Assume control of the flow of activities. They must

Assume that you have been tasked by your employer to
develop an incident response plan. Create a list of stakeholders for the IR
planning committee. For each type of stakeholder, provide the reasons for
inclusion and the unique aspects or vision that you believe each of these
stakeholders will bring to the committee.

An Incident Response plan (IR plan) is a derailed set of
processes and procedures that are to be followed at the time of the incident.
It lays out a well-structured approach for handing any potential threat to the
information systems of an organization. A one liner definition of the plan
would be to anticipate, detect and mitigate the undesirable incident that might
compromise the information systems and assets of a company.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

The first step of the incident response planning is to begin
the staffing of the IR planning committee. We need to identify stakeholders,
the teams they represent, roles and responsibilities and their interest in
protecting the information services operations.  

IR Planning Committee




Christian Moreland

AVP (Information Services)

Key decision maker for identifying incidents, critical elements that
need protection, build response

Benjamin Vandenberg

AVP (Network Services)

Key decision maker for identifying incidents, critical elements that
need protection, build response

Karlyn Gibson

Sr Manager (Data Security)

Data Protection Plan

Rhonda Miller

AVP (Legal)

Legal guidance

Mark DuVernay

Manager (Human Resources)

Organization Commination plan in times of incident

Hiren Dave

Media Relations

Internal and External communication strategies


4 Cs Critical to Incident Response Plan


Command role should be understood by all staff and contractors (especially
those charged with executing recovery plans for the organization), as a
disastrous incident is not the time for independent actions by those
individuals wanting to “take charge and help”. All decisions relating to
emergency response, safety and security, as well as damage assessment, disaster
recovery and business unit restoration must be monitored and managed by the Incident
Management Team (IMT)


Having assessed the
situation and determined the appropriate emergency response and disaster recovery
strategies, the IMT must possess the information necessary to maintain control
of the flow of activities. They must understand what resources (people,
facilities, technology, equipment, and process capabilities) are available,
where they are available, and when they may become available.


The Incident
Management Team is responsible for implementing an emergency communications
system to allow situational updates to staff, management, ownership, key
stakeholders, customers, critical vendors, and business partners. The IMT is
the liaison with the public first responders, and must be available to answer
their questions regarding evacuation, facility structure, and possible presence
of hazardous materials.


Both the IMT
monitors the logistical needs of the organization during the time of emergency
response and disaster recovery, and assures that the necessary command posts,
emergency communications, recovery centers, and core infrastructure needs are
provided for organization.

Alert Levels

prompt and orderly mobilization of personnel and resources is necessary to
manage incidents. This plan uses a system of ascending alert levels which
closely parallels the classification schemes used by the United States
military, National Weather Service, and the Department of Homeland Security.
These alert levels are used to:


Inform personnel,


Set preparations in motion, and


Change the degree of awareness and the timeliness of the tactical
response when an incident is either anticipated or in progress.


levels are most-often used when preparing for a severe weather event (such as a
tropical storm) when there is advance notice of the incident and time to make
appropriate plans. In these cases the change in alert level is triggered by a
decision matrix which signals a new series of steps to be taken in advance of
the incident such as protecting the premise, backing up the computer network,
and evacuating the personnel. During most other events, the alert level can
switch from ‘Normal’ to ‘Crisis Imminent’ almost immediately.


Incident Management Team will determine the appropriate alert level for the
organization based upon the best information available. The four alert levels
are as follows:


(Level I)

A level I status indicates normal
operations at Molina. The local, national, and international news
and other available information warrant neither increased concern nor actions
beyond normal day-to-day security efforts.


Incident Watch (Level II)

A level II alert is established in response to:


An incident that disrupts some aspect
of Molina’s operations but can be controlled by on-duty personnel, or


In anticipation of a possible severe incident (Example:  5 days out from an
anticipated storm)


staff should be alert to indications of an imminent incident and immediately
notify the company’s Incident Management Team to take appropriate precautionary
or protective actions. Those personnel not in affected areas should continue to
perform normal functions but should watch for potential escalation of the

Examples include threat of severe weather presenting a risk of damage, initial
recognition of theft or vandalism within Molina’s facilities, a suspicious
package at the front desk, or a pattern of recent incidents in the area.


tasks might include:

of Incident Management Team to evaluate the situation, determine the correct
response, outline operational plans, and review procedures.


meeting to discuss expectations, procedures, emergency communications, and
answer any questions.


all work-in-progress to determine if the materials should be scanned and backed
up, or stored in fire-resistant safes.


