Order from us for quality, customized work in due time of your choice.
Please Seperate Each Response
Discussion 1: (205 Words)
Incident Response Readiness is a key element to any cybersecurity program. This includes creating an incident response plan, provide training, etc.
Instructions for Initial Post:
Regarding incident Response – it can be argued that “Preparation” is the most important step. Pick and discuss three things that you feel are the most important things to have in place BEFORE an incident takes place.
The creation of an incident response plan certainly tops the list. When discussing the Plan, focus on at least 2 sections of the incident response plan that needs to be well done.
For the other two preparation tasks, focus on preparation that is outside of the Incident Response Plan itself.
Discussion 2: (100 Words)
Agree or Disagree? Why?
When thinking about an incident response from a preparedness standpoint (before an incident occurs) it is important to already have a plan…or somewhat of a plan put in place. It can be implied when incidents happen, the IR (Incident Response) plan will be able to be modified to fit the needs of incidents along the way. Ultimately, an organization would want to improve their incident response “readiness” over time.
1) Incident Response Plan in Place
Two aspects of the incident response plan that should be well done is the creation of the team and the response procedures.
One of the most important aspects of being prepared for an incident is making sure they have an incident response plan in place. As part of the incident response plan, your team (below) will need to have response procedures. Responders will need to have a way to identify incidents whether its looking through the logs manually or there is a tool set up to help aid in alerting on incidents. The IRP (Incident Response Plan) should contain methods being used in the environment for identifying incidents such as the tool/software being used to capture the incident. This could also be said to pertain to detection and analysis. There should also be documentation on how the team will contain an incident or potentially eliminate an incident. There should also be documentation on how to recover from an incident (Kryptologyst, 2024).
There also needs to be people in place to handle the incident. An organization would do well to have a CSIRT (Cybersecurity Incident Response Team) already in place. The name of this team may sound like it may only contain individuals who respond to an incident but it is more than that. Individuals on this team contain the incident response leader, the responders, legal representatives, business experts, and even public relations individuals. All of these individuals will be part of the CSIRT and will act upon a cyber security attack, MAINLY in events if the attack is severe enough and successful enough. For example, there is no reason to get all the different parties involved if there is a phishing campaign making its round in company wide emails and nobody clicks on it. The technical leader might oversee the entire IR process and making critical decisions. Technical responders would be in charge of identifying, containing, and eliminating the incident. Individuals dealing with communication might be in charge of internal and external communication with senior management and maybe even law enforcement. Legal representatives will ensure compliance and staying within certain laws and legislations and ensuring everything done is legal (Kryptologyst, 2024).
2) Training and Assessment Sessions (Outside of Incident Response Plan…mainly for employees)
Another valuable aspect as part of preparation is to prepare not only the individuals who might be part of the IR process but even the employees in the organization. Kryptologyst (2024) uses a clever term as end users act as “sensors and alert sources” when seeing anything that would potentially be malicious on their end. There are certain aspects an organization can do to keep their end users aware. Educating employees on common cyber threats is a great starting point. This will help end users potentially identify malicious activity in advance so they will not potentially click on anything that may cause harm. Employees should be trained on what to look for if they have an doubt if they should report something. This not only relates to phishing emails but also maybe receiving information they should not have access to and things of that nature (Kryptologyst, 2024).
3) Vulnerability Scanning and Analysis (Outside of Incident Response Plan)
I believe vulnerability scanning falls outside of the scope of the incident response process. Vulnerability scanning is also a process that should be in place from a preparedness standpoint as it gives valuable insight into what weaknesses are in your environment before an incident takes place. This ensures the organization can remediate/mitigate/accept vulnerability risks before they come to light as a way to prepare for an incident or an alarm. A bolster defense is an aspect organizations will achieve if they implement vulnerability scanning due to proactively scanning for weaknesses on a timely basis (SortSec, 2024).
References:
Kryptologyst. (2024, January 6). Incident Response: Preparation – Kryptologyst – Medium. Medium; Medium. https://medium.com/@kryptologyst/incident-response-preparation-6f24d776d8eeLinks to an external site.
SortSec. (2024, January 16). The Crucial Role of Vulnerability Scanning in Incident Response Planning. Medium. https://medium.com/@sortsec/the-crucial-role-of-vulnerability-scanning-in-incident-response-planning-b09866a845d5
Discussion 3: (205 Words)
Business Continuity planning is an important part of a cybersecurity contingency planning program that deal with ensuring that preparation should situations that make systems unavailable support keeping data “available” to those that need it.
Instructions for Initial Post:
Thinking of the organization that you are creating your cybersecurity program for, detail out at least three (3) scenarios that would need to be part of the organization’s business continuity plan. Then create what the organization would do if that circumstance became a reality. We are not looking for a full-fledged plan, but the scenario, and high level first effort response to that scenario, and be sure to include the appropriate communication aspects that may be required.
