporting guidelines. I may also want to develop information to publicize the CRT, such as a simple flyer or brochure outlining the CRT mission and services,(this hasnt been authorized by the senior staff yet) which can be distributed with the announcement.  .

Step 8: Evaluating the Effectiveness of the CRT

Once the CRT has been in operation for a while, SENIOR STAFF will want to determine the effectiveness of the team and use evaluation results to improve CRT processes and ensure that the team is meeting the needs of the group. The CRT, in conjunction with SENIOR STAFF  and the officers, will need to develop a mechanism to perform such an evaluation.

Information on effectiveness can be gathered through a variety of feedback mechanisms, including

  • general discussions with CRT MEMBERS & OFFICERS 
  • evaluation surveys distributed to CRT officers on a periodic basis
  • creation of a set of criteria or quality parameters that is then used by an audit  to evaluate the team

I will review previously collected information on the state of the officers or CHAT COPS before the implementation of the team. This information can be used as a baseline in determining the effect of the CRT on the group. Information or comparison may include

  • number of reported incidents
  • response time  of an incident
  • number of incidents successfully resolved
  • information reported to the CRT about computer security issues or ongoing activity
  • attentiveness to security issues within the organization
  • preventative techniques and security practices in place

 

Remember that Patience Can Be a Key

The length of time it will take me to design, plan, and implement a CRT team will vary with each organizational situation.  It is important to realize that it can take about 12-18 months to work out the processes and procedures, especially for a group like CHAT COPS . After the team is operational, it can take another 12-18 months to obtain a good level of trust and comfort with our group . WE may show a large growth in the number of incidents reported over our first year of operation. The  longer we are in operation, the more our group will understand the work we are doing and the more likely that they will report to you.

This resource may provide additional insight:

  • Avoiding the Trial-by-Fire Approach to Security Incidents
    This article discusses the importance of having an organized and defined process for detecting and responding to computer & internet security incidents.

  • THANK YOU FOR READING MY THOUGHTS ON THIS
  • COMMAND SARGENT MAJOR OF CHAT COPS RANGER_75