Computer Security Incident

Anonymous
timer Asked: Feb 25th, 2019
account_balance_wallet $50

Question Description

I have completed till definition of incidents, i need help in answering questions from procedure section according to the given requirements in the attached document

Attachment preview


Incident Response Paper (Individual Grade)

Using NIST’s SP 800-61 “Computer Security Incident Handling Guide), each student in the team will select a different risk from the Risk Assessment, or select a scenario from the NIST SP 800-61, Appendix A-2 Scenarios and will answer the questions in Section A.1 Scenario Questions to include: Preparation, Detection and Analysis, Containment, Eradication, and Recovery, Post-Incident Activity, General Questions specific to the risk.   Students are encouraged to work individually on their scenario, but bounce questions off of team members if they hit a question they cannot address. Your textbook also has information about security tools and controls that can be referenced here to help with the procedures.

Using NIST’s SP 800-61 “Computer Security Incident Handling Guide), develop an Incident Response Plan (IRP) that will include your Scenario in the Procedures Section.  Google and find other actual IRPs on the Internet and review to see what type of information is included. At a minimum, your plan should include the following sections (each section, other than procedures, only needs to be a couple of sentences in length – students are graded individually on the Procedures section).  Students will submit their IRP, including the common team portion for individual grading.


Roles:  who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP? 


Training: specify a training frequency


Incidents:  What defines an “incident”? Define some security incidents that you may encounter on your network.


Incident Notification: What happens when an incident is detected?


Reporting/tracking:  How will you report and track incidents? What about capturing “lessons learned”?


Procedures (Individual Sections – Identify the name of the student in the paper who prepared their section)


Risk:  (Identify the Risk from the Risk Assessment Table by Number and Name of Student)


 Preparation


 Detection and Analysis


 Containment


 Eradication


 Recovery


 Post-Incident Activity  





Incident Response Paper – 30 points – Individual Scoring Guide for Procedures Section

Component 

Exemplary (5-6)

Adequate (3-4)

Inadequate (0-2)

Score

Format

Paper is, at least 7 pages in length, excluding cover pages, TOC, reference page.

Paper is fewer than 7, but great than 4.

Paper is fewer than 4 pages in length.

Relevancy

Identified procedures are appropriately linked to a different risk located in the risk assessment table, or a different scenario from the Appendix A2

Some content is relevant to an Incident Response Plan

Content is not relevant

Comprehensiveness

All questions from Appendix A1 in all sections are addressed and will effectively address the risk if it were actualized.

At least 50% of the questions from Appendix A1 are addressed.

Fewer than half of the questions were addressed.

Grammar, clarity, organization

The document is well-written and ideas are well developed and explained. Sentences and paragraphs are grammatically correct. Uses subheadings appropriately.

The document effectively communicates ideas. The writing is grammatically correct, but some sections lack clarity. 

The document is poorly written and confusing. Ideas are not communicated effectively.

Originality

Procedures section is unique to each individual student. 

Some content has been copied from other work

Paper lacks originality.



Total


 

