Programming
CIS359 Incident Response Efforts and Log Management Systems Assignment

CIS359

Question Description

Imagine you have just taken over the manager position for your organization’s incident response team, after coming from another division in the company. Your first realization is that proper procedures, best practices, and sound technologies are not being utilized. You decide to revamp the team’s efforts.

Write a two to three (2-3) page paper in which you:

  1. Explicate the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures.
  2. Discuss in detail the role that an IDS / IPS would play in the IR efforts, and explain how these systems can assist in the event notification, determination, and escalation processes.
  3. Explain how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident-handling procedures are taken.
  4. Explain how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts, and describe the potential issues that could arise if not utilized.5.Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Final Answer

Attached.

Running head: INCIDENCE RESPONSE

1

Incidence Response (IR) Revamp
Name:
Institutional Affiliation:

INCIDENCE RESPONSE

2

Incidence Response (IR) efforts considered during an incident includes preparation and
following guidelines. The guidelines are predetermined and provide the organization with
specific steps to take during an incidence (Thompson, 2018). The first step is detection and
monitoring. From the utilization of other systems, the organization is brought to the awareness of
the existence of the attack. Once there is detection, the next step is to analyze the severity of the
attack. During the analysis, the organization checks on the extent of the damage. Containment
and neutralization is the next step that provides the organization with an opportunity of handling
the threat (Thompson, 2018). In the process, the company contains the risk and eliminates it from
the systems. The final step involves a post-incident activity that seeks ways ...

shellyt (18303)
UC Berkeley

Anonymous
Top quality work from this tutor! I’ll be back!

Anonymous
Just what I needed… fantastic!

Anonymous
Use Studypool every time I am stuck with an assignment I need guidance.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors