What logs or tools would you use to identify the incident


Assignment: Operations Security

Read the NIST documents that I provided and Chapter 12 in your text. Select one of the following types of breaches:

1. A SQL Injection was performed by a hacker, resulting in the loss of PII data.

2. You have discovered a covert leak (exfiltration) of sensitive data to China.

3. Malcious code or malware was reported on multiple users' systems.

4. Remote access for an internal user was compromised - resulting in the loss of PII data.

5. Wireless access. You discovered an "evil twin" access point that resulted in many of your users connecting to the hacker's access point while working with sensitive data.

6. Compromised passwords. You discovered that an attacker used rainbow tables to attack your domain's password file in an offline attack. Assume that all of your user's passwords are compromised.

7. A DoS or DDoS was performed against your system, resulting in the loss of 3 hours of downtime and lost revenue. Your submission should include three paragraphs and a cover page and references for the following:

Paragraph 1: IRT Team. What would the IRT team look like for this incident (who would be on the team to be able to effectively handle the event)? Justify your choices.

Paragraph 2: Approach. Address HOW you would respond. What logs or tools would you use to identify/analyze the incident? What would alert you to the incident? What tools would you use to contain/recover from the incident?

Paragraph 3: Metrics. Who would you measure your team's response effectivenss? What measurements/metrics would you track?

Text Book: Security Policies and Implementation Issues by Robert Johnson, Second Edition.

Format your assignment according to the following formatting requirements:

1. The answer should be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides.

2. The response also includes a cover page containing the title of the assignment, the student's name, the course title, and the date. The cover page is not included in the required page length.

3. Also include a reference page. The Citations and references should follow APA format. The reference page is not included in the required page length.

Solution Preview :

Prepared by a verified Expert
Management Information Sys: What logs or tools would you use to identify the incident
Reference No:- TGS03017917

Now Priced at $40 (50% Discount)

Recommended (95%)

Rated (4.7/5)