Incident Response Paper (Individual Grade) Using NIST’s SP 800-61 “Computer Security Incident Handling Guide), each student in the team will select a different risk from the Risk Assessment, or select a scenario from the NIST SP 800-61, Appendix A-2 Scenarios and will answer the questions in Section A.1 Scenario Questions to include: Preparation, Detection and Analysis, Containment, Eradication, and Recovery, Post-Incident Activity, General Questions specific to the risk. Students are encouraged to work individually on their scenario, but bounce questions off of team members if they hit a question they cannot address. Your textbook also has information about security tools and controls that can be referenced here to help with the procedures. Using NIST’s SP 800-61 “Computer Security Incident Handling Guide), develop an Incident Response Plan (IRP) that will include your Scenario in the Procedures Section. Google and find other actual IRPs on the Internet and review to see what type of information is included. At a minimum, your plan should include the following sections (each section, other than procedures, only needs to be a couple of sentences in length – students are graded individually on the Procedures section). Students will submit their IRP, including the common team portion for individual grading. • • • • • • Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP? Training: specify a training frequency Incidents: What defines an “incident”? Define some security incidents that you may encounter on your network. Incident Notification: What happens when an incident is detected? Reporting/tracking: How will you report and track incidents? What about capturing “lessons learned”? Procedures (Individual Sections – Identify the name of the student in the paper who prepared their section) o Risk: (Identify the Risk from the Risk Assessment Table by Number and Name of Student) ▪ Preparation ▪ Detection and Analysis ▪ Containment ▪ Eradication ▪ Recovery ▪ Post-Incident Activity Incident Response Paper – 30 points – Individual Scoring Guide for Procedures Section Component Exemplary (5-6) Adequate (3-4) Inadequate (0-2) Format Paper is, at least 7 pages in Paper is fewer than Paper is fewer than 4 length, excluding cover pages, 7, but great than 4. pages in length. TOC, reference page. Relevancy Identified procedures are Some content is Content is not relevant appropriately linked to a relevant to an different risk located in the Incident Response risk assessment table, or a Plan different scenario from the Appendix A2 Comprehensiveness Grammar, clarity, organization Originality All questions from Appendix A1 in all sections are addressed and will effectively address the risk if it were actualized. The document is well-written and ideas are well developed and explained. Sentences and paragraphs are grammatically correct. Uses subheadings appropriately. Procedures section is unique to each individual student. At least 50% of the questions from Appendix A1 are addressed. Fewer than half of the questions were addressed. The document effectively communicates ideas. The writing is grammatically correct, but some sections lack clarity. Some content has been copied from other work The document is poorly written and confusing. Ideas are not communicated effectively. Paper lacks originality. Total Score
Running Head: Incident Response Plan Incident Response Plan By Sudheer Kommineni University of Cumberlands 2 Abstract This paper reviews a well-documented Incident Response Plan. The Incident Response plan depicts the roles and responsibilities of the ISR team. The IRP is important to an organization to minimize revenue loss and retain customer trust. The Incident Response plan provides a detailed description of the steps the Incident response team must take when an incident is reported. The plan includes the contact information of the team members, the responsibilities of each team member, the steps to follow in case of an incident, the discussions to have within the team to react to an incident and so forth. The scenario considered while writing the Incident response plan was “Stolen Documents”. If an organization had to undergo an incident that involved documents being stolen physically or electronically, executing the Incident response plan below will help the organization to respond to the incident and take appropriate action to prevent further loss of data and restore systems to their previous state. It is important that every organization has an IR plan which is reviewed and tested annually. Keywords: Incident Response Plan 3 Roles 1) IT Help Desk - If the incident is related to Information technology, the IT help desk will be responsible for responding to the incident. 2) Legal Department - If the incident is related to legal violations, legal department will be responsible for responding. 3) CSIRT (Computer security incident response team) along with stakeholders are responsible for creating the incident response plan. 4) Stakeholders, Legal Department and HR Department Representative(s) are responsible in working with CSIRT to formulate the IRP plan. 5) Incident Response Manager – Responsible for guiding the team during an incident and to make decisions on the actions to take. Also responsible for communicating the incident to other stakeholders and or organization(s). 