CYB 320 Module Two Project One Stepping Stone_Jazmine Wade
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
320
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
3
Uploaded by BarristerExploration6300
Jazmine Wade
Incident Response Scenarios
Module 2-3 Project One Stepping Stone
CYB: 320 – Incident Response and Investigation
Southern New Hampshire University
03/12/2024
Scenario One:
The sprinkler system in your building has been triggered. You have been told there is no fire. However, you know that the sprinklers are going off in your server room.
The computer assets affected by this incident are the server room and the servers located in that room. The server room is critical for business operations, as it houses servers that are more than likely essential for hosting applications, data, and other services. The severity of the impact on business is High. The server room typically contains critical hardware for business operations. There is a high chance that water damage from the sprinklers has caused issues with the availability and integrity of data and services. One of the first actions that should be taken is to unplug and remove any equipment in the server room. By unplugging the power and moving the hardware we can prevent additional damage caused by the water getting into live electrical components. Some strategies that may be beneficial are to isolate affected servers and hardware, attempt to extract water and assess damage to the hardware that is critical for business operations, and activate disaster recovery procedures to restore critical services. Some strategies that may help prevent this from occurring in the future are to regularly check and monitor the sprinkler system, moving hardware components from areas that are directly by the sprinkler system, or implement safeguards, such as waterproof enclosures, or some form of water-avoidant
measure.
Scenario Two:
A user reports that their workstation is locked with a picture of a snowman. They have disclosed that right before this happened, they started playing music from a personal USB drive.
The affected computer asset is the user's workstation. The workstation may be critical for the user's role, but may not be critical for business operations. The severity of the impact on business
is Medium. The impact is only affecting an individual workstation, preventing the user’s ability to work. The overall business impact is isolated. The first course of action should be to disconnect the workstation from the network. Ensuring the device is isolated from the network helps prevent the risk of spreading malware or ransomware to other systems. Some strategies that can be used to contain the incident are to run antivirus or antimalware scans on the workstation, Investigate the origin of the snowman image and music file, and lastly restore the workstation from a known good backup. Some strategies that can be used to minimize the possibility of this occurring in the future are to implement and enforce a policy restricting the use
of personal USB drives, provide cybersecurity awareness training, and use endpoint protection tools for detection and prevention.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help