Incident Response Plan - Part 1:
Incident Identification, Detection and Analysis
You have been chartered with documenting your company’s Incident Response Plan. The first portion of the plan must address Preparation, Detection and Analysis. Whilean organization's Incident Response Plan would normallyaddress many types of incidents, for the purposes of this assignment you will only be preparing a short report with respect to a single type of incident.
Select an incident scenario of your choosing. Using industry level guidance such as the NIST Computer Security Incident Handling Guide (800-61) for guidance, prepare a short report that answers the following questions. The sections referred to are in the NIST document.
Preparation:
1. Would the organization consider this activity to be an incident? If so, which of the organization’s policies does this activity violate?
2. What measures are in place to attempt to prevent this type of incident from occurring or to limit its impact?
Detection and Analysis:
1. What precursors of the incident, if any, might the organization detect? Would any precursors cause the organization to attempt to take action before the incident occurred?
2. What indications of the incident might the organization detect? Which indications would cause someone to think that an incident might have occurred?
3. How would the incident response team analyze and validate this incident?
4. To which people and groups within the organization would the team report the incident?
5. How would the incident response team prioritize the handling of this incident?