Question 1: Incident Management Scenario
Scenarios exercises can be helpful learning tools. They allow practitioners to think about and experience different types of challenges and respond in a safe environment. For this exercise you will review a scenario individually, then engage in a group discussion a to further develop insight into the scenario. The scenario for this exercise was taken from the NIST incident response document. Read through the scenario and refer to the NIST report if necessary.
Read the scenario from the NIST Incident Response Document below and post your responses to the following questions:
- From what sources might the incident response team gather evidence?
- What would the team do to keep the investigation confidential?
- How would the handling of this incident change if the team identified an internal host responsible for the leaks?
- How would the handling of this incident change if the team found a rootkit installed on the internal host responsible for the leaks?
Scenario 3: Stolen Documents
On a Monday morning, the organizationâ€™s legal department receives a call from the Federal Bureau of Investigation (FBI) regarding some suspicious activity involving the organizationâ€™s systems. Later that day, an FBI agent meets with members of management and the legal department to discuss the activity. The FBI has been investigating activity involving public posting of sensitive government documents, and some of the documents reportedly belong to the organization. The agent asks for the organizationâ€™s assistance, and management asks for the incident response teamâ€™s assistance in acquiring the necessary evidence to determine if these documents are legitimate or not and how they might have been leaked. (NIST)
. [PDF file size 1446KB] Retrieved from http://nvlpubs.nist.gov/nistpubs/SpecialPublicatio…Computer Security Incident Handling Guide Recommendations of the National Institute of Standards and Technology (Links to an external site.)Links to an external site.Cichonsk, P., Miller, T., Grance, T., Scarfone, K. (2012).
Please define each of these (Qualitative vs. Quantitative) and give 2 examples of how each of these can be applied within conducting a risk assessment.
Question 3: Risk, Assessments and Threats to Security
Review the following documents. Use the material in the readings and outside source material, especially current cyber threat reports.
- Bayne, J. (2002). An Overview of Threat and Risk Assessment (Links to an external site.)Links to an external site.. SANS. [PDF File Size 62KB] Retrieved from https://www.sans.org/reading-room/whitepapers/audi…
- NIST. (2017) Framework for Improving Critical Infrastructure Protection. Draft Version 1.0 (Links to an external site.)Links to an external site.. [PDF File Size 1801KB] Retrieved from https://www.nist.gov/sites/default/files/documents…
- G., Goguen, A., & Feringa, A. (2002, July). Risk Management Guide for Information Technology Systems (Links to an external site.)Links to an external site. [PDF file size 478 KB]. Retrieved from http://csrc.nist.gov/publications/nistpubs/800-30/…
Discuss the following questions: Cite your work:
- What is Risk Management?
- Why is it important when applied to business needs?
- Read the SANS article. What is a risk assessment?
List and describe the core areas of an assessment outlined in the article.
After answering these questions, can you please go on my blackboard and reply to 2 students for each post. So 6 total replies to students. I will give you my
Please put coresspanding citations after each answer. Not at once at the end.