Assignment 12

This final examination is worth 25 percent of your total grade. There are four (4) questions and the maximum point values are included with each question.

The recommended length for the final exam is 10 - 15 doubled spaced  pages excluding diagrams, illustrations or other addendum. The use of  APA formatting is required for any in-text citations and reference  list. Please submit ONE document  for all answers in Word or PDF, along with the Turnitin originality  report, in the Final Exam assignment folder in WebTycho by the due date. I expect the response to immediately follow the question as follows:

Tasking One -- approximately 600 - 1000 words (2 - 4 pages) excluding diagrams, illustrations or other addendum. 

Response for tasking one ….

2. Tasking Two -- approximately 600 - 800 words (2 - 3 pages) excluding diagrams, illustrations or other addendum.

Response for tasking two …

3. Tasking Three -- approximately 600 - 800 words (2 - 3 pages) excluding diagrams, illustrations or other addendum.

Response for tasking three ….

4. Tasking Four -- approximately 600 - 800 words (2 - 3 pages) excluding   diagrams, illustrations or other addendum.

Response for tasking four …

Final Exam Scenario

 You are a senior security analyst  for Blue Moon Financial (BMF), a large financial services firm that has  detected a potential network intrusion during the middle of the night.  A  technician has called you at your home and woken you from a deep sleep  to describe suspicious behavior.  There has been a recent rash of  network intrusion attacks at other financial services firms, and your  organization has detected an elevated amount of port scanning and other  types of reconnaissance activity.

Senior management at BMF has  recognized the potential cyber threats that could seriously impact the  sustainability of the company and has committed budgetary money for  technical resources and training, although at a level that would be  considered modest by most standards. The challenge that you have had as  the senior security analyst is that once you get a technician trained to  a sufficient level they get hired away to work for another  organization.  As such, your current security team is inexperienced and  you are the only person with significant incident response experience.  You have recently begun developing an incident response plan, but it is  only in the early stages of development.

You quickly log into the network from  your home to check the logs and your intrusion detection system and  quickly determine that your organization is under an active attack.

 
________________________________________________________________

Your Tasking 

Describe your plan for responding to the network intrusion incident. (30 points). Some of the items you will want to cover include (this list is not all inclusive):

a. What your first steps are now that you have confirmed the attack

b. Who should be involved in the response

c. How you will compensate for your team’s inexperience

d. What type of resources are necessary

e. What protection measures need to be considered

2. Communication and Coordination Plan (15 points).

Who do you call and when

How do you identify priorities and assign resources

How will you communicate with incident responders during the response

How and when will you communicate with management during the response

3. Determine how you will determine further information about the source of the attack (15 points).

Type of attack

Where it may have originated from - attribution

The extent of the attack

Whether there is a single attack or if this is part of a complex series of incidents

Other considerations.

4.         Discuss how you will handle potential evidence. (15 points).

Chain of custody and preservation.

Analysis and reporting.

Other items.