LAB
see attached
a year ago 10
labB.docx
UnitVII1.pdf
labB.docx
2
Creating an Incident Response Policy
Regardless of whether an organization’s policies are perfect, the staff is superior, or the walls are impenetrable, a time will come when an incident occurs. Whether it is a security breach, or an employee is exploited by social engineering, an incident will take place and the organization had better be prepared for it.
In this lab, you will define the purpose of an incident response team (IRT) and identify major elements of an incident response methodology. You will also identify critical management, human resources, legal, information technology (IT), and information systems security personnel required for the incident response team. You will create an incident response policy that defines the incident response team's purpose and goal and the authority granted during an incident. This is a Theory Lab and does not require the use of a virtual environment.
This lab has two parts, which should be completed in the order specified.
1. In the first part of the lab, you will conduct research on incident response.
2. In the second part of the lab, you will design your own incident response policy.
Part 1: Research Incident Response Plans
1. Using your favorite search engine, search for a sample incident response plan.
2. Review the plan.
3. Describe the key components within the incident response plan you identified. Be sure to cite the plan by including a link.
4. In your browser, navigate to A Six-Stage Methodology for Incident Response.
5. Review the six steps listed on the website.
6. Outline the six-step methodology for performing incident response. List each step and its purpose. How closely does the plan that you reviewed follow this methodology?
Part 2: Create an Incident Response Policy
1. Navigate to the Security Policy Templates webpage, then locate and review the Security Response Plan Policy.
2. Describe how this policy would be associated with an incident response plan.
3. Review the following characteristics of the fictional Bankwise Credit Union:
4. The organization is a local credit union that has several branches and locations throughout the region.
a. Online banking and use of the internet are the bank’s strengths, given its limited human resources.
b. The customer service department is the organization’s most critical business function.
c. The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and information technology (IT) security best practices regarding its employees.
d. The organization wants to monitor and control use of the internet by implementing content filtering.
e. The organization wants to eliminate personal use of organization-owned IT assets and systems.
f. The organization wants to monitor and control use of the email system by implementing email security controls.
g. The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into its annual security awareness training.
h. The organization wants to create an incident response team to deal with security breaches and other incidents if attacked and provide full authority for the team to perform whatever activities are needed to maintain chain of custody in performing forensics and evidence collection.
i. The organization wants to implement this policy throughout the organization to provide full authority during a crisis to the incident response team over all physical facilities, IT assets, IT systems, applications, and data owned by the organization. Create an incident response policy that grants team members full access and authority to perform forensics and maintain a chain of custody for physical evidence containment.
5. Create this policy for the Bankwise Credit Union. The policy should include the following elements.
a. Policy Statement
b. Purpose/Objectives
c. Scope
d. Standards
e. Procedures
f. Guidelines
When you have completed the lab, click the "Download Lab Report as PDF" icon,
UnitVII1.pdf
CYB 4304, Cybersecurity Law and Policy 1
Course Learning Outcomes for Unit VII Upon completion of this unit, students should be able to:
6. Plan an organization-wide cybersecurity policy to ensure compliance within the seven domains of the information technology (IT) infrastructure. 6.1 Compile policy aspects into the organization’s cybersecurity policy.
Required Unit Resources Chapter 15: IT Policy Compliance and Compliance Technologies Unit Lesson
Security Policies and Regulatory Compliance It is a difficult task to ensure that your organization stays compliant with all relevant laws and regulations governing your industry. This is because the laws and regulations are constantly changing and frequently adding new requirements. In this sense, compliance is always a moving target. Further, different agencies do not necessarily ensure that their requirements do not conflict with the requirements of other agencies (Johnson & Easttom, 2022). It, therefore, becomes necessary to interpret the law to some degree and its intent when these conflicts arise, rather than just managing black-letter requirements. Security policies should cover what is important to an organization and help that organization comply with laws and best industry practices as well. That is why it can be said that a comprehensive security policy consists of multiple components that take into account all of the different facets of an entity’s position on risk. In this lesson, we will be discussing exactly how an organization may construct such an organization-wide cybersecurity policy to ensure compliance within the seven domains of the IT infrastructure.
Creating a Baseline Definition Identifying the information systems security baseline definition is the starting point for an organization’s specific technology. This is true since no two organizations are alike, and they will differ in technology as well as in business strategy. To assist in defining the security policy, numerous security policy definitions are dependent upon the focused technology of the organization. Here are a few examples.
