MS3

ISE 510 Security Risk Analysis & Plan

Security Breach Analysis and Recommendations

Milestone 3: Incident Response Plan

<Last Name, First Name>

Due <DATE>

Submitted on <DATE>

If late let me know why:

=====================================

Delete these instructions in blue font before submission:

Change file name to MS#3_LAST_FIRST

A few comments up front:

-- After fixing any of my comments to this paper, it should be used, with minor modifications, for the FINAL PROJECT.

-- Download and use this publication:

Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (). Computer Security Incident Handling Guide Recommendations of the National Institute of Standards and Technology (rev 2). Retrieved from http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

-- Other resources that will be helpful:

Valentin, J. (2013). Building an incident response team and IR process. Retrieved from http://resources.infosecinstitute.com/building-an-incident-response-team-and-ir-process/

SEI (n.d.) Create a CSIRT. Retrieved from http://www.cert.org/incident-management/products-services/creating-a-csirt.cfm

Wright, C. (2011). Incident handler's handbook. Retrieved from https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

==========================================

Incident Response Plan

Purpose

Identify the purpose of the Incident Response Plan.

Roles and Responsibilities of the Incident Response Plan

Clearly identify and describe the roles and responsibilities in Limetree – you are allowed to make up roles typical to a medium sized company. (Hint: use one of the references listed above)

Examples of Incidents at Limetree

a) Give the definition of an ‘incident’ and b) give exactly 5 examples from Limetree.

This can be a bulleted list with short descriptions. Pull the examples from Agent Surefire Game or Breach description. The examples should be diverse; don’t give two examples of the same incident type.

Current Incident Response Plan at Limetree

Give a brief description of the current IR plan

Proposed Incident Response Plan at Limetree: In each of the below phases, describe what Limetree should be doing, either proactively or during an active security breach, to enhance their Incident response. Don’t explain in generalities, be specific to Limetree.

1) Preparation 2) Identification 3) Containment 4) Eradication

5) Recovery 6) Lessons Learned

The Incident Response Process:

Describe how the Incident Response process works from Preparation, the discovery of a new incident, all the way through Lessons Learned.

This must include business recovery process – step 5 above.

A process flow diagram is required for “Exemplary Score”. Drawings can be made in Visio, PowerPoint, or inserting shapes directly from Word. Hint: I usually prepare the process flow in a separate word document and then screen capture and paste into the final paper (as opposed to trying to insert shapes from scratch).

References

As academic practitioners, I’d recommend over 3 references (preferably over 5) placed here. I’d like you to “up your game” in the area of APA references. Remember, you’re experienced Graduate School students, and as such, you should be equipped to handle investigating strong academic papers and resources.

3