Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

The final blue team incident report will typically run from 7 to 1 0 pages long, double spaced with appropriate citations. Try not to exceed

The final blue team incident report will typically run from 7 to 10 pages long, double spaced with appropriate citations. Try not to exceed 10 pages as this is also measuring your ability to synthesize data and explain it to both technical and non-technical audiences. You should convey how the incident occurred, what happened during the incident, what short term remediations were put into place, what long term remediations need to occur (specifically document if additional tools or people are needed), and finally whether a claim needs to be made to the cyber insurance provider or whether a breach notification needs to occur.
Assignment:
Students are working on the blue team for a financial services organization (e.g. Edward Jones, etc.). You are being asked to prepare a report for the CIO/CISO on an on-going security incident that is being executed against your company from an Eastern European based hacking group.
Although technical, the CIO/CISO is not "in the weeds" so your deliverable should be at the strategic level with a technical section for your team (or cyber insurance provider) for subsequent review. Please feel free to make assumptions as needed as this is designed to measure your real-world applicability of the course content.
For this assignment, students should keep in mind that:
This is essentially a "capstone" like assessment for everything we've talked about in this course. You can essentially apply anything you've learned in this class to this assignment. You should be conducting both technical work via the tools you've learned and administrative reporting in this assignment.
Given the incident response frameworks you've researched in Week 6(e.g. NIST, SANS, etc.), complete a blue team incident response report. If the framework does not include an executive summary at the beginning, you must include one for your CIO/CISO.
Students can either re-create, use an existing, or assume the red team attack vector (e.g. phishing, lateral movement, PCAPs, etc.), but you should provide some documentation on what the attack looks like from the outside entity.
Students should generate representative screen shot artifacts as applicable to supplement their reports with tools we've covered in the class on ideas to counter this attack vector.
At a minimum, the report should include:
Executive Summary (which is essentially a summary of your detailed report below)
Detailed explanation on:
How the incident occurred
What happened during the incident
Short term remediations put into place
Long term remediations needed for the roadmap
What a claim needs to be made to our cyber insurance provider or whether we need to send a breach notification (and why)
Screen shots (Appendix A)

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Bioinformatics Databases And Systems

Authors: Stanley I. Letovsky

1st Edition

1475784058, 978-1475784053

More Books

Students also viewed these Databases questions

Question

4. Model self-criticism of your own productions.

Answered: 1 week ago

Question

Explain the various methods of job evaluation

Answered: 1 week ago

Question

Differentiate Personnel Management and Human Resource Management

Answered: 1 week ago

Question

Describe the functions of Human resource management

Answered: 1 week ago