• Protocols: Only those authorized protocols as spelled out in the security policy should be used and all other protocols either removed or denied. For example, your organization may not want to authorize TELNET or FTP within the network.
• Services: Like protocols, some services are not allowed for use per the security policy. As an example, not everyone has printing services from their computer and must rely on someone who has authority to print.
• Accounts: The administrator account must be renamed since this account is a default for many applications. Those who have access to the administrator account are spelled out in the security policy and not the account itself (Johnson & Easttom, 2022).
While an actual security policy would have a great deal more information, these examples demonstrate the point that baselines can be complex and reference multiple policies.
UNIT VII STUDY GUIDE Information Technology Policy Compliance Systems and Emerging Technologies
CYB 4304, Cybersecurity Law and Policy 2
UNIT x STUDY GUIDE Title
Tracking, Monitoring, and Reporting Baseline Compliance The baseline is a great starting point, but one must still ensure that the systems within the organization comply with the security requirements, including those information technologies that are outside the organization and those that touch the organization’s network. The organization must discover and respond to any unwanted or unauthorized changes to an application or process. There are ways to monitor such changes through the following methods (Johnson & Easttom, 2022).
• Automated systems: These use applications that automatically check the compliance of the systems. Such applications include Microsoft applications such as Systems Management Server (SMS) and the System Center Configuration Manager (SCCM). Other tools that help check for compliance are known as vulnerability scanners. There are many such scanners, but some are the Nessus to check for UNIX vulnerabilities; Nmap which is a port scanner; eEye Digital Security Retina scanner for Microsoft, Linux, and UNIX systems; Security Administrators Integrated Network Tool (SAINT); Symantec Altiris, which monitors multiple operating systems; and OpenVAS, which a vulnerability scanner that also detects missing patches and updates.
• Random audits and departmental compliance: Whether your organization is centralized or decentralized dictates how often random audits are conducted to check if the systems are in compliance. By meeting with departments or sections within the organization, management can determine if any additional training is warranted or can tighten security through these random audit checks.
• Overall organizational report card for policy compliance: After each compliance check, audit, and vulnerability scan, a report should be generated and presented to management to determine which areas are either in compliance or noncompliance as defined by the security policy. These reports can include patch compliance (which systems are correctly patched or not patched), security settings (ensure there are not changes as specified by the security policy of the settings), and the number of unauthorized changes. Once all the information is extrapolated, a grade between A and F can be assigned to the different departments or sections and the organization as a whole.
Configuration Management and Change Control Management
Today, many organizations use different IT frameworks to ensure they are within compliance with their IT infrastructure as well as their business framework. One such framework is the Information Technology Infrastructure Library (ITIL), a widely adopted IT Service Management approach in today’s emerging technology. ITIL provides a practical framework for identifying, planning, delivering, and supporting IT services to the business (Johnson & Easttom, 2022). The figure below provides a snapshot of the ITIL Life Cycle.
CYB 4304, Cybersecurity Law and Policy 3
UNIT x STUDY GUIDE Title
The ITIL life cycle (Johnson & Easttom, 2022, p. 419) ITIL provides guidance to organizations on how to use IT as a tool to help smooth the progress of business change, transformation, and growth. After all, it is the business that drives information technology. While not an all-or-nothing approach—some portions of ITIL may be adopted, and others not—configuration management and change management are elements in the service transition state that many organizations end up adopting.
• Configuration management—This sets up and maintains configuration information, including the initial startup configuration described in the baseline. It also records any changes that are made.
• Change management—This controls changes made to systems, since changes on one system may affect other systems and cause outages (Johnson & Easttom, 2022).
Minimum Security Policy Criteria
An organizational-wide security policy must contain at least an acceptable use policy, implementation plan, risk assessment plan, awareness training, management policy, and an incident response policy. These policies help dictate the security culture of the organization. These policies leave no doubt of what end users must do or not do to protect the information data of the organization. The organizational-wide security policy does not work if the document sits on the shelf collecting dust. This security policy is a living document that must be updated to keep pace with cybersecurity threats.
Reference Johnson, R., & Easttom, C. (2022). Security policies and implementation issues (3rd ed.). Jones & Bartlett
Learning. https://online.vitalsource.com/#/books/9781284200034
- Course Learning Outcomes for Unit VII
- Required Unit Resources
- Unit Lesson
- Security Policies and Regulatory Compliance
- Creating a Baseline Definition
- Tracking, Monitoring, and Reporting Baseline Compliance
- Configuration Management and Change Control Management
- Minimum Security Policy Criteria
- Reference
labB.docx
2
Creating an Incident Response Policy
Regardless of whether an organization’s policies are perfect, the staff is superior, or the walls are impenetrable, a time will come when an incident occurs. Whether it is a security breach, or an employee is exploited by social engineering, an incident will take place and the organization had better be prepared for it.