Back up
all servers and move the backups to a secure off-site location.


critical vendors and place them on stand-by, as appropriate.


client communications advisory with instructions for clients to follow during
the emergency.


and test internal communications systems (text messaging, Email / website
alerts, toll-free announcement messages, teleconference bridges)





Warning (Level III)

A level III alert is established in response to:


An incident that cannot be controlled by on-duty personnel,


In some other manner which exceeds Molina’s capacity to respond or recover
without outside assistance, or


In anticipation of a incident which has been assessed as credible and
imminent. (Example:  3 days out from an anticipated storm)


Incident Management Team will review the situation and formally declare a Level
III Alert in anticipation of a major incident. At that time, Molina’s Incident
Management Team formally activate Molina’s Command Center which will be set-up
to collect information, disseminate official statements, and manage the
incident. Specific pre-defined Human Resources policies may be implemented at
this time. Key personnel travel will be managed to ensure availability of
decision-makers or their designated alternates.

Examples of incidents requiring the establishment of a Level III alert include:
severe weather presenting a significant threat to life and damage to Molina
facilities, a National Alert Level increase with imminent local impact,
outbreaks of violence, or credible threats to specific personnel, resources,
facilities, critical systems or infrastructure, significant or uncontrolled
fire damage, or presumptive identification of threatening personnel, objects,
or substances.


tasks might include:


staff to remove personal photos & things of value from individual work


and move all computers, faxes, & copy machines and electrical equipment
away from the windows. Close all outer doors.


rubber bands around telephone handsets to hold the receiver in place, cover deskset
units in plastic bags and store in desk drawers. Do not leave any phones


all furniture into inner areas of the building, cover desks & furniture
with plastic sheeting, roll-up any loose rugs, and close all office doors.


refrigerator & throw out all garbage. Arrange for trash pickup prior to the
storm. Unplug all vending machines and coffee makers.


all US Postal mail to Molina P.O. Box or alternate site. Have similar plans for
delivery services.


postage meter to Molina Command


time for staff members to go home and secure their houses, boats, motor homes,
etc. Be mindful that some staff will need to evacuate from low-lying coastal areas.


that some staff members will need to secure arrangements for children, other
family members, pets, and possibly elder relatives in need of assistance.


employees to:


personal “Grab n’ Go” boxes




phones, and


other appropriate items they deem necessary.


plywood ready to cover glass doors and windows, and have all tools and hardware
ready to go.


check of facility – interior and exterior.


Formally declare a disaster and invoke all business continuity
policies and emergency communications systems.


Formal declaration with all third party vendors:


Restorative Service Vendors


IT and Network Vendors


Hardware Vendors


Marketing Support Vendors



Crisis Imminent or Immediate
Response (Level IV) 


A level
IV alert is established in response to:


A severe incident which has been identified as credible and imminent. (Example: 
24 – 36 hours out for
a storm)


The duration, disruption, or projected fiscal impact meets the threshold
for declaring an imminent crisis to the business.


Command Center will be fully staffed and all personnel associated with the Incident
Management Team will be placed on active status. Circumstances may require
immediate extension of the workday for designated Personnel; deferment of days
off, holidays, scheduled training, and vacations; and requesting assistance
from outside organizations.

Appropriate additional notifications may include: local hospital liaisons,
local police or fire liaisons, California Department of Law Enforcement, FBI or
Secret Service Office, State Department Security, local, state and federal
government emergency management personnel, federal law enforcement officials at
other levels, Centers for Disease Control, etc.


tasks might include:


Sound the alarm and evacuate the premises.


Congregate at the appropriate meeting place outside of the
building to verify all employees are present and / or accounted for.


Implement the Emergency Communications Plan.


Check for injuries, and minimize injuries until professional
assistance arrives.


Call 911 as appropriate.