Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

You have been working as a technology associate in the information systems depar

ID: 3747473 • Letter: Y

Question

You have been working as a technology associate in the information systems department at Corporation Techs for almost three months now. Yesterday, you got an e-mail, which specified that a security breach has occurred in your company. The other members of your team also received such e-mails. You checked the firewall logs and it confirmed the security breach.

Later, your team took corrective actions in the environment. They isolated the incident and assessed the damage. Today, your manager calls you and asks you to create an executive summary report detailing the events to be presented to executive management. You need to include a summary of corrective options, which may be in the form of architectural adjustments or other configuration changes that will prevent the reoccurrence of this incident in the future.

Tasks

You need to create a post-incident executive summary report that addresses a security breach. Include an overview of actions taken at each phase of the incident response. Also include suggestions for corrective modifications that would prevent the incident from reoccurring.

Required Resources

Textbook and Internet

RS Assignment 4 Post incident Executive Summay Report Template.docx   (YOU MUST USE THIS TEMPLATE TO GET FULL CREDIT)

Submission Requirements

Format: Microsoft Word

Font: Arial, Size 12, Double-Space

Citation Style: APA>

Length: 1–2 pages>

Spelling and Grammar count

Self-Assessment Checklist

I included all six incident response phases in my executive summary report.

I displayed an understanding of firewall strategies when discussing corrective options in the report.

I concisely and clearly summarized information so that an executive can easily absorb the material.

Template

Week 3: (RS4) Assignment 4: Post-Incident Executive Summary Report

ISOL 532

{YourName}

Tasks

You need to create a post-incident executive summary reportthat addresses a security breach. Include an overview of actions taken at each phase of the incident response. Also include suggestions for corrective modifications that would prevent the incident from reoccurring.

Overview of actions taken at Incident Response Phase 1 (Preparation):

Overview of actions taken at Incident Response Phase 2 (Detection):

Overview of actions taken at Incident Response Phase 3 (Containment):

Overview of actions taken at Incident Response Phase 4 (Eradication):

Overview of actions taken at Incident Response Phase 5 (Recovery):

Overview of actions taken at Incident Response Phase 6 (Follow-up):

Firewall Strategies to Implement so as to correct the Security incidents:

Explanation / Answer

This is the post incident executive summary report for the malware attack occured on 13 September 2018
Risk Level: Medium
Data Loss : Minimal and recovered from backup after the malware removed


Phase 1 Preparation:The firewalls are updated with the malware blocking protocols
The antivirus definitions are updated and the client machines are commanded to run a virus check on the next reboot
As soon as the malware is attacked the backups are isolated from the network until the situation is cleared.
An infected machine has been removed from the domain and tested on regular network.
The common virus hiding locations have been identified by the Malware removal tool.


Phase 2 Detection: It is identified by the client machines that the malware has started to obstruct the process and started to hide the folders from being viewed. The folder permissions are being overwritten and the control is being taken over by the malware. The duplication of virus is very fast as soon as the machine started to run.
It is identified that the malware is trying to upload data on FTP protocol.
The uploads of the data from the infected machines have been stopped

Phase 3 Containment: Firewall and antivirus definitions are updated immediately.
All the machines are immediately commanded to run a virus check with the updated information.

Phase 4 Eradication: The client machines are instructed to run an offline virus check, so the virus could not duplicate
Batch files are pushed to client machines to bring back the hidden folders on next reboot.
Locations of the infected file folders are updated to the antivirus definition.

Phase 5 Recovery: A few files have been deleted from the databases.
The files have been restored from the backups after the entire virus or malware has been cleaned from the system

Related Questions

You have been tasked to write a program that will calculate students\' grades ba
Question #3574618
You have been tasked with consulting a group of environmental engineers who are
Question #232165
You have been tasked with creating a transgenic human cell line that under-expre
Question #217695
You have been tasked with designing a digital controller for an Unmanned Ground
Question #1993566
You have been tasked with designing a digital controller for an Unmanned Ground
Question #1993569
You have been tasked with designing a digital controller for an Unmanned Ground
Question #2318507
You have been tasked with designing a digital controller for an Unmanned Ground
Question #2318510
You have been tasked with designing a roller coaster track for an amusement park
Question #2218825
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
You have been working as a staff accountant at Sanborn Industries for three mont
Next
You have been working for four years in a bank branch located in the front secti

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.