Operations Security

Refer:  https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-55r1.pdf 

 Read the NIST documents that I provided and Chapter 12 in your text. Select one of the following types of breaches:1. A SQL Injection was performed by a hacker, resulting in the loss of PII data.
2.  You have discovered a covert leak (exfiltration) of sensitive data to China.
3. Malcious code or malware was reported on multiple users' systems.
4.  Remote access for an internal user was compromised - resulting in the loss of PII data.
5. Wireless access.  You discovered an "evil twin" access point that resulted in many of your users connecting to the hacker's access point while working with sensitive data.
6.  Compromised passwords. You discovered that an attacker used rainbow tables to attack your domain's password file in an offline attack. Assume that all of your user's passwords are compromised.

7.  A DoS or DDoS was performed against your system, resulting in the loss of  3 hours of downtime and lost revenue.Your submission should include three paragraphs and a cover page and references for the following:

Paragraph 1:  IRT Team. What would the IRT team look like for this incident (who would be on the team to be able to effectively handle the event)? Justify your choices.

Paragraph 2:  Approach. Address HOW you would respond. What logs or tools would you use to identify/analyze the incident?  What would alert you to the incident? What tools would you use to contain/recover from the incident? 

Paragraph 3: Metrics. Who would you measure your team's response effectivenss?  What measurements/metrics would you track?