1 / 12100%
Runningc Head:c SNHU
1
SNHU
ISEc 510c Securityc Riskc Analysisc &c Plan
Securityc Breachc Analysisc andc Recommendations
Milestonec 3:c Incidentc Responsec Plan
Latec duec toc Technicalc issuesc whilec submitting
KEEPc THISc ONc TITLEc PAGE
Therec arec substantialc referencesc betweenc thec textbook,c Kralc (2011),c SEI,c Valentin,c
(2013),c andc NIST.SP.800-61r2c toc completec thisc project.c
Specialc Rules:
1.c Emailc mec forc permissionc toc usec anyc otherc referencec (andc whyc it’sc notc coveredc inc thec
abovec material)
2.c Noc Directc quotesc allowedc c (rewordc orc paraphrase;c andc addc in-textc citation)
3.c Includec pagec numbersc forc myc abilityc toc checkc thec sourcec ofc yourc workc efficiently.c c
4.c Allc papersc arec extensivelyc checkedc forc originality,c academicc integrity,c andc authenticity.c
KEEPc THISc ONc TITLEc PAGE
SNHU
2
2
Incidentc Responsec Plan
I)c Identifyc thec Purposec ofc anc Incidentc Responsec Plan.
Inc Limetree,c ac robustc Incidentc Responsec Planc needsc toc bec introducedc inc placec soc thatc
thec securityc posturec ofc thec businessc undertakingc canc bec maintained.c c Thec fundamentalc
purposec ofc designingc thec planc isc toc helpc thec firmc minimizec thec risksc thatc arisec inc thec cyberc
setting.c Itc encompassesc ac numberc ofc guidelinesc soc thatc thec planc wouldc helpc thec researchc andc
developmentc organizationc toc detect,c analyze,c prioritize,c andc handlec securityc incidents.c Itc
wouldc offerc ac solidc frameworkc soc thatc thec ITc teamc couldc implementc suitablec processesc andc
protocolsc toc bec preparedc toc facec cybersecurityc issues.c
Thec Incidentc Responsec Planc hasc beenc specificallyc madec forc Limetreec byc takingc intoc
accountc thec Itc ecosystemc andc thec activitiesc thatc itc carriesc outc onc thec onlinec platform.c Thec
planc wouldc guidec thec ITc departmentc ofc thec undertakingc toc takec properc measuresc soc thatc itc
couldc bec preparedc toc dealc withc cyberc attackersc andc onlinec criminals.c c
II)c Identifyc thec Rolesc andc Responsibilitiesc ofc thec Incidentc Responsec Plan
Ac numberc ofc individualsc wouldc playc certainc rolesc andc havec responsibilitiesc soc thatc
thec securityc posturec ofc thec firmc couldc bec strengthened.c Thec keyc rolesc ofc thec Incidentc
Responsec Planc includec Incidentc Responsec Coordinator,c ITc Manager,c Chiefc Executivec Officer,c
andc Chiefc Networkc Administrator.c
Incidentc Responsec Coordinatorc (IRC)c orc Teamc Leaderc c
Thec IRCc wouldc bec responsiblec toc collectc datac onc thec securityc incident,c intimatingc thec
necessaryc partiesc andc ensuringc thatc ac robustc communicationc modelc isc establishedc throughoutc
SNHU
3
3
andc afterc thec investigationc process.c Hec wouldc drivec andc coordinatec thec incidentc responsec
teamc activitiesc soc thatc thec damagec couldc bec minimized.c
ITc Managerc c
Hec wouldc havec toc respondc toc thec Itc securityc incidentc andc givec authorityc toc eachc ofc
thec teamc membersc withc coordinationc withc thec IRC.
Communicationsc Managerc c
Hec wouldc leadc thec effortc toc communicatec forc allc thec audiencec insidec asc wellc asc
outsidec thec businessc firm.
