Identify a scenario where two instances of suspicious intrusive activities were detected in a computer information system. The two activities might or might not be of the same type (i.e., spam, phishing, DOS, etc.).
- Briefly describe the scenario. For each activity, how would you determine if it was legitimate network traffic or an attack?
- Next, suppose you have discovered that one of the two instances of activities in the above scenario was an attack.
- Explain if it's an attack against confidentiality, integrity, or availability and explain the level of impact of the attack.
- How would you determine the motivation of the attacker, and what other types of attacks might you need to anticipate based on that motivation?
- What countermeasures would you develop to defend against the anticipated attacks based on that motivation?