For the following task you must demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the systems administration and support field of work and include access to: ICT business specifications Information on the security environment, including relevant laws and legislation Existing organisational security policies, organisational expertise and knowledge Possible security environment, including threats to security that are, or are held to be, present in the environment Risk analysis tools and methodologies ICT security assurance specifications Incident scenarios For this task you are to complete the following steps to develop, implement and evaluate an incident response plan on at least two separate occasions Complete the following steps to develop the incident response program on each occasion: 1. Develop, and document, an incident management policy 2. Identify the services the incident response team should provide. Record these services 3. Create the required incident response plans, according to, and in line with the security policy and organisational goals 4. Develop, and document, the procedures for incident handling and reporting 5. Create exercises for incident response and red-teaming activities. Document these exercises and activities 6. Develop, and document, the processes to be followed for collecting and protecting forensic evidence during incident response 7. Specify and document the staffing and training requirements for incident response 8. Establish the response program. Provide the documented, established response program. -Scenario ABC is a privately-owned company. Their business is to provide accounting services to small and medium sized business, such as book keeping and tax returns. They have following staff in the head office in Sydney: 1. Three Accountants 2. A director 3. A receptionist 4. A customer support person 5. An IT administrator They have one Branch Office in Brisbane, where they have only one accountant. In Brisbane they have 30 customers, and in Sydney they have over 150 customers. They have following computing resources for their Staff. 1. Dell Inspiron 8 GB, i5 dual core processor Laptops. 2. Windows 10 Operating System 3. Office 365 ar One Drive for all the staff They have a business Internet solution from Telstra. Which provides them with NBN Internet in both Head Office and Branch Office. They also have a VPN connection between Head Office and Branch Office. They have Cisco IP based telephones and VOIP solution from Telstra. Their customer support person uses a 1300 number for incoming and outgoing customer communication ABC uses QuickBooks for the purpose of managing accounts for their customers. This is a cloud based software. They access it from anywhere. Some of the staff works from home sometime. They have a server in the head office, where they have a shared folder. This folder is accessed by the staff using the VPN. The server is running on an HP ProLiant machine with Windows 2012 R2. The size of shared folder is over 10 GB. It holds all client related data There is a backup server, completing the backup of the shared folder every day. It is Windows Server 2016 backup software. The policy is to have a full back up every fifth Sunday. Then there is an incremental backup every day. The backup tapes are rotated to the home of the Director of company every fifth Saturday before a new full backup is taken. These are DDS3 tapes and tape drives Moreover, in both head office and branch office, they have a CISco firewall and a Telstra Router. They also have a wireless access point for local area connection. It is therefore necessary for the staff to have access to the internet, QuickBooks and the shared folder server to continue their business as usual. Assessment 3- Two Example Scenarios 1. There has been an incident where the Telstra service to the head office was not working. As IT administrator, you have the incident response program. According to the program, you have activated the incident response and operation. The outage happened due to an issue with unplanned outage in Telstra's exchange. The outage continued for two hours. As a contingency, you have purchased an Optus 4G wireless broadband router. You have remotely shifted your services to that router and connected your wireless point to the Optus router, access so the staff was able to continue the work. This was part of your incident response plan 2. In another incident same day, an accountant mistakenly deleted files of a client. As part of incident response plan, you have recovered the data from the backup. For the following task you must demonstrate consistent performance in conditions that are safe and replicate the workplace. Noise levels, production flow, interruptions and time variances must be typical of those experienced in the systems administration and support field of work and include access to: ICT business specifications Information on the security environment, including relevant laws and legislation Existing organisational security policies, organisational expertise and knowledge Possible security environment, including threats to security that are, or are held to be, present in the environment Risk analysis tools and methodologies ICT security assurance specifications Incident scenarios For this task you are to complete the following steps to develop, implement and evaluate an incident response plan on at least two separate occasions Complete the following steps to develop the incident response program on each occasion: 1. Develop, and document, an incident management policy 2. Identify the services the incident response team should provide. Record these services 3. Create the required incident response plans, according to, and in line with the security policy and organisational goals 4. Develop, and document, the procedures for incident handling and reporting 5. Create exercises for incident response and red-teaming activities. Document these exercises and activities 6. Develop, and document, the processes to be followed for collecting and protecting forensic evidence during incident response 7. Specify and document the staffing and training requirements for incident response 8. Establish the response program. Provide the documented, established response program. -Scenario ABC is a privately-owned company. Their business is to provide accounting services to small and medium sized business, such as book keeping and tax returns. They have following staff in the head office in Sydney: 1. Three Accountants 2. A director 3. A receptionist 4. A customer support person 5. An IT administrator They have one Branch Office in Brisbane, where they have only one accountant. In Brisbane they have 30 customers, and in Sydney they have over 150 customers. They have following computing resources for their Staff. 1. Dell Inspiron 8 GB, i5 dual core processor Laptops. 2. Windows 10 Operating System 3. Office 365 ar One Drive for all the staff They have a business Internet solution from Telstra. Which provides them with NBN Internet in both Head Office and Branch Office. They also have a VPN connection between Head Office and Branch Office. They have Cisco IP based telephones and VOIP solution from Telstra. Their customer support person uses a 1300 number for incoming and outgoing customer communication ABC uses QuickBooks for the purpose of managing accounts for their customers. This is a cloud based software. They access it from anywhere. Some of the staff works from home sometime. They have a server in the head office, where they have a shared folder. This folder is accessed by the staff using the VPN. The server is running on an HP ProLiant machine with Windows 2012 R2. The size of shared folder is over 10 GB. It holds all client related data There is a backup server, completing the backup of the shared folder every day. It is Windows Server 2016 backup software. The policy is to have a full back up every fifth Sunday. Then there is an incremental backup every day. The backup tapes are rotated to the home of the Director of company every fifth Saturday before a new full backup is taken. These are DDS3 tapes and tape drives Moreover, in both head office and branch office, they have a CISco firewall and a Telstra Router. They also have a wireless access point for local area connection. It is therefore necessary for the staff to have access to the internet, QuickBooks and the shared folder server to continue their business as usual. Assessment 3- Two Example Scenarios 1. There has been an incident where the Telstra service to the head office was not working. As IT administrator, you have the incident response program. According to the program, you have activated the incident response and operation. The outage happened due to an issue with unplanned outage in Telstra's exchange. The outage continued for two hours. As a contingency, you have purchased an Optus 4G wireless broadband router. You have remotely shifted your services to that router and connected your wireless point to the Optus router, access so the staff was able to continue the work. This was part of your incident response plan 2. In another incident same day, an accountant mistakenly deleted files of a client. As part of incident response plan, you have recovered the data from the backup