project work

profiles.teja807
IncidentResponsePlanPaper1.docx
Home>Computer Science homework help>project work

Incident Response Paper (Individual Grade)

Using NIST’s SP 800-61 “Computer Security Incident Handling Guide), each student in the team will select a different risk from the Risk Assessment, or select a scenario from the NIST SP 800-61, Appendix A-2 Scenarios and will answer the questions in Section A.1 Scenario Questions to include: Preparation, Detection and Analysis, Containment, Eradication, and Recovery, Post-Incident Activity, General Questions specific to the risk. Students are encouraged to work individually on their scenario, but bounce questions off of team members if they hit a question they cannot address. Your textbook also has information about security tools and controls that can be referenced here to help with the procedures.

Using NIST’s SP 800-61 “Computer Security Incident Handling Guide), develop an Incident Response Plan (IRP) that will include your Scenario in the Procedures Section. Google and find other actual IRPs on the Internet and review to see what type of information is included. At a minimum, your plan should include the following sections (each section, other than procedures, only needs to be a couple of sentences in length – students are graded individually on the Procedures section). Students will submit their IRP, including the common team portion for individual grading.

· Roles: who will respond to the incident and notification/escalation procedures? Who is responsible for writing the IRP?

· Training: specify a training frequency

· Incidents: What defines an “incident”? Define some security incidents that you may encounter on your network.

· Incident Notification: What happens when an incident is detected?

· Reporting/tracking: How will you report and track incidents? What about capturing “lessons learned”?

· Procedures (Individual Sections – Identify the name of the student in the paper who prepared their section)

· Risk: (Identify the Risk from the Risk Assessment Table by Number and Name of Student)

· Preparation

· Detection and Analysis

· Containment

· Eradication

· Recovery

· Post-Incident Activity

Incident Response Paper – 30 points – Individual Scoring Guide for Procedures Section

Component

Exemplary (5-6)

Adequate (3-4)

Inadequate (0-2)

Score

Format

Paper is, at least 7 pages in length, excluding cover pages, TOC, reference page.

Paper is fewer than 7, but great than 4.

Paper is fewer than 4 pages in length.

Relevancy

Identified procedures are appropriately linked to a different risk located in the risk assessment table, or a different scenario from the Appendix A2

Some content is relevant to an Incident Response Plan

Content is not relevant

Comprehensiveness

All questions from Appendix A1 in all sections are addressed and will effectively address the risk if it were actualized.

At least 50% of the questions from Appendix A1 are addressed.

Fewer than half of the questions were addressed.

Grammar, clarity, organization

The document is well-written and ideas are well developed and explained. Sentences and paragraphs are grammatically correct. Uses subheadings appropriately.

The document effectively communicates ideas. The writing is grammatically correct, but some sections lack clarity.

The document is poorly written and confusing. Ideas are not communicated effectively.

Originality

Procedures section is unique to each individual student.

Some content has been copied from other work

Paper lacks originality.

Total