Reference no: EM132879289
Question: It's time to begin work on the next phase of the final analysis of the intrusion, which will include an incident response plan. Such a plan provides a method for containing the impact from a cybersecurity incident. It includes a plan for file recovery and remediation from an incident. All the actions will start from the security baseline analysis, which has been defined for all the nations' network topologies at the summit, using a network security baseline analyzer.
Your nation team will work together to develop an eight- to 10-page Incident Response Plan to use in the event of a cyber incident. This is one of your three final deliverables, which you will submit for feedback as a group, and then for individual assessment at the end of the project.
Begin your first half of the plan by focusing on the environmental conditions and coordination mechanisms. Include:
1. roles and responsibilities
2. phases of incident response
3. scenario-provide an incident response plan in the case of distributed data exfiltration attacks, specifically the case of loss of communications
4. activities, authorities pertaining to roles and responsibilities
5. triggering conditions for actions
6. triggering conditions for closure
7. reports and products throughout the incident response activity
8. tools, techniques, and technologies
9. communications paths and parties involved
10. coordination paths and parties involved
11. external partners and stakeholders, and their place in the coordination and communication paths
12. security controls and tracking
13. recovery objectives and priorities
Your team will continue working on the incident response plan in the next step. You will consider the processes of an active response.
Your team in this step will continue developing the Incident Response Plan. The second half of your report will focus on events and processes of your active response plan. Include the following:
14. incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example.
15. data protection mechanisms
16. integrity controls (system integrity checks) after recovery
17. a plan to investigate the network behavior and a threat bulletin that explains this activity
18. defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident
19. additional aspects of the incident response plan necessary to contain a cyber incident on the international domain
20. diagrams of swim lanes of authorities, activities and process flows, coordination and communication paths. Review the Swim Lane Template to familiarize yourself with the concept of swim lanes and swim lane diagrams.
You will complete your incident response plan in the next step. Your incident response plan is critical in outlining your activities during a cyberattack as well as providing direction for recovery.
Attachment:- Work IR Plan.rar