The NRL IS Security Course Handbook

Incidence/Emergency Response Activities

Incidents involving self replicating-computer viruses in computer systems and networks, and crackers/hackers gaining access to systems via the networks have underscored the need for improved NRL- wide coordination and support. The IS Security Group works closely with other federal agencies to coordinate identification and response efforts when acute computer and telecommunications security incidents are detected.
The NRL IS Security Group has developed a plan of action to be followed when various IS security related incidences occur. The NRL Incident Control Handbook covers both what to do in the event of an incident occurrence and the Group's contact point responsible. Incident response planning (break-ins and asses loss), virus control, remanence control, software piracy, and software write protection control are all part of this control effort.

Operational Incidences

Major natural disasters including earthquakes, tornadoes, floods, fires, etc. can create any of a number of IS operational incidences. Incidences can also occur from intentional actions such as bombs, terrorist and virus attacks, and also from equipment failures such as power or cable problems. With such a varied range of major and minor incidences to address, some recovery strategies can be applied to all incidence types, while other strategies must be incidence specific.

Determination of a Major Incidence

When a major incident occurs, the NRL Labwide Disaster Response Plan details procedures for plan initiation and recovery. This contingency plan is in accordance with OPNAVINST 5239.1A. The NRL IS Security Group has no function under such conditions except as identified herein. The IS Security Group is responsible for identifying the location and capability of equivalent processing resources when an incident causes the loss of an individual IS .

Recovering Essential Processing Resources (if applicable)

To recover from an event which could affect multiple IS computing resources at NRL, the principal requirement will be to recover the capability to perform equivalent processing capability in the shortest possible time period after the incident. The second requirement will be to recover with the least economic burden. This recovery capability could take the form of either stand-alone processing or network resources and operations. Most incidences will not be large enough to require full implementation of the response plan.