1. "Containment and IR Strategies" Please respond to the following:
- Explain why it is important for a business to have a specific plan of action, processes, and / or a set of guidelines to manage potential security incidents that may arise. Support your answer with a real-life example. Be sure to clearly identify the business as well as the potential security incident in your example.
- Discuss the role of incident containment in an incident response strategy and how a lack of planning for containment is a potential pitfall for any response strategy.
2. "SIEM and Incident Response" Please respond to the following:
THIS IS LINK TO THE E-ACTIVITY: Go to GSN Magazine’s Website to read the article titled “Automated incident response makes the difference in cyber security”, dated May 29, 2012, located at http://www.gsnmagazine.com/node/26454. Be prepared to discuss.
- From the e-Activity, explain in your own words the purpose of security information and event management (SIEM) solutions and how this category of tools can assist an incident response team. Also determine whether or not you believe the “golden hour” is a realistic and attainable response goal. Justify your answer.
- Compare and contrast two SIEM tools of your choice based on their common uses and market reputation. Determine which of these tools you would prefer to use as part of an incident response strategy and explain why.
3. "Encryption in Investigations" Please respond to the following:
- Discuss in your own words the effects that encryption can have on incident response activities, and explain how the use of encryption technologies could prove to be detrimental to an investigation.
- Devise an example of an incident where encryption could be used as protection from an intruder or attacker, and determine the actions that could be taken by the incident responders to manage the situation.
4. "e-Discovery in Action" Please respond to the following:
THIS IS LINK TO THE E-ACTIVITY: Go to Fishnet Security’s Website, and read the blog post titled “Seven Steps to Improve eDiscovery and Incident Management,” located at https://www.optiv.com/blog/seven-steps-to-improve-ediscovery-and-incident-management. Be prepared to discuss.
- From the e-Activity, explain the top three reasons why you believe organizations may be unprepared to manage incidents effectively and in a timely fashion. Provide real-world examples to support your chosen reasons.
- From the e-Activity, determine which of the seven recommendations to improve e-Discovery and incident management you would consider the most important for organizations to address. Justify your answer.
5. "DR…What Is It Good for?" Please respond to the following:
THIS IS LINK TO THE E-ACTIVITY: 1. Read the SearchSMBStorage.com article titled “Choosing a disaster recovery service provider for SMBs,” located here. 2. Listen to the SearchStorage UK, FAQ podcast titled “Disaster recovery planning services for small and medium size enterprises,” (11 min 27 s). Podcast Source: Computer Weekly. (2010, February). “Disaster recovery planning services for small and medium size enterprises,” [Audio file]. Podcast retrieved from http://www.computerweekly.com/feature/Disaster-recovery-planning-services-for-small-and-medium-size-enterprises. This podcast can be downloaded here.
- From the first and second e-Activities, Consider the following scenario: Your employer, a small-business owner, has indicated she believes that rather than planning to recover from a disaster, it makes more sense to simply open a new business and start anew. As a security professional and proponent of disaster recovery, formulate a list of your top five concerns with this statement and explain each. Be sure to indicate how and why you believe these concerns are relevant for a small business. Justify your response.
- Suppose you received pushback from your Board of Directors while trying to explain the necessity of a disaster recovery plan (e.g., due to costs, administrative overheard, etc.). Outline the main points and with a rationale for each that can be used to persuade the Board of Directors into believing that a plan really is necessary.
6. "Preparing for Different Disasters" Please respond to the following:
- Select two disaster scenarios (e.g., large-scale power outage, flood, earthquake, etc.) to compare and contrast, and explain how an implemented DR plan would differentiate when preparing for and dealing with these disasters.
- Explain how the report structure and organization could help the overall recovery efforts in a disaster, and determine whether or not you believe the organization of large plans is a key consideration for plan creators and management. Provide a rationale for your answer.