290 likes | 401 Views
BC 32: How the Incident Command System fits into Information Technology. Erika Voss, CORM Washington State Department of Corrections IT Security Group – BC/DR. Objectives. Definition of each role & responsibility of ICS for IT personnel How to make technicians work in the structure
E N D
BC 32: How the Incident Command System fits into Information Technology Erika Voss, CORM Washington State Department of Corrections IT Security Group – BC/DR
Objectives • Definition of each role & responsibility of ICS for IT personnel • How to make technicians work in the structure • When is it important to assign ICS roles & responsibilities
National Incident Management System • National Response Framework • Incident Command System • Provides a unified setup • One goal, one mission • Same Language • Uniformity across the board
Incident Command System “ICS” • ICS was generated from the National Incident Management System (NIMS) in • ICS provides a command structure that can expand or extract during any type of incident • ICS allows for one person to manage the incident with experts working collaboratively for the end goal
Command Staff • Liaison Officer • Safety Officer • Communications Officer • Deputy Incident Commander
Incident Commander • Provides overall leadership for incident response. • Delegates authority to others. • Takes general direction from agency administrator/official. • Ensuring incident safety. • Providing information services to internal and external stakeholders. • Establishing and maintaining liaison with other agencies participating in the incident.
Communications Officer • Advises Incident Commander on Information • Media/Public Relations • Works in conjunction with Planning Chief • Establishes one line of communication • Ensures communication is up to date, accurate, and reported to necessary stakeholders
Liaison Officer • Coordinates efforts with external agencies, contractors, or vendor support • Works with Emergency Response Personnel • Emergency Operations Center
Safety Officer • Responsible for Worker Safety • Specialized skills to match specific disasters • Chemical Incident – Hazmat Expert • Radiation Incident – Detection & Exposure Limits • Works with Emergency Responders
Deputy Incident Commander • Perform specific tasks as requested by the Incident Commander. • Perform the incident command function in a relief capacity. • Represent an assisting agency that shares jurisdiction. • Is responsible for all activities and functions until delegated and assigned to staff. • Assesses need for staff. • Establishes incident objectives. • Directs staff to develop the Incident Action Plan
Section Chiefs • Operations Chief • Planning Chief • Logistics Chief • Finance / Admin Chief
Operations Chief • Coordinates operations to carry out the organizational / incident action plan • Directs resources • “Hub” of Incident Response
Planning Chief • Develops action plans • Collects information • Evaluates information to monitor progress • Works with Communication Officer • Central collection point for reports, data, personnel, etc.
Logistics Chief • Provides resources from all areas • Provides support to meet incident needs • Site of interagency coordination of assets and resources with operations and planning chief
Finance / Administrative Chief • Monitors the costs of the operation • Provides accounting figures and legal affairs • Ensures lodging is accounted for • Ensures meals and staffing hours are recorded • Provides expenditures and resources • Assists in the after action report
How many is too many? • 15 technicians in one room • 1 Chief Information Officer • 3 Deputy Chief Information Officer’s • Infrastructure Manager • Enterprise Network Manager • Chief Security Officer/CISO • Helpdesk/Desktop Support Manager
Types of Incidents • Pandemic Influenza • Natural Disaster • Technological Disaster • Data Center Build • Disaster Recovery • Incident Response • Continuity of Operations
When to Expand an Incident? • Law Enforcement ? • Vendor Support ? • US Cert ? • Computer Security Team • Critical Incident Review Team
Incident Response • Introduction • Report the Event • Validate and Prioritize • Organization and Structure • Containment • Recovery • Resolution
How do you test the ICS? • Orientations • Drills • Table Top Exercises • Simulation • Full Scale Exercise • On-line / E-Learning • Classroom Based / Workshop
Outside Resources • Vendors • Subject Matter Experts • Local Law Enforcement • Forensics Analysts • IT Security Experts
Wrap Up - Questions • Questions? • Comments? • Concerns? • Resources Available? • Additional Information
Thank You Erika Voss 206.817.9317 esvoss@yahoo.com