1. LINK to the E-ACTIVITY: Review the updated contingency planning guide at http://csrc.nist.gov/publications/nistbul/july-2010-bulletin.pdf
"CP from the National Institute of Standards and Technology (NIST)" Please respond to the following:
- From the e-Activity, explain in your own words what you believe CP attempts to provide for an organization, and describe what you believe is the most important CP consideration for an organization. Provide a rationale for your answer.
- Consider an organization in a specific industry (e.g., healthcare, financial, etc.), and discuss the potential shortcomings and repercussions if an organization in this sector neglected to participate in contingency planning efforts. Provide two real-world examples (successes and / or failures) to justify your answer.
2. "BIA Processes and Practices" Please respond to the following:
- Explain in your own words the importance of business impact analysis activities when an organization is trying to determine the breadth of its contingency planning activities. Suggest the potential issues that could arise if a BIA is not performed.
- Of the major objectives of the BIA process, determine which you believe to be the most important of these objectives and explain why.
3. "Disaster Recovery (DR), Business Continuity Planning (BCP), and Software as a Service (SaaS) Options" Please respond to the following:
- Explain in your own words the difference between disaster recovery and business continuity planning efforts and whether or not you believe these planning efforts overlap.
- Determine whether or not cloud and SaaS services can assist and benefit an organization in its business resumption panning (BRP) efforts, and whether or not this option is available and feasible to all sizes of organizations at this point in time. Provide a rationale to support your answer.
4. LINK to the E-ACTIVITY: Review the U.S. Department of Homeland Security’s (DHS) Cyber Storm efforts from its Website, located at http://www.dhs.gov/cyber-storm-securing-cyber-space,
"Cyber Storm" Please respond to the following:
- From the e-Activity, explain in your own words the benefits of the DHS’s efforts with Cyber Storm and whether or not you believe this is a necessary and useful activity in terms of incident response preparedness.
- Determine whether or not the efforts of Cyber Storm can help all types of organizations, regardless of size and independent of industry, for incident response and preparedness planning. Provide a rationale to support your answer.
5. "To IDS or to Not IDS?" Please respond to the following:
- Suppose you were proposing the implementation of an IDS to your manager as a new initiative for your organization. Explain how you would make a business case for obtaining the funds in order to fully implement this initiative.
- Propose the top three reasons for why organizations would NOT choose to implement IDS / IPS systems, and analyze each of these reasons to determine whether you believe they are valid concerns or improper conclusions.
6. LINK to the E-ACTIVITY: Read the article titled "Internet Intrusion Detection System Service in a Cloud", located at http://ijcsi.org/papers/IJCSI-9-5-2-308-315.pdf. Be prepared to discuss.
- Go to NetworkWorld’s Website to read the article titled “Cloud security strategies: Where does IDS fit in?,” dated July 15, 2010, located at https://www.networkworld.com/article/2214006/security/cloud-security-strategies--where-does-ids-fit-in-.html. Be prepared to discuss.
"IDS in the Cloud" Please respond to the following:
- From the e-Activities, explain whether or not you believe technologies such as IDS are still relevant and useful as there is a push toward SaaS and cloud-based solutions..
- Discuss from your perspective how cloud-based services change incident response, for better or worse, and determine what you believe to be the greatest preparedness concern with cloud-based services.
7. "Forming the CSIRT" Please respond to the following:
- Determine what you believe are the top two considerations that should be addressed when forming the CSIRT in terms of skills, abilities, procedures, training, deployment, etc.
- Explain what you believe to be the most critical flaw or failure when it comes to CSIRT organization and preparation. Suggest ways management can avoid this pitfall altogether.
8. LINK to the E-ACTIVITY: Review the CERT report titled “Communication Among Incident Responders-A Study,” dated September, 2012, located at http://www.sei.cmu.edu/reports/12tn028.pdf.
"Team Communication…Tested!" Please respond to the following:
- From the e-Activity, explain in your own words the purpose of the Software Engineering Institute’s (SEI) exercises regarding team communication, and determine whether or not you believe this type of testing and analysis is a beneficial use of resources. Justify your answer.
- Based on the testing and analysis described in the e-Activity, indicate the two most important things that you believe are needed in order for cross-team communication to be successful when dealing with potential widespread incidents.