(examples could be larger situations such as natural disaster, or more local such as “internet down” from within the bank)
Discussion 4: (100 Words)
Agree or Disagree? Why?
1) Network Outage
When considering this scenario, we are simply looking at a network outage, nothing more nothing less. This is a scenario when the company may lose network connectivity and there has not been any malicious intent (that is known) or a natural disaster. This major outage disrupts communications between different physical locations of an organization as well as cloud solutions/infrastructure.
High Level Response: When a network failure occurs, it becomes imperative to make sure a team immediately utilizes network monitoring tools to try to find the cause of the outage (if possible). The network teams will be notified and a BCP (Business Continuity Plan) should be activated to try and bring the network back up as soon as possible According to Whitman and Mattord (2021), the network recovery team will try and determine the cause of the network outage and analyze the extend of the damage on the network as this could have something to do with switches, routers, hubs, etc. A component could have been damaged or destroyed and that needs to be kept into consideration as well. The network recovery team will need to be in touch with the current ISP (Internet service provider) and potentially need to contact their secondary service provider (pending there is one…which there should be) to bring the network back up in case of a network outage. Adams (2024) refers to this as an internet failover and is a backup connection which implements redundancy as far as connectivity goes. The organization as a whole should be notified in ways such as SMS or some sort of notification. The organization and their customers should be notified of the outage and business should be done manually (paper-based) for processing. There might even be a reliance on cellular networks to maintain customer service and a means to communicate until the network is brough back up online. A post incident review should be done to see what process were effective and what were ineffective.
2) Natural Disaster
This natural disaster scenario deals with an event such as a tornado or a hurricane that causes a great deal of damage to one or more locations of an organization.
High Level Response: The business continuity plan would need to be activated along with the CMT (crisis management team). According to Whitman and Mattord (2021) the CMT will activate in accordance to the response. In this case of a natural disaster, employee safety is a major concern and emergency evacuation becomes dire in the need to protect human lives and control injury risk. The disaster should be communicated with employees and customers alike and ensure there will be an alternative form of continuing business in the event of network failure. Once the people are safe, the physical structures and assets being contained become the next priority. In preparation to a natural disaster, in our day and age, there is never a time where most weather comes as a surprise. This being the case, Rock (2022) claims the importance of utilizing the cloud and ensuring cloud services are set up in preparation in case buildings are destroyed and the assets inside of them are destroyed as well. This would also allow workers to be able to work from home and continue business operations. One of the biggest things to consider here is the aspect of communicating with employees and customers to let them know a physical location of an organization might be unavailable and mobile or internet services might need to be utilized to conduct business. It would also be extremely important for the critical business operations (if ran on a physical server) to be backed up and moved to a different location to ensure the business is still able to function (Whitman and Mattord, 2021). A post incident review should be done to see what process were effective and what were ineffective.
3) Cyber Attack
This scenario deals with a cyber attack on an organization and will give plan involving ransomware which encrypts critical data or all data and requires a ransom to get your data unencrypted.
High Level Response: If there is an alert of ransomware then the IRP (Incident response plan) needs to activate and the CSIRT (Cybersecurity incident response plan) needs to respond to the incident. One of the most crucial aspects is to isolate the affected machine to try and contain the ransomware so it does not spread (if possible). The CSIRT needs to dive into the incident and try to figure out what systems have been affected and there needs to be communication with the selected service departments which the ransomware affects. This incident is a great scenario where it is crucial to have secure backups in an off-site location. Weekly backups are crucial to ensuring a ransomware attack does not put an organization in more trouble than it potentially already is. No ransom should be paid and backups should be implemented to restore systems to a point in time before ransomware infected the system. If weekly backups are kept, the damage from ransomware becomes minimal compared to what it could be (Whitman and Mattord, 2021). If in the event that systems do go down, there needs to be manual processes in place to continue business operations (paper-based). The breach should ultimately be disclosed to stakeholders and it needs to be reported to authorities. There needs to be an aspect of transparency when dealing with communication (Clarke, 2023). A post incident review should be done to see what process were effective and what were ineffective.
References:
Adams, R. (n.d.). Council Post: How To Ensure Business Continuity In The Face Of Internet Disruptions. Forbes. Retrieved July 8, 2024, from https://www.forbes.com/sites/forbesbusinesscouncil/2024/02/16/how-to-ensure-business-continuity-in-the-face-of-internet-disruptions/Links to an external site.
Clarke, C. (2023, August 2). 6 Step Ransomware Response Plan | Veeam. Veeam Software Official Blog. https://www.veeam.com/blog/ransomware-response-plan.html
Mattord, M. E. (2021). Principles Of Incident Response And Disaster Recovery, Loose-Leaf Version. Course Technology Inc.
Rock, T. (2022, March 14). 6 Real-Life Business Continuity Examples You’ll Want to Read. Invenio IT. https://invenioit.com/continuity/4-real-life-business-continuity-examples/
Order from us for quality, customized work in due time of your choice.