Framework for incident response process in Nigerian Postal Service

Abstract

As the dependant of organizations to Information Technology increases and government agencies reliance on private organizations to protect critical information infrastructure, National government in some quarters began not to merely outsource services from the private but to equally provide protection to information resources. Nigerian postal service (NIPOST) is a large government agency responsible for postal services in the country, following the government recommendations NIPOST partners with a number of private sector organizations to provide services to its customers. Incident response is a key aspect of information security and it is not well attended in most organizations, The focus of this study is to investigate the computer security incident response process in NIPOST, shared responsibility and coordinated incident response capability and how NIPOST utilizes the incident response teams to support its information security learning and a general support for cybersecurity protection. The project is a case study based with interviews, documentation and questionnaire as the key to improve NIPOST incident response process and any similar organisation to provide a knowledge feedback to the agency and the cybersecurity community at large through a collaborative workspace. A detail investigation was conducted in the second phase of the research, the investigation revealed that the organization incident response does not support learning from the past incident and there was no any collaboration with outside teams. The proposed enhanced framework supports incident learning and coordination between teams at all levels and this improves organizational learning and coordination, which finally improve cyber security. To validate the proposed enhanced framework, expert’s feedback through a questionnaire were analysed with modification of the initial result. This result can be improved to build a framework for national computer security incident response framework.