Information Security Project
This assignment is designed to help you understand how an incident response plan is put into place. In an IT environment, it is typical for multiple members of the IT Department to be part of the planning and response efforts for many security incidents. Because of this, it will be helpful that you understand how the process works. Please be sure that your response to the incident make sense and are developed by your own research on how to respond to the incident. Details on what should be included in the Incident Response Plan are below. For the deliverable, use Calibri font, Size 14. This should be in your own words. Plagiarism goes against school policy and will result in a zero for the assignment. Please note that this is 21% of your grade for the class; take the time to be detailed and I expect questions from you about it. After all, this project is all about you learning how the process works.
Phase 1: Week 5
Step 1: Choose an incident type to create a response plan with. I’ve supplied a list for you below.
Step 2: Find supporting materials on how to respond to the incident. You should be able to use a common search engine and find this.
Phase 2
Step 3: Develop a summary of the incident that occurred; recommended 1-2 paragraphs; can be brief. If you can find an incident online that matches your project choice, you can use this summary. Make up a business name of the company that you work for. The sky is the limit in terms of what business type and name you use. Please be sure that, if your incident is one you’ve researched online, that you use a different business name than you’ve found. Step 4: Develop a detailed response plan on how to respond to the incident type. Your incident response plan should have at least 10-15 steps to it. The following should be included: 1. What departments and important individuals are involved in the response? Be sure to clearly state this before the steps in the response procedures. 2. What initial steps are taken as soon as the security incident is discovered. Should the computer, server, or device be immediately shut down… or left running? 3. What departments will be involved? IT Department? Management? 4. Who all should be notified? What departments, what members of management, customers, regulators? Specifically, who method of communication will be used to notify? 5. Was information compromised? If so, customers/patients will have to be notified. Note: These are not preventative measures and projects to take on before or after the incident. This is a “What do I do immediately?” type of scenario. Incident Response Choices 1. Corporate Account Takeover 2. Phishing, Vishing, or Smshing Attack on Customers (choose one) 3. Spear Phishing Attack on Employee(s) 4. Trojan Horse Virus/Keylogger Attack on Workstation/Server 5. Advanced Persistent Threat 6. Distributed Denial-of-Service Attack (DDoS) 7. Denial-of-Service (DoS) Attack 8. Company Laptop Stolen Containing 200 Customer/Patient Social Security Numbers 9. Former IT Staff Remotely Accesses Systems with “Admin” Password 10. Network Breach Detected By IDS (IDS NOT IPS) 11. Network Breach Detected by IPS, Router Password to One Business Location Compromised; Vulnerability Scan Ran Afterward Says Password Was Factory Default 12. Network Administrator Leaves After Heated Dispute with Management Grading Rubric Summary 15 points Are all departments involved clearly identified? 15 points Who is notified 20 points Is the plan logical and based on best practices? 30 points (research is key!!) Do response procedures match incident chosen? 10 points Is the plan detailed enough to be used as a response to an actual incident? 10 points