6) Director of Operations Training 1) The Incident Response plan will be revised annually 2) All stakeholder involved will be trained on an annual basis 3) Mock breaches will be conducted annually to evaluate the IRP plan. Definition of Incidents An event or action that acts as a threat to the organization and its assets is to be considered as an Incident and for which the IRP will have to be followed. Incident examples: 1) Stolen Data 2) Access to Sensitive data 3) Unauthorized access to organizations information 4) Firewall breach Incident Response Plan: ( Sudheer Kommineni threat 10 &11) Procedure 1) Person who discovers the incident will inform the IT Help Desk. The Help Desk will collect the following information: ➢ Contactor’s Name ➢ Contactor’s number ➢ Date and Time of incident reported 4 ➢ ➢ ➢ ➢ Incident Nature Location of Incident Compromised Systems and or users How the Incident occurred/was noticed 2) The IT help desk member who obtained the decision, will log the incident into the monitoring gadget with above info and could touch the Incident response crew individuals by using referring to the distinct crew touch list: Contact List: Name Incident Response Manager Legal Dept Rep HR Dept Rep Security team rep Operations rep Phone Number 123-xxx-xxxx 789-xxx-xxxx 123-xxx-xxxx 456-xxx-xxxx 444-xxx-xxxx Email abc@alorg.com bef@legal.com lol@hr.com test@alorg.com Test123@alorg.com 3) IT Help Desk member will arrange an emergency meeting for the team to join. Detection and Analysis 4) The team will group and discuss the below items: ➢ Incident type? ➢ Can this be taken into consideration as an incident as in line with the businesses rules? ➢ What policies is the incident violating? ➢ Is the Incident affecting important commercial enterprise operations? ➢ Is the Incident nonetheless on going? ➢ What category is to be given to the incident? vital/high/Medium/Low? ➢ On the nature of the incident, is it IT/HR/legal crew that should be the main driving force of this? ➢ Can this Incident be contained at once? ➢ What are all of the affected structures both inner and outside? ➢ Are there any users/personnel being affected? ➢ what is the effect level of this incident? ➢ Is there touchy/vital records this is affected or uncovered as part of this incident? ➢ What type of data is being affected? 5 ➢ can we want to carry out instantaneous movements to halt/lessen the effect? ➢ can we need to get other companies or group worried? ➢ Who and how can we tell different teams/businesses/outside events? 5) After the accepted questions about the character of the incident are mentioned, incident precise questions will need to be discussed among the team individuals to better execute the IRP plan E.G., if Document were stolen ➢ From what resources can the incident reaction group acquire evidence? ➢ What might the crew do to preserve the investigation confidential? ➢ How would the coping with of this incident exchange if the group identified an internal host accountable for the leaks? ➢ How would the managing of this incident change if the crew located a rootkit set up at the internal host responsible for the leaks? 6) Members of the IT department will begin investigating on the foundation motive of the incident together with following tactics to prevent in addition occurrences. Few matters the IT branch might have to test ➢ Log files ➢ Recent password changes ➢ Network configurations ➢ System inspections Containment, Eradication and Recovery 6) As part of the Containment, Eradication and Recovery method, a evaluate session will be held and the beneath are to be addressed and documented. ➢ What equipment/alternatives/approaches can we ought to execute to incorporate the incident? ➢ Were all techniques and policies accompanied by all structures and personnel? ➢ What modifications are we able to make to techniques and guidelines that may prevent such incidents inside the destiny? ➢ How affective changed into the Incident Response plan that is presently in location? ➢ Do we want to make enhancements to the plan? ➢ Have all affected systems been looked after? E.G., secured and restored? ➢ What instructions have we discovered from this incident? ➢ What has been accomplished to incorporate the incident on brief time-period? ➢ What has been discussed to contain the incident on a long term? ➢ Were there any precautions we'd have taken that might have save you this incident? ➢ What equipment may want to have detected this incident in advance? 6 ➢ What assets of proof need to the organization collect for this incident and the way do we comprise that? ➢ Upon all stakeholder’s approval, the crew will agree on a restoration procedure to be carried out to prevent re-occurrence and further damage. ➢ Team will re-save affected structures if any to the preceding state. ➢ Team will paintings on updating regulations and discuss what additional modifications to the policy can save you such incidents inside the destiny. Post Incident Analysis 6) Below items will be mentioned and documented as part of put up incident analysis ➢ What will be carried out to save you similar incidents from taking place within the future? ➢ What can be carried out to enhance detection of similar incidents? ➢ What equipment/strategies/regulations/tactics can we put in force to come across such incidents when they get triggered? ➢ Are there any trainings we will offer to personnel to make aware of this incident and the way to keep away from it? ➢ What weak point in our systems/procedures/regulations did the incident assist us perceive? References Brophy, M. IT Incident Response Plan. Retrieved from https://www.iltanet.org/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey= 966e76a0-5664-43b6-9f3e-fa0540055508&ssopc=1 Cichonski, P., Millar, T., Grance, T., Scarfone, K. (2012). Computer Security Incident Handling Guide. Retrieved from https://s3.us-east1.amazonaws.com/blackboard.learn.xythos.prod/5a31b16bb2c48/3721715?response-contentdisposition=inline%3B%20filename%2A%3DUTF-8%27%27NIST.SP.800-61r2.pdf&responsecontent-type=application%2Fpdf&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-AmzDate=20190223T173856Z&X-Amz-SignedHeaders=host&X-Amz-Expires=21600&X-AmzCredential=AKIAIL7WQYDOOHAZJGWQ%2F20190223%2Fus-east1%2Fs3%2Faws4_request&X-AmzSignature=55c2fe1fa3e047532a6862be8daff1268d69a5b34151b877da40fb7c9392b931 Ellis, D. 6 Phases in the Incident Response Plan. Retrieved from https://www.securitymetrics.com/blog/6-phases-incident-response-plan Gibson, D. (2010). Managing Risk in Information Systems (Information Systems Security & Assurance)(2nd ed.). Rouse, M., & Rosencrance, L. (2017) What is incident response? - Definition from WhatIs.com. Retrieved from https://searchsecurity.techtarget.com/definition/incident-response 7

