Lab Instruction: 1. Lab report should not be less than 5 pages 2. Use "Lab 1: Report on Incident Handling \& Response" as the title of your project and include your Name, Student ID and Course information in the Header of your report 3. Ensure you use overleaf document processor and share both the exported pdf and link to your source file during your submission. 4. Plagiarism report not be more than 10%. Your report is expected to be as original as possible. 5. Include proper referencing and citations in your report. 6. Include the "Scoring Rubric" in the last page of your report. 7. Use the link included in this file for your report 8. Ensure you properly format the source file. Keep all necessary sections and delete others that are not useful in the report. 9. Ensure you include at least one figure. This could be any diagram but related to your report. Objectives: 1. Research internet security websites to understand and demonstrate Incident Response 2. Learn and understand how to use overleaf or any other document processor to prepare an Incident report. Tools or Equipment Needed: 1. PC 2. Web browser Lab Exercise 1: The following are the phases in Incident Handling and Response 1-Preparation 2. Detection 3- Containment 4. Eradication 5- Recovery 6- Follow-up Tasks to be completed TASK 1 - Briefly explain each of the phases in your own words. Use examples and seenarios where necessary TASK 2 - Categorize the following example with respect to cach phase, Practical example You have an e-Commerce Site: Some Client reported the server performance issue. Tech Support found out that the load on site was too high and it was not normal. Web Developer examined the code of the website and identified foreign code on the server. Web Developer than referred this issue to the information security team. Information Security team began collecting data. They further contacted extemal Cyber Incident Response Team (CIRT). The CIRT examined the server and they recommended for blocking some specific external IP addresses immediately. Then the team examined the server population and collected all the evidence very carefully and provided a written report of the incident. Then the team recommended remosal of forcign code from the Web Server. Removing the foreign code from Web Server helped in recovering the system back to its normal performance. The team also recommended policy and procedure changes in order to avoid this incideat in future. Phase Sosarin Descriptien Propeation Draction Costuinment Endiation Recover Following Srorine Ruhrie- Lab Exercise 1: The following are the phases in Incident Handling and Response 1- Preparation 2. Detection 3. Containment 4. Eradication 5-Recovery 6- Follow-up Tasks to be completed TASK 1 - Briefly explain each of the phases in your own words. Use examples and scenarios where necessary TASK 2 - Categorize the following cxample with respect to each phase. Practical example You have an e-Commerce Site: Some Client reported the server performance issue. Tech Support found out that the load on site was too high and it was not normal. Web Developer examined the code of the website and identified foreign code on the server. Web Developer than referred this issue to the information security team. Information Security team began collecting data. They further contacted external Cyber Incident Response Team (CIRT). The CIRT examined the server and they recommended for blocking some specific external IP addresses immediately. Then the team examined the server population and collected all the evidence very carefully and provided a written report of the incident. Then the team recommended removal of forcign code from the Web Server. Removing the foreign code from Web Server helped in recovering the system back to its normal performance. The team also recommended policy and procedure changes in order to avoid this incident in future. Phase Secaario Description Preparation Delection Containment Eradication Rscover Follew-up Senrino Rnhrie