just please make sure to give good answer. All of the details is in the files. (And also please make sure to use simple English)
Individual Work
Total points 5
Submission date: Tuesday 22 Sep,2020
Late submission is not acceptable
Incident Response Planning Case Study
1. Case Learning Objectives
- Identify an incident.
- Classify an incident according to its severity.
- Identify the roles and responsibilities in an incident response team.
- Identify sources of evidence for an incident.
- Identify the steps an organization should take to contain and recover from an incident.
- Recommend measures to prevent similar incidents from occurring in the future.
- Recommend actions to improve the detection of similar events.
2. Case Description
You are given the “XYZ University Computer Incident Response Plan” and two scenarios. Please answer the Case Discussion Questions. Each team then gives a presentation based on your answers to discussion questions 2, 4, 5, 6.
2.1 XYZ University Computer Incident Response Plan
The purpose of this Computer Incident Response Plan (CIRP) is to provide the university with a plan that addresses computer security incidents. A computer security incident is one that threatens the confidentiality, integrity, or availability of the university information assets with high impact. The CIRP defines the roles and responsibilities for the Chief Information Officer, Computer Incident Response Team, Information Security Officer and the supporting groups. It classifies incidents into four severity levels, namely, low level incident, medium level incident, high level incident, and critical level incident. For each severity level of incident, CIRP describes the roles involved and their responsibilities for handling the incident. The CIRP also describes the post incident activity and provides an incident review report template.
2.2 Case Scenarios
The two scenarios given to the students are based on NIST Special publication 800-61 [1] Appendix B “Incident Handling Scenarios”. These two scenarios illustrate malicious code attack and inappropriate usage attack.
Scenario 1:
On Thursday morning, John, an XYZ university employee, noticed a warning message on his computer saying that the system has been attacked by a worm Win32.VB. Even though the antivirus software was present in the system, the software failed to detect the new worm because it was not updated to the latest version. When John tried to open his e-mail, he experienced a slow internet connection. He noticed there were some unusual file names in the disk. John immediately informed his friend Bob, who was also an XYZ employee, of the problem. Bob checked his computer in his office and experienced the same problem as John. John and Bob checked several computers in the laboratories and found that Win32.VB worm had infected many other computers in the laboratory. They contacted the system administrator of the XYZ University. The system administrator checked the computers in the laboratory and reported the incident to the incident response team. The system administrator also checked the computers in other laboratories. As a result of the worm attack the activities in the XYZ University laboratory were suspended for a day, which caused a great inconvenience.
Scenario 2:
On a Monday morning, the XYZ University’s legal department received a phone call from the Federal Bureau of Investigation (FBI) regarding some suspicious activity originating from the XYZ University’s network. Later that day, an FBI agent met with the members of management and the legal department to discuss the activity. The FBI has been investigating activity involving online purchases made with several stolen credit card numbers. More than 30 of the transactions during the past week had been traced to one of the XYZ University’s IP addresses. The FBI agent asked for the organization’s assistance, and in turn, the managers asked for the incident response team’s assistance in acquiring evidences. It is vitally important that this matter be kept confidential.
3. Case Discussion Questions and Their Mappings to Bloom’s Taxonomy
Table 1: Mapping of Incident Response Planning case discussion questions to Bloom’s Taxonomy.
| Incident Response Planning Case Description Questions | Cognitive Levels |
| 1. Would the organization consider this activity as an incident? Justify your answer. | Level 3 – Application |
| 2. What’s the severity level of the above-mentioned incident? | Level 3 – Application |
| 3. Who or what groups will be involved in the situation? | Level 3 – Application |
| 4. Suggest measures to contain and recover from the incident. | Level 5 – Synthesis |
| 5. Suggest measures to prevent similar incidents from occurring in the future. | Level 4 – Analysis |
| 6. Suggest actions to improve the detection of similar events. | Level 5 – Synthesis |
4. References
[1] National Institute of Standards and technology. Computer Security Incident Handling Guide, The NIST Handbook SP 800-61, available at: http://www.nist.org/nist_plugins/content/content.php?content.42
[2] Whitman, M. E. and Mattord, H. J. Principles of Information Security, 3rd edition. Thomson Course Technology, 2005.
Do you have a similar assignment and would want someone to complete it for you? Click on the ORDER NOW option to get instant services. We assure you of a well written and plagiarism free papers delivered within your specified deadline.