Tutor Answer

TabbyK
School: Boston College

Kindly use this file. I've also refined your format. Don't forget to rate my work. Also ask for any editing if needed.

Running head: INCIDENT RESPONSE PLAN

Incident Response Plan
By Sudheer Kommineni
University of Cumberlands

INCIDENT RESPONSE PLAN

2
Abstract

This paper reviews a well-documented Incident Response Plan. The Incident Response plan
depicts the roles and responsibilities of the ISR team. The IRP is important to an organization to
minimize revenue loss and retain customer trust. The Incident Response plan provides a detailed
description of the steps the Incident response team must take when an incident is reported. The
plan includes the contact information of the team members, the responsibilities of each team
member, the steps to follow in case of an incident, the discussions to have within the team to
react to an incident and so forth. The scenario considered while writing the Incident response
plan was “Stolen Documents.” If an organization had to undergo an incident that involved
documents being stolen physically or electronically, executing the Incident response plan below
will help the organization to respond to the incident and take appropriate action to prevent
further loss of data and restore systems to their previous state. It is important that every
organization have an IR plan, which is reviewed and tested annually.

Keywords: Incident Response Plan

INCIDENT RESPONSE PLAN
Roles
1) IT Help Desk - If the incident is related to Information technology, the IT help desk will be
responsible for responding to the incident.
2) Legal Department - If the incident is related to legal violations, legal department will be
responsible for responding.
3) CSIRT (Computer security incident response team) along with stakeholders are responsible
for creating the incident response plan.
4) Stakeholders, Legal Department and HR Department Representative(s) are responsible in
working with CSIRT to formulate the IRP plan.
5) Incident Response Manager – Responsible for guiding the team during an incident and to
make decisions on the actions to take. Also responsible for communicating the incident to
other stakeholders and or organization(s).
6) Director of Operations

Training
1) The Incident Response plan will be revised annually
2) All stakeholder involved will be trained on an annual basis
3) Mock breaches will be conducted annually to evaluate the IRP plan.

Definition of Incidents
An event or action that acts as a threat to the organization and its assets is to be considered as an
Incident and for which the IRP will have to be followed.
Incident examples:

3

INCIDENT RESPONSE PLAN
1) Stolen Data
2) Access to Sensitive data
3) Unauthorized access to organizations information
4) Firewall breach

Incident Response Plan: (Sudheer Kommineni threat 10 &11)
In this Incident Response Plan, specific procedures have to be followed to prevent the
loss of data or access to sensitive info...

flag Report DMCA
Review

Anonymous
Thanks, good work

Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors