Describe the six-step incident handling process recommended by the SANS Institute.

Instructions

This assessment consists of two labs that you must complete, and a strategy report for senior executive leadership in your organization. Be sure you read the instructions for the entire assessment carefully to make sure you address all requirements fully.

Complete both of the labs linked in this assessment. As you go through each lab, be sure to: (COMPLETED)

Perform all screen captures as the labs instruct and paste them into a Word document. (COMPLETED)

In the same Word document:

Explain the concepts and procedures associated with investigating and responding to security incidents and prevention strategies by addressing the following:

Explain the steps you should take at the first indication of compromise.

Describe the six-step incident handling process recommended by the SANS Institute.

Compare identification and containment during the incident response process.

Explain the relevance of the post-mortem step during incident response.

Compare IDS and IPS.

Explain the significance of obtaining a baseline of network traffic.

Describe some methods to mitigate reconnaissance attacks.

Now apply what you learned in the lab to the following scenario.

Scenario

To increase business transactions and maximize profits, the organization you work for established an international partnership with another organization.

The appropriate business associate agreements and memorandum of association were put in place. A month after the partnership was initiated, your organization was the victim of a cyber-attack. Mitigation efforts were in the millions of dollars.

Your Role

You are a member of the Information Security team. The CISO has asked you to develop an Incident Investigation, Response and Prevention Strategies for senior leadership.

Requirements

Continue working in the same document; simply start your strategies on a new page with an appropriate heading.

In your strategy, address the following:

Explain the concepts and procedures associated with investigating and responding to security incidents and prevention strategies.

Analyze guidelines that can be included in a disaster recovery plan to assist in preparing for future Web attacks.

Identify appropriate guidelines.

Explain how the guidelines you have identified can help the organization prepare for future attacks.

Evaluate testing suites that can be used to test a disaster recovery plan.

Explain the principles and best practices that should be used to handle evidence acquired during the response to an incident.

Evaluate intrusion prevention strategies.

Is there a strategy that seems most effective to you? Why?

Explain how to secure a network with an intrusion detection system.

Support your work with references to at least four recent professional resources.

Describe the six-step incident handling process recommended by the SANS Institute.
Scroll to top