Introduction
It is important for your incident response strategy to meet the requirements of your organizational context. Write a short introduction summarizing your type of organization, and an overview of the business-critical assets your organization relies on. You can use the information you provided in Module 3’s ongoing project, or Module 5’s online activity submission.
(Write approximately 150 words)
Step 1: Prevention
Describe the measures your organization will take to protect against a cyberattack from both a technical and non-technical perspective.
(Write approximately 150 words)
Step 2: Planning
List the individuals involved in your incident response team and their roles. Ensure that the roles, responsibilities, and structure of your team meets the requirements of your organizational context.
A cyber crisis communication plan is compiled in this phase, but in this incident response plan, include your plan under Step 7: Communication.
(Write approximately 200 words)
Step 3: Preparation
Section 2.3 in Unit 1’s notes details a number of requirements in this step, including reporting mechanisms, the preparation of checklists and jump bags, and auditing procedures. However, for the purpose of this ongoing project, you are required to detail one training exercise the incident response team will undergo. Include specific examples of scenarios or questions, and explain why you have chosen it.
(Write approximately 150 words)
Step 4: Detection
List the tools your organization would use to detect a breach.
(Write approximately 150 words)
Step 5: Analysis
Explain how your organization would analyze whether an incident is a cyberattack. Also describe how you would categorize and prioritize cyberattacks in your organization.
(Write approximately 200 words)
Step 6: Containment
Describe how your organization would prevent a cyberattack from spreading further.
(Write approximately 200 words)
Step 7: Communication
As per Section 4 of the Unit 2 notes, compile a cyber crisis communication plan detailing the internal and external stakeholders your organization would need to communicate to in the event of a breach. Describe what communication channels would be used to communicate with these stakeholders.
(Write approximately 250 words)
Step 8: Eradication
Provide insight into the approaches and decisions the team will take to remove the threat from your organization’s internal system.
(Write approximately 150 words)
Step 9: Recovery
Describe what steps your organization will take to return to its normal operations.
(Write approximately 150 words)
Step 10: Post-event analysis
List the processes that would need to be followed to ensure that lessons learned are implemented.
(Write approximately 150 words)