Networkc Administratorc c
Hec wouldc havec toc takec anc activec partc inc thec investigationc process.c Inc additionc toc this,c
hec wouldc documentc allc activitiesc relatingc toc investigation,c discoveryc andc recoveryc tasksc
((Cichonskic etc al.,c 2012).c
Itc isc necessaryc toc involvec lawc enforcementc suchc asc localc policec andc statec lawc
enforcementc agenciesc asc wellc thatc arec responsiblec toc presentc warrantsc forc disclosurec ofc
information.c
III)c Providec 5-Examplesc ofc Incidentsc atc Limetree
a)c Givec thec definitionc (inc yourc ownc words)c ofc anc ITc securityc ‘incident’c andc differentiatec
betweenc ITc securityc ‘event’c
Anc ITc securityc ‘incident’c canc bec definedc asc ac warningc thatc therec mightc existc somec
formc ofc threatc toc thec securityc posturec ofc thec undertaking.c Thisc warningc couldc alsoc meanc thatc
SNHU
4
4
thec threadc hasc alreadyc takenc placec inc thec ITc settingc ofc thec organization.c Thus,c ac computerc
securityc incidentc couldc meanc thatc therec isc ac threatc toc policiesc thatc arec relatedc toc thec firm’sc
computerc securityc SEIc (n.d.).c
Therec existc numerousc differencesc betweenc anc ITc securityc ‘incident’c andc anc ITc
securityc ‘event’.c NISTc hasc definedc anc ITc securityc incidentc asc anc occurrencec whichc
potentiallyc orc actuallyc threatensc thec confidentiality,c availabilityc orc integrityc ofc anc Informationc
Systemc (IS)c orc thec processesc (Kral,c 2011).c Anc ITc securityc eventc canc bec definedc asc anyc
alterationc inc thec dayc toc dayc operationsc ofc ac networkc orc Informationc technologyc servicesc
whichc indicatesc thatc ac securityc policyc mightc havec beenc violatedc orc ac securityc measurec mightc
havec failedc (Valentin,c 2013).c Securityc eventsc arec minorc inc naturec whichc couldc arisec
frequently.c Whenc thesec eventsc producec repercussions,c theyc arec consideredc toc bec securityc
incidentsc (Kral,c 2011).c
b)c Providec exactlyc 5c examplesc fromc Limetree.c c
Officialc documentsc containingc confidentialc informationc werec leftc forc anyonec toc see.c
Anyonec couldc makec theirc copiesc andc usec thec informationc toc adverselyc affectc thec
organization.c
Ac numberc ofc computerc terminalsc werec leftc unlocked.c Soc anyonec couldc accessc thec
systemsc andc retrievec sensitivec datac andc information.c
Employeesc usedc weakc passwordsc andc therec wasc noc policyc toc strengthenc thisc
securityc measure.c Additionally,c employeesc atc Limetreec changedc passwordsc annually.c
Evenc thoughc thec filec cabinetsc werec locked,c theirc keysc werec keptc inc plainc sight.c Soc
anyonec couldc usec themc toc openc thesec cabinetsc andc stealc confidentialc papers.
SNHU
5
5
Documentsc containingc confidentialc businessc informationc werec notc properlyc disposedc
of.c Insteadc ofc shreddingc themc theyc werec simplyc putc inc thec trashc bin.c
IV)c Currentc Incidentc Responsec Planc atc Limetree
Thec existingc Incidentc Responsec Planc atc Limetreec isc veryc ineffectivec andc weak.c Ic casec
anyc securityc incidentsc arise,c thec systemc administratorsc arec notifiedc ofc thec samec andc theyc
escalatec thec issuec toc thec ITc Manager.c Hec isc thenc responsiblec toc reportc thec incidentc toc thec
Securityc Managerc ifc itc isc consideredc toc bec anc actualc incident.c Currently,c therec existsc noc
documentationc processc soc therec isc noc recordc ofc previousc securityc incidentsc (Cichonskic etc al.,c
2012).c
V)c Incidentc Responsec Planc &c Process
a) Proposedc (NEW)c Incidentc Responsec Planc atc Limetree:c
Ac newc Incidentc Responsec Planc hasc beenc proposedc thatc couldc bec introducedc atc
Limetreec toc upgradec itsc securityc posture.c c Thec processc hasc beenc designedc soc thatc thec
Incidentc Responsec Teamc couldc takec necessaryc measuresc toc dealc withc thec securityc issuec andc
makec surec thatc thec extentc ofc thec damagec canc bec curbedc toc thec bestc possiblec extent.c Thec
mainc phasesc thatc wouldc bec involvedc inc thec planc havec beenc highlightedc below:
1)c Preparationc -c
Inc thec preparationc stage,c Limetreec mustc makec surec toc developc suitablec capabilitiesc soc
thatc securityc incidents