In this lab, you will define the purpose of an incident response team (IRT) and identify major elements of an incident response methodology. You will also identify critical management, human resources, legal, information technology (IT), and information systems security personnel required for the incident response team. You will create an incident response policy that defines the incident response team's purpose and goal and the authority granted during an incident. This is a Theory Lab and does not require the use of a virtual environment.
This lab has two parts, which should be completed in the order specified.
1. In the first part of the lab, you will conduct research on incident response.
2. In the second part of the lab, you will design your own incident response policy.
Part 1: Research Incident Response Plans
1. Using your favorite search engine, search for a sample incident response plan.
2. Review the plan.
3. Describe the key components within the incident response plan you identified. Be sure to cite the plan by including a link.
4. In your browser, navigate to A Six-Stage Methodology for Incident Response.
5. Review the six steps listed on the website.
6. Outline the six-step methodology for performing incident response. List each step and its purpose. How closely does the plan that you reviewed follow this methodology?
Part 2: Create an Incident Response Policy
1. Navigate to the Security Policy Templates webpage, then locate and review the Security Response Plan Policy.
2. Describe how this policy would be associated with an incident response plan.
3. Review the following characteristics of the fictional Bankwise Credit Union:
4. The organization is a local credit union that has several branches and locations throughout the region.
a. Online banking and use of the internet are the bank’s strengths, given its limited human resources.
b. The customer service department is the organization’s most critical business function.
c. The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and information technology (IT) security best practices regarding its employees.
d. The organization wants to monitor and control use of the internet by implementing content filtering.
e. The organization wants to eliminate personal use of organization-owned IT assets and systems.
f. The organization wants to monitor and control use of the email system by implementing email security controls.
g. The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into its annual security awareness training.
h. The organization wants to create an incident response team to deal with security breaches and other incidents if attacked and provide full authority for the team to perform whatever activities are needed to maintain chain of custody in performing forensics and evidence collection.
i. The organization wants to implement this policy throughout the organization to provide full authority during a crisis to the incident response team over all physical facilities, IT assets, IT systems, applications, and data owned by the organization. Create an incident response policy that grants team members full access and authority to perform forensics and maintain a chain of custody for physical evidence containment.
5. Create this policy for the Bankwise Credit Union. The policy should include the following elements.
a. Policy Statement
b. Purpose/Objectives
c. Scope
d. Standards
e. Procedures
f. Guidelines
When you have completed the lab, click the "Download Lab Report as PDF" icon,
UnitVII1.pdf
CYB 4304, Cybersecurity Law and Policy 1
Course Learning Outcomes for Unit VII Upon completion of this unit, students should be able to:
6. Plan an organization-wide cybersecurity policy to ensure compliance within the seven domains of the information technology (IT) infrastructure. 6.1 Compile policy aspects into the organization’s cybersecurity policy.
Required Unit Resources Chapter 15: IT Policy Compliance and Compliance Technologies Unit Lesson
Security Policies and Regulatory Compliance It is a difficult task to ensure that your organization stays compliant with all relevant laws and regulations governing your industry. This is because the laws and regulations are constantly changing and frequently adding new requirements. In this sense, compliance is always a moving target. Further, different agencies do not necessarily ensure that their requirements do not conflict with the requirements of other agencies (Johnson & Easttom, 2022). It, therefore, becomes necessary to interpret the law to some degree and its intent when these conflicts arise, rather than just managing black-letter requirements. Security policies should cover what is important to an organization and help that organization comply with laws and best industry practices as well. That is why it can be said that a comprehensive security policy consists of multiple components that take into account all of the different facets of an entity’s position on risk. In this lesson, we will be discussing exactly how an organization may construct such an organization-wide cybersecurity policy to ensure compliance within the seven domains of the IT infrastructure.
Creating a Baseline Definition Identifying the information systems security baseline definition is the starting point for an organization’s specific technology. This is true since no two organizations are alike, and they will differ in technology as well as in business strategy. To assist in defining the security policy, numerous security policy definitions are dependent upon the focused technology of the organization. Here are a few examples.
• Protocols: Only those authorized protocols as spelled out in the security policy should be used and all other protocols either removed or denied. For example, your organization may not want to authorize TELNET or FTP within the network.
