Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Details matter when developing an incident response (IR) plan. But, even the mos

ID: 3857989 • Letter: D

Question

Details matter when developing an incident response (IR) plan. But, even the most successful IR plans can lack critical information, impeding how quickly normal business operations are restored. This lab has you address ten important steps that you should incorporate into your IR plan.

Incident Response Lab

Overview:

Details matter when developing an incident response (IR) plan. But, even the most successful IR plans can lack critical information, impeding how quickly normal business operations are restored. This lab has you address nine important steps that you should incorporate into your IR plan. For this assignment, you will be responding to an external brute force password attack on the perimeter router of your network.

Detail:

Download Source: http://www.tech-faq.com/responding-to-network-attacks-and-security-incidents.html

Version: N/A

Platform: Cisco   

Required Dependencies: N/A

Objectives:

Complete 2 tasks for each of the nine incident response checklist items listed below.

Process:

Background –

Incident Response Checklist:

PREPARATION ACROSS THE ENTIRE COMPANY

IDENTIFY MEASUREMENTS AND MATRICES

HOLD TEST RUNS

CHECK THE ALERTS THAT APPEAR BENIGN

CREATE A CONSOLIDATED DATA REPOSITORY

DON’T OVERLOOK INDUSTRIAL CONTROLS

CONTAINMENT AND REMEDIATION

PLAN FOR A FOLLOW-UP BUDGET AND RESOURCES

FOLLOW-UP ACROSS THE ORGANIZATION

Action Steps – Provide two tasks for each section below:

PREPARATION ACROSS THE ENTIRE COMPANY

-

-

IDENTIFY MEASUREMENTS AND MATRICES

-

-

HOLD TEST RUNS

-

-

CHECK THE ALERTS THAT APPEAR BENIGN

-

-

CREATE A CONSOLIDATED DATA REPOSITORY

-

-

DON’T OVERLOOK INDUSTRIAL CONTROLS

-

-

CONTAINMENT AND REMEDIATION

-

-

PLAN FOR A FOLLOW-UP BUDGET AND RESOURCES

-

-

FOLLOW-UP ACROSS THE ORGANIZATION

-

-

Conclusion:

What did you learn in this lab?

PREPARATION ACROSS THE ENTIRE COMPANY

-

-

IDENTIFY MEASUREMENTS AND MATRICES

-

-

HOLD TEST RUNS

-

-

CHECK THE ALERTS THAT APPEAR BENIGN

-

-

CREATE A CONSOLIDATED DATA REPOSITORY

-

-

DON’T OVERLOOK INDUSTRIAL CONTROLS

-

-

CONTAINMENT AND REMEDIATION

-

-

PLAN FOR A FOLLOW-UP BUDGET AND RESOURCES

-

-

FOLLOW-UP ACROSS THE ORGANIZATION

-

-

Explanation / Answer

Solution:-

The Incident Response plan are develope by the IT team of the organization but it is a joint effort ofb all the people of the organization to handle the incident. In the given IR plan the different phases are discussed and the related task are described for each phase. The tasks are related to the brute force external password attack. The tasks are performed to identify the nature of attack and the handling of the attack.

The phases and the activities are given below.

1) PREPARATION ACROSS THE ENTIRE COMPANY -

To prepare the IR plan discuss the entire people across the company to develop the effective plan. The tasks are given below.

(I) Consult the company's Public relationship department to find that any legal information is disclosed or not.

(II) Consult the web development team to find any venerability.

2) IDENTIFY MEASUREMENTS AND MATRICES -

For a effective IR Plan defines the important performance indicators that are measured during the event handling.

(I) Some performance indicators as system responsiveness are measured to find the level of attack.

(II) Authentication measurements are help to find the attacks of brute force password in nature.

3) HOLD TEST RUNS -

This phase identifies the weakness and runs the test plans to handle the event.

(I) The test run helps to find the risk factors, for a brute force attack the password strength is tested.

(II) Therisk factors and weakness are identified and monitored to decide how to handle the event.

4) CHECK THE ALERTS THAT APPEAR BENIGN -

The alarms are checkes that are benign means initial alerts which are not related to security.

(I) Check any single router or network equipment running slow or infected.

(II) Check for any technical issue as router or network equipment down not responding properly.

5) CREATE A CONSOLIDATED DATA REPOSITORY -

In this phase manage all incident in a central data repository.

(I) All the threats identified kept in a central repository to create a view of the attacks when needed.

(II) The practices to crack the password and and unauthorized access are monitored and kept in a central repository.

6) DON’T OVERLOOK INDUSTRIAL CONTROLS -

In some companies the industrial systems are ignored as these are not potential targets.

(I) The industrial systems are closely monitored when there is a symptom of a network attack.

(II) The IT teams are generally manages the industrial controls of the company so monitor the IT equipment attacks which are related to industrial controls.

7) CONTAINMENT AND REMEDIATION -

This process is used to stop the attacks in a whole perception. The remediation process provides solutions to the attacks.

(I) The security venerability that found in preliminary phases are removed.

(II) In this phase remove the infected files As well as remove the venerable entry point of the router or network equipment.

8) PLAN FOR A FOLLOW-UP BUDGET AND RESOURCES -

In this phase the follow ups are taken from the previous plan and activities to prevent the system to attacked again.

(I) Follow the IR plan and estimate the cost related and the effectiveness of the plan.

(II) Some security Plans and security practices are make slow the system, so these events should be notified and followed properly. So the systemndoes not slow while the security practices.

9) FOLLOW-UP ACROSS THE ORGANIZATION -

In this final phase the IR and it's improvements are followed closely across the company to learn the fact that how the IR made effective and make the system safe in future.

(I) Closely monitor the IR activities and learn how the attacks are identified and handled. What improvements are there after the IR applied after the security attack.

(II) It is followed that while conducting the IR which people involved in it to make it work effectively. This is discussed across the company to find out the people who taken part in the IR and handle the security attack.

Conclusion -

The above discussed IR plan is developed by the IT department of the organization but the people from whole organization are involved in the activities. The IR plan some time neglected some important events that are notified by the other departments of the organization. So all people make the IR effective and handle the attacks.

Related Questions

Detailed Description: In the program, you are required to make a class with name
Question #3637265
Detailed Description: Write a program in which you have to: 1. Create a text fil
Question #3612331
Detailed Requirements Database Access All database access will be through the me
Question #669217
Detailed Requirements Database Access All database access will be through the me
Question #669545
Detailed Specification This project is to be done as an individual assignment. A
Question #3660911
Detailed Specification This project is to be done as an individual assignment. A
Question #3661063
Detailed Steps needed Thank you! Compute the total outward flux of the vector fi
Question #2854515
Detailed and complete responses please A company wnicn nas seven delicate macnin
Question #2964549
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Details k Your Supposc you have 8 populations and you want to compare their mean
Next
Details of McCormick Details of McCormick Plant Proposal McCormick & Company is

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.