Description
Assignment Details
The LMJ-Ad corporate management has been informed by the network administrative team there was a malware/ransomware attack and infection overnight requiring the incident response team to take immediate action. The infection came from a malware attachment on a phishing email, and was reported by a user with a priority trouble ticket. Initial interviews suggest the incident may have come from an internal employee.
- In this first phase of the incident response process the incident response team must perform an incident review. Describe in detail each item below as part of the initial investigative process only to be applied to this incident:
Step 1: Review of notes taken from user interviews
Step 2: Performing risk assessments
Step 3: Creating data collection checklists
Step 4: Creation of incident timelines and investigatory scope.
Step 5: Drafting of the forensics incident response plan
As part of your descriptions, provide the specific tasks that you need to perform for steps 1 through 5. In later Units we will discuss in detail the specific investigative approach to identify, collect, preserve, analyze, and report on the incident.
Prepare a 5-6 page Word document that is APA formatted. Be sure to include all necessary aspects.
Explanation & Answer
Please find attached. Let me know if you need edits.Cheers!😊
Outline
Introduction
Body
Conclusion
References
RUNNING HEAD: THE INCIDENT RESPONSE PROCESS
The incident response process
Student’s Name
Course Number – Name of Course
University Name
Instructor’s Name
1
THE INCIDENT RESPONSE PROCESS
2
The incident response process
An incident response process is a combination of procedures that help to identify,
investigate, and respond to any possible security incidence quickly and in a way that reduces its
impacts and supports quick recovery (Johnson, 2014). Organizations should regularly practice
Incidence response just like fire safety training so that in case of an attack, the incident is
managed properly. It is a multifaceted process that requires a myriad of expertise, and resources
from diverse departments of an organization (Johnson, 2014). In this case, the LMJ-Ad
corporate has discovered that its systems have been attacked by malware and the incidence
response team should take immediate action. In this paper, I will discuss how the response team
should carry out the incident review.
Step 1: Review of notes taken from user interviews
The first step, which the team should take, is to interview the users of the systems and
then review the interview notes. This is part of an investigation which involves finding who,
what, when, how and why (Johnson, 2014). It does not matter the methods used to investigate
the incident because the fact remains that we respond to an incidence caused by people. These
incidences are caused by people who use malware to steal information or destroy the system.
The main reason why I will conduct interviews is to find out which part of the system has been
affected and by whom. I will first identify the source of the breach and to do they need
information, which they can obtain from the system administrators, security staff and the user
with a priority trouble ticket who reported the incident. This would help them to determine how
they respond. The incident is suspected to have originated f...
Review
Review
