Introduction
The Incident Response Life Cycle begins with Preparation and moves
Introduction
The Incident Response Life Cycle begins with Preparation and moves to the process of Detection & Analysis and Containment Eradication & Recovery. It concludes with Post-Incident Activity.
This assignment involves the three common incident response scenarios. For the threat featured in each scenario, outline three ways that you would protect against the threat, three ways that you would use to detect the threat, and three ways for responding to the threat.
Instructions
Scenario 1: Insider Threat
One of the hardest attacks to mitigate is the attack executed by an insider who has the authorization to take advantage of the rights and privileges bestowed upon the user within the organization. These attacks of opportunity can cause serious damage. One employee that is intent on harming the organization or commits an act of carelessness can leave an organization defenseless.
Please write a paragraph on each of the following (for a total of three paragraphs):
Protect: Three ways to protect your organization from an insider threat.
Detect: Three ways to detect the threat within your organization such as IoCs.
Respond: Three ways to respond to the threat based on the Incident Response Life Cycles.
Scenario 2: Security Gaps
Motivated offenders use a myriad of tools, tactics, and techniques to target organizations through numerous vectors. An environment that does not routinely validate its security posture, policies, and procedures can allow the attackers unauthorized entry into your network. All it takes is one asset within your organization that has been overlooked and it can create a conduit into your network that can cause data compromise.
Please write a paragraph on each of the following (for a total of three paragraphs):
Protect: Three ways to protect your organization from the threat of malware.
Detect: Three ways to detect the threat.
Respond: Three ways to respond to the threat based on the Incident Response Life Cycle.
Scenario 3: DDoS
Distributed denial of service (DDoS) attacks are still a major concern within an organization as they can be leveraged to cause a diversion while data exfiltration takes place in another part of your network. The attacks are designed to overwhelm system resources while not allowing legitimate traffic within the network. These attacks can change their signatures and can be executed within varying levels of sophistication and hence the reason for the concern.
Please write a paragraph on each of the following (for a total of three paragraphs):
Protect: Three ways to protect your organization from the threat.
Detect: Three ways to detect the threat within your organization such as IoCs.
Respond: Three ways to respond to the threat based on the Incident Response Life Cycle.
Leave a Reply