Please answer the Questions

1. The text and slides mention a few methods of "exercises" an organization can do for Incident Response. Do you believe these exercises to be useful? If you do or not, please elaborate as to why. Which of the methods do you believe would provide useful training and why? 2. What is the importance of placing your IR plans, if hard-copy in a secure location, and digital, in an encrypted format?

3. An IRPT has a lot of stakeholders, from Slide 8, rank the importance of the stakeholder from the top being most important to least important. Provide a high-level review of why youv'e ordered them so.

And please respond to the following classmates

(I) Eric

1: I believe the majority of these exercises are useful. The reason for me saying this is because any practice that can be remotely close to a real attack is good practice. CTF, KOTH, DTF are all very good exercises you can do to practice for IR. With that being said, the most effective form of training is the replication of a real-world attack.

2: In the event of your IR plan being hard copy its important to put the book in a secure location because in the event of an insider threat, putting the book in a location that is secured decreases the risk of the information being leaked. An encrypted file is important for an IR plan because the possibility of a leak via insider threat or an outsider threat is massively decreased.

3: InfoSec Management: They set and enforce information security policies and standards. They also measure and report on security performance and compliance.

• IT Management: They provide and maintain the technology infrastructure and support for information systems. They also work with InfoSec management on security integration and alignment.
• General Management: They provide the strategic vision and direction for the organization and allocate resources and budget for information security. They also promote a culture of security awareness and accountability.
• The Legal Department: They advise on the legal and regulatory aspects of information security, such as data protection, privacy, and contracts. They also help the organization comply with laws and regulations and handle legal issues.
• Departments with Overlapping InfoSec Interests: They are the business units or functions that have a stake in information security, such as finance, audit, operations, marketing, etc. They collaborate with InfoSec management on risk identification, assessment, and mitigation.
• The Human Resources Department (HR): They manage the recruitment, training, development, and retention of information security staff and contractors. They also ensure security awareness and compliance among employees and contractors and handle personnel issues.
• The Public Relations (PR) Department: They communicate with external stakeholders on information security matters. They also manage the reputation and image of the organization and handle crisis or incident response.
• General Users of Information Systems: They are the end-users of information systems and data. They have a duty to protect and use them securely and responsibly and report security incidents or breaches.
• Other Stakeholders: They are the external parties that have an interest or influence on information security, such as suppliers, vendors, consultants, auditors, etc. They have to comply with security requirements and expectations and provide assurance and evidence

(II) Jahmari

1. The text and slides mention a few methods of "exercises" an organization can do for Incident Response. Do you believe these exercises to be useful? If you do or not, please elaborate as to why. Which of the methods do you believe would provide useful training and why? These exercises would prove to be useful. While no one likes to be tested, these exercises will definitely get you in shape if any real situation were to happen. Like the pdf said, going through theses tests would hurt at the moment but it will do more good than bad for the individual. Learning this way may be the most helpful way for people to retain information and spot any issues a person may have with their work. 2. What is the importance of placing your IR plans, if hard-copy in a secure location, and digital, in an encrypted format? If hard-copy, ir plans need to be placed in a noticeable spot. With the ir plan in a noticeable place, it would make it an easy find in case of any incident that may happen on the job. With the digital format, its key to have the ir plan encrypted. The file would be rendered useless if it was in a place where it's easily accessed and not encrypted. If hackers got a hold of it they would know how to maneuver through a companies response to an attack. 3. An IRPT has a lot of stakeholders, from Slide 8, rank the importance of the stakeholder from the top being most important to least important. Provide a high-level review of why youve ordered them so. Other stakeholders, general users for info systems, dept's that have overlapping infosec interest, pr dept, hr dept, it management, general management, infosec dept, legal dept. I've curated my list this way to show least to most important. The first three don't have much need of depth in the irpt line. Since they don't really need as much access as higher ranked individuals. Pr and hr will need more access due to handlings of certain criteria within the company but not so much more than the first three. The next two have a higher rank due to the access and legalities that come with their job. The last two are the highest since they have more say so than the rest. They are the ones that can put policies in place.