• Services: Like protocols, some services are not allowed for use per the security policy. As an example, not everyone has printing services from their computer and must rely on someone who has authority to print.
• Accounts: The administrator account must be renamed since this account is a default for many applications. Those who have access to the administrator account are spelled out in the security policy and not the account itself (Johnson & Easttom, 2022).
While an actual security policy would have a great deal more information, these examples demonstrate the point that baselines can be complex and reference multiple policies.
UNIT VII STUDY GUIDE Information Technology Policy Compliance Systems and Emerging Technologies
CYB 4304, Cybersecurity Law and Policy 2
UNIT x STUDY GUIDE Title
Tracking, Monitoring, and Reporting Baseline Compliance The baseline is a great starting point, but one must still ensure that the systems within the organization comply with the security requirements, including those information technologies that are outside the organization and those that touch the organization’s network. The organization must discover and respond to any unwanted or unauthorized changes to an application or process. There are ways to monitor such changes through the following methods (Johnson & Easttom, 2022).
• Automated systems: These use applications that automatically check the compliance of the systems. Such applications include Microsoft applications such as Systems Management Server (SMS) and the System Center Configuration Manager (SCCM). Other tools that help check for compliance are known as vulnerability scanners. There are many such scanners, but some are the Nessus to check for UNIX vulnerabilities; Nmap which is a port scanner; eEye Digital Security Retina scanner for Microsoft, Linux, and UNIX systems; Security Administrators Integrated Network Tool (SAINT); Symantec Altiris, which monitors multiple operating systems; and OpenVAS, which a vulnerability scanner that also detects missing patches and updates.
• Random audits and departmental compliance: Whether your organization is centralized or decentralized dictates how often random audits are conducted to check if the systems are in compliance. By meeting with departments or sections within the organization, management can determine if any additional training is warranted or can tighten security through these random audit checks.
• Overall organizational report card for policy compliance: After each compliance check, audit, and vulnerability scan, a report should be generated and presented to management to determine which areas are either in compliance or noncompliance as defined by the security policy. These reports can include patch compliance (which systems are correctly patched or not patched), security settings (ensure there are not changes as specified by the security policy of the settings), and the number of unauthorized changes. Once all the information is extrapolated, a grade between A and F can be assigned to the different departments or sections and the organization as a whole.
Configuration Management and Change Control Management
Today, many organizations use different IT frameworks to ensure they are within compliance with their IT infrastructure as well as their business framework. One such framework is the Information Technology Infrastructure Library (ITIL), a widely adopted IT Service Management approach in today’s emerging technology. ITIL provides a practical framework for identifying, planning, delivering, and supporting IT services to the business (Johnson & Easttom, 2022). The figure below provides a snapshot of the ITIL Life Cycle.
CYB 4304, Cybersecurity Law and Policy 3
UNIT x STUDY GUIDE Title
The ITIL life cycle (Johnson & Easttom, 2022, p. 419) ITIL provides guidance to organizations on how to use IT as a tool to help smooth the progress of business change, transformation, and growth. After all, it is the business that drives information technology. While not an all-or-nothing approach—some portions of ITIL may be adopted, and others not—configuration management and change management are elements in the service transition state that many organizations end up adopting.
• Configuration management—This sets up and maintains configuration information, including the initial startup configuration described in the baseline. It also records any changes that are made.
• Change management—This controls changes made to systems, since changes on one system may affect other systems and cause outages (Johnson & Easttom, 2022).
Minimum Security Policy Criteria
An organizational-wide security policy must contain at least an acceptable use policy, implementation plan, risk assessment plan, awareness training, management policy, and an incident response policy. These policies help dictate the security culture of the organization. These policies leave no doubt of what end users must do or not do to protect the information data of the organization. The organizational-wide security policy does not work if the document sits on the shelf collecting dust. This security policy is a living document that must be updated to keep pace with cybersecurity threats.
Reference Johnson, R., & Easttom, C. (2022). Security policies and implementation issues (3rd ed.). Jones & Bartlett
Learning. https://online.vitalsource.com/#/books/9781284200034
- Course Learning Outcomes for Unit VII
- Required Unit Resources
- Unit Lesson
- Security Policies and Regulatory Compliance
- Creating a Baseline Definition
- Tracking, Monitoring, and Reporting Baseline Compliance
- Configuration Management and Change Control Management
- Minimum Security Policy Criteria
- Reference