Milestone 1

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

ISE 620

Subject

Information Systems

Date

Nov 24, 2024

Type

docx

Pages

3

Uploaded by DukeTurkeyMaster1233

Report
3-1 Final Project Milestone One: Incident Response Process Diagram with Key Roles and Responsibilities Annotations Southern New Hampshire University ISE-620-Q1513 Incident Detection & Response 23TW1 10/08/2023
P a g e | 2 Incident Process Response: Steps, Key Roles, and Responsibilities Assignments Detection Step Role/Responsibility Rationale Behind Assignment Help desk Help desk manager/Incident Manager This is the first line of detection when issues arise for the public. In this case, the help desk manager would be responsible for reporting the many complaints when it seems as though there is an influx reporting the same issues. Firewall IT team, and CISO Managed by the IT team and overseen by the CISO, the firewall’s purpose is to track utilization and keep records of all traffic incoming and outgoing from the network. This will give the CISO the patterns to be able to identify the issue and determine where the security leak is. Log Auditing IT team and CISO These individuals monitor information that is collected by logs. By using the logs and records collected over time, it is easier to identify anomalies and alert the CISO of an issue or threat. Alerts can be generated to make the CIRT aware of issues that need to be escalated. Response Step: Role/Responsibility Rationale Behind Assignment Assessment Incident response team The IR team can examine networks, systems, and application for security related vulnerabilities, determine how thy could be exploited, the risks they pose, and best practices for mitigation (Scarfone et al., 2008). Containment Computer Incident Response Team Once a threat has been identified, it is important for it to be contained to reduce the spread of the effects of the breach. Containment strategies vary dependent on the incident, but could be tasks such as shutting down the system, disconnect from a network, disabling functions, etc. Eradication CIRT members The CIRT members would work on eliminating components of the incident such as deleting malicious code, or disabling breached accounts (Scarfone et al., 2008).
P a g e | 3 Scarfone, K., Grance, T., & Masone, K. (2008). Archived NIST Technical Series Publication Archived Publication Series/Number: NIST Special Publication 800-61 Title: Computer Security Incident Handling Guide Superseding Publication(s) Title: Computer Security Incident Handling Guide Additional Information (if applicable) Withdrawal announcement (link): N/A. Computer Security Incident Handling Guide , 800-61 (800-61). https://doi.org/10.6028/NIST.SP.800-61r1
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

EEWK16.docx
AUTHENTICATION AUTHORIZATION DF 3.docx
SITXHRM008 Evaluation Report Template.docx
_wgu_c838-26.pdf
20200729.pdf
Client8YoRoNaturals.docx
Disc 6.docx
ISSC262-Final 2.png
Tech-enabled Services.docx
Screenshot 2023-11-24 181349.png
VMs.edited.docx
Q12.jpg