User Account

All Pages

Discuss the organization and estimate both the damage cost

Assignment Help Computer Engineering
Reference no: EM131724456

This document discusses the steps taken during an incident response plan.

1) The person who discovers the incident will report it to someone who has access to this list. In turn, that person shall follow the instructions in this plan to properly document and report the incident. We anticipate the following initial contact points for incidents:
a) The helpdesk
b) IT Staff
c) IT Security Staff
d) A manager
e) A business partner
f) An outside source.

2) The responder will log:
a) Time of the call
b) The nature of the incident
c) What equipment was involved
d) How the incident was detected
e) When the event was first noticed that supported the idea that the incident occurred

3) The IT security staff responsible for incident response will call those designated on the list as appropriate for the case at hand. He/she will
contact the incident response manager using e-mail. The staff member could possibly add the following: name of system being targeted, along with operating system, IP address, and location.

4) Contacted members of the incident response team will meet or discuss the situation over e-mail and determine a response strategy.
a) Is the response urgent?
b) Is the incident real or perceived?
c) Will the response alert the attacker and do we care?
d) What type of incident is this? Example: virus, worm, intrusion, abuse, damage.
e) What data or property is threatened and how critical is it?
f) What system or systems are targeted? Where are they located physically and on the network? Incident Response Plan for PPC ITEC 6620 Information and Systems Security

5) An incident ticket will be created. The incident will be categorized into the highest applicable level of one of the following categories:
a) Category one - A threat to public safety or life.
b) Category two - A threat to sensitive data.
c) Category three - A threat to computer systems.
d) Category four - A disruption of services.

6) Team members will establish and follow one of the following procedures basing their response on the incident assessment:
a) Worm response procedure
b) Virus response procedure
c) System failure procedure
d) System abuse procedure
e) Property theft response procedure

The team may create additional procedures which are not foreseen in this document. If there is no applicable procedure in place, the team must document what was done and later establish a procedure for the incident.

7) Team members will use forensic techniques, including reviewing system logs, looking for gaps in logs, reviewing intrusion detection logs, and interviewing witnesses and the incident victim to determine how the incident was caused. Only authorized personnel should be performing interviews or examining evidence, and the authorized personnel may vary by situation and the organization.

8) Team members will restore the affected system(s) to the uninfected state.

9) Documentation-the following shall be documented:
a) The category of the incident
b) How the incident occurred, whether through e-mail, firewall, etc.
c) Where the attack came from, such as IP addresses and other related information about the attacker
d) What the response plan was
e) What was done in response?

10) Assess damage and cost-assess the damage to the organization and estimate both the damage cost and the cost of the containment efforts.

Reference no: EM131724456

Questions Cloud

Discuss the hacker group known as anonymous : Discuss the hacker group known as ‘Anonymous' and based on open source research
What are the benefits of food labels : 1. What are the benefits of Food Labels? Discuss importance of each section of Food Label.
Define data protection controls would benefit their business : the CEO of a company to convince the audience that data protection controls would benefit their business
Identify and describe two prevention strategies : Identify and describe two prevention strategies.Address the effectiveness of current treatment strategies in the United States.
Discuss the organization and estimate both the damage cost : Assess damage and cost-assess the damage to the organization and estimate both the damage cost and the cost of the containment efforts
Sympathetic division and the parasympathetic division : Compare the innervation patterns of the sympathetic division and the parasympathetic division.
Explain a legal or illegal drug : Briefly explain a legal or illegal drug that you find interested or wanting to learn more about. Tell me why you choose the drug
Discuss what is static analysis : What is static analysis, and how does it fit into a penetration testing scenario
Explanations for the relative hairiness of men : Human males have more body hair on average than human females. What is one of the potential explanations for the relative hairiness of men?

Reviews

Write a Review

Computer Engineering Questions & Answers

  Mathematics in computing

Binary search tree, and postorder and preorder traversal Determine the shortest path in Graph

  Ict governance

ICT is defined as the term of Information and communication technologies, it is diverse set of technical tools and resources used by the government agencies to communicate and produce, circulate, store, and manage all information.

  Implementation of memory management

Assignment covers the following eight topics and explore the implementation of memory management, processes and threads.

  Realize business and organizational data storage

Realize business and organizational data storage and fast access times are much more important than they have ever been. Compare and contrast magnetic tapes, magnetic disks, optical discs

  What is the protocol overhead

What are the advantages of using a compiled language over an interpreted one? Under what circumstances would you select to use an interpreted language?

  Implementation of memory management

Paper describes about memory management. How memory is used in executing programs and its critical support for applications.

  Define open and closed loop control systems

Define open and closed loop cotrol systems.Explain difference between time varying and time invariant control system wth suitable example.

  Prepare a proposal to deploy windows server

Prepare a proposal to deploy Windows Server onto an existing network based on the provided scenario.

  Security policy document project

Analyze security requirements and develop a security policy

  Write a procedure that produces independent stack objects

Write a procedure (make-stack) that produces independent stack objects, using a message-passing style, e.g.

  Define a suitable functional unit

Define a suitable functional unit for a comparative study between two different types of paint.

  Calculate yield to maturity and bond prices

Calculate yield to maturity (YTM) and bond prices

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd