CIS 359 Week 2 Assignment 1 Continuity Planning Overview

 

Assignment 1: Continuity Planning Overview

Week 2

 

Suppose you were recently hired for a new initiative as a business continuity lead / manager at a medium-sized healthcare company. You have been asked to prepare a presentation to the Board of Directors on your main duties for the company and how your position could help protect the business in case of a large-scale incident or disaster. You have been alerted that since this is a new initiative and could come with a potentially large price tag, there is skepticism from some of the Board members.

 

Write a three to four (3-4) page paper in which you:

 

  1. Explain the basic primary tasks, ongoing evaluations, and major policy and procedural changes that would be needed to perform as the BC lead / manager.
  2. Provide insight on how to plan the presentation to garner management and Board buy-in for those who are skeptical.
  3. Discuss the first four (4) high-level activities that would be necessary in starting this initiative in the right direction and describe the potential pitfalls of each.
  4. Speculate on the most comprehensive and / or critical challenge(s) in the infancy of this initiative and explain how to overcome that challenge(s).
  5. Use at least three (3) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.

 

 

The specific course learning outcomes associated with this assignment are:

  • Compare and contrast the methods of disaster recovery and business continuity.
  • Explain risk management in the context of information security.
  • Use technology and information resources to research issues in disaster recovery.
  • Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

CIS 359 Week 3 Case Study 1: Stuxnet and U.S. Incident Response

 

Case Study 1: Stuxnet and U.S. Incident Response

Week 3

 

Read the article titled “When Stuxnet Hit the Homeland: Government Response to the Rescue,” from ABC News, located at http://abcnews.go.com/blogs/headlines/2012/06/when-stuxnet-hit-the-homeland-government-response-to-the-rescue/ and consider this threat in terms of incident response and recovery procedures.

 

Write a three to four (3-4) page paper in which you:

 

  1. Explain the role of US-CERT in protecting the nation’s industrial systems and analyze its efforts in relation to preparedness and incident and recovery management.
  2. Discuss the efforts of ICS-CERT specifically to the Stuxnet threat and examine its incident response efforts to mitigate this risk against U.S. industrial systems.
  3. With the sophistication of the primary sites of industrial system implementations, determine whether or not alternate sites (e.g., hot site) are feasible for organizations that utilize ICS technologies. Provide a rationale.
  4. Explain the high-level planning needed for an industrial systems organization that utilizes ICS technologies to prepare for attacks from cyber threats such as Stuxnet.
  5. Use at least four (4) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.

 

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

 

The specific course learning outcomes associated with this assignment are:

  • Summarize the various types of disasters, response and recovery methods.
  • Describe detection and decision-making capabilities in incident response.
  • Use technology and information resources to research issues in disaster recovery.
  • Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

 

CIS 359 Week 4 Assignment 2: Incident Response (IR) Revamp

 

Assignment 2: Incident Response (IR) Revamp

Week 4

 

Imagine you have just taken over the manager position for your organization’s incident response team, after coming from another division in the company. Your first realization is that proper procedures, best practices, and sound technologies are not being utilized. You decide to revamp the team’s efforts.

 

Write a two to three (2-3) page paper in which you:

  1. Explicate the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures.
  2. Discuss in detail the role that an IDS / IPS would play in the IR efforts, and explain how these systems can assist in the event notification, determination, and escalation processes.
  3. Explain how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident-handling procedures are taken.
  4. Explain how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts, and describe the potential issues that could arise if not utilized.
  5. Use at least three (3) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.

 

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

 

The specific course learning outcomes associated with this assignment are:

  • Summarize the various types of disasters, response and recovery methods.
  • Describe detection and decision-making capabilities in incident response.
  • Use technology and information resources to research issues in disaster recovery.
  • Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

 

CIS 359 Week 6 Assignment 3 Incident Response (IR) Strategic Decisions

 

Suppose that you have been alerted of a potential incident involving a suspected worm spreading via buffer overflow techniques, compromising Microsoft IIS Web servers. As the IR Team leader, it is your responsibility to determine the next steps.

 

Write a two to three (2-3) page paper in which you:

  1. Explain in detail the initial steps that would need to be made by you and the IR team in order to respond to this potential incident.
  2. Construct a process-flow diagram that illustrates the process of determining the incident containment strategy that would be used in this scenario, and identify which containment strategy would be appropriate in this case, through the use of graphical tools in Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.
  3. Construct a process flow diagram to illustrate the process(es) for determining if / when notification of the incident should be relayed to upper management, and explain how those communications should be structured and relayed through the use of graphical tools in Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.
  4. Detail the incident recovery processes for the resolution of this incident.
  5. Use at least three (3) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.

 

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

 

The specific course learning outcomes associated with this assignment are:

  • Summarize the various types of disasters, response and recovery methods.
  • Develop techniques for different disaster scenarios.
  • Use technology and information resources to research issues in disaster recovery.
  • Write clearly and concisely about disaster recovery topics using proper writing

 

CIS 359 Week 8 Assignment 4 Disaster Recovery (DR) Team

 

Assignment 4: Disaster Recovery (DR) Team

Week 8

 

Consider a scenario where the contingency planning management team (CPMT) of your organization has designated you as the disaster recovery team leader, and the preparation and planning of this component of the security program is now under your purview with a team of 11 employees including yourself.

 

Write a two to three (2-3) page paper in which you:

  1. Detail the DR team roles, responsibilities, and sub teams that would be implemented, and construct an organizational chart for the team through the use of graphical tools in Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.
  2. Describe the proper procedures and policies that would be implemented specific to the DR team personnel as well as special equipment that would be required.
  3. Draft an executive summary to the DR plan and explain the purpose of the plan and high-level specifics for upper management.
  4. Use at least three (3) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.

 

 

The specific course learning outcomes associated with this assignment are:

  • Develop a disaster recovery plan for an organization.
  • Compare and contrast the methods of disaster recovery and business continuity.
  • Develop techniques for different disaster scenarios.
  • Use technology and information resources to research issues in disaster recovery.
  • Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

 

CIS 359 Case Study 2: Disaster Recovery (DR) Lessons Learned: September 11th

 

Case Study 2: Disaster Recovery (DR) Lessons Learned: September 11th

Week 7

 

Read the article titled “9/11: Top lessons learned for disaster recovery,” from Computerworld.com, located athttp://www.computerworld.com/s/article/9219867/9_11_Top_lessons_learned_for_disaster_recovery, and consider the effects the attacks of September 11, 2001, have had on technology recovery efforts.

 

Write a two to four (2-4) page paper in which you:

  1. Explain how the attacks affected risk management in organizations and have prompted an increased justification for recovery-based objectives, initiatives, and expenditures.
  2. Analyze the use of social media and other current methods of communication for emergency notifications during an incident or disaster situation.
  3. Determine whether or not organizations need to consider distanced geographic locations when preparing for backup operations / data centers, and determine the effects that recovery point objectives (RPO) and recovery time objectives (RTO) have on these decisions.
  4. Evaluate the use of cloud services as tools for recovery operations within an organization, and explain how they could increase or decrease the effectiveness of recovery operations.
  5. Determine whether or not cloud services are ideal recovery options for organizations regardless of their size. Provide a rationale to support the answer.
  6. Use at least four (4) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.

 

 

The specific course learning outcomes associated with this assignment are:

  • Explain risk management in the context of information security.
  • Summarize the various types of disasters, response and recovery methods.
  • Compare and contrast the methods of disaster recovery and business continuity.
  • Explain and develop a business continuity plan to address unforeseen incidents.
  • Develop techniques for different disaster scenarios.
  • Use technology and information resources to research issues in disaster recovery.
  • Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

 

CIS 359 Midterm Exam Preparation Study Guide

 

A(n) ____ is an object, person, or other entity that is a potential risk of loss to an asset.

 

The term ____ refers to a broad category of electronic and human activities in which an unauthorized individual gains access to the information an organization is trying to protect.

 

____ of risk is the choice to do nothing to protect an information asset and to accept the outcome of its potential exploitation.

 

Information assets have ____ when they are not exposed (while being stored, processed, or transmitted) to corruption, damage, destruction, or other disruption of their authentic states.

 

____ is the risk control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation

 

A(n) ____ is an investigation and assessment of the impact that various attacks can have on the organization.

 

A(n) ____ is any clearly identified attack on the organization’s information assets that would threaten the assets’ confidentiality, integrity, or availability.

 

____ is the process of examining, documenting, and assessing the security posture of an organization’s information technology and the risks it faces.

 

A ____ attack seeks to deny legitimate users access to services by either tying up a server’s available resources or causing it to shut down

 

An organization aggregates all local backups to a central repository and then backs up that repository to an online vendor, with a ____ backup strategy.

 

A(n) ____ is often included in legal documents to ensure that a vendor is not liable for actions taken by a client.

 

A ____ is a synonym for a virtualization application.

 

A ____ is an agency that provides physical facilities in the event of a disaster for a fee.

 

A ____ is a contractual document guaranteeing certain minimal levels of service provided by a vendor.

 

A(n) ____ backup only archives the files that have been modified since the last backup.

 

Considered to be the traditional “lock and copy” approach to database backup, _____ require the database to be inaccessible while a backup is created to a local drive.

 

RAID 0 creates one logical volume across several available hard disk drives and stores the data using ____, in which data segments are written in turn to each disk drive in the array.

 

____ uses a number of hard drives to store information across multiple drive units.

Answer

 

The ____ job functions and organizational roles focus on costs of system creation and operation, ease of use for system users, timeliness of system creation, and transaction response time.

 

To a large extent, incident response capabilities are part of a normal IT budget. The only area in which additional budgeting is absolutely required for incident response is the maintenance of  ____.

 

The ____ is used to collect information directly from the end users and business managers.

 

What is a common approach used in the discipline of systems analysis and design to understand the ways systems operate and to chart process flows and interdependency studies?

 

The final component to the CPMT planning process is to deal with ____.

 

Which of the following collects and provides reports on failed login attempts, probes, scans, denial-of-service attacks, and detected malware?

 

The ____ is the point in time by which systems and data must be recovered after an outage as determined by the business unit.

 

Within an organization, a(n) ____ is a group of individuals who are united by shared interests or values and who have a common goal of making the organization function to meet its objectives

 

One modeling technique drawn from systems analysis and design that can provide an excellent way to illustrate how a business functions is a(n) ____.:

 

The training delivery method with the lowest cost to the organization is ____.

 

Incident analysis resources include network diagrams and lists of ____, such as database servers.

 

One of the primary responsibilities of the IRP team is to ensure that the ____ is prepared to respond to each incident it may face.

 

The U.S. National Institute of Standards and Technology recommends a set of tools for the CSIRT including incident reporting mechanisms with which users can report suspected incidents. At least one of these mechanisms should permit people to report incidents ____.

 

A(n) ____ is a CSIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization’s information infrastructure for signs of an incident.

 

Should an incident begin to escalate, the CSIRT team leader continues to add resources and skill sets as necessary to attempt to contain and terminate the incident. The resulting team is called the ____ for this particular incident.

 

The responsibility for creating an organization’s IR plan often falls to the ____.

 

A(n) ____ is a detailed examination of the events that occurred, from first detection of an incident to final recovery.

 

A(n) ____ is any system resource that is placed onto a functional system but has no normal use for that system. If it attracts attention, it is from unauthorized access and will trigger a notification or response.

 

Using a process known as ____, network-based IDPSs look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be under way.

 

____ are closely monitored network decoys serving that can distract adversaries from more valuable machines on a network; can provide early warning about new attack and exploitation trends; and can allow in-depth examination of adversaries during and after exploitation.

 

The use of IDPS sensors and analysis systems can be quite complex. One very common approach is to use an open source software program called ____ running on an open source UNIX or Linux system that can be managed and queried from a desktop computer using a client interface.

 

When the measured activity is outside the baseline parameters in a behavior-based IDPS, it is said to exceed the ____ (the level at which the IDPS triggers an alert to notify the administrator).

 

The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications.

 

A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the log files generated by servers, network devices, and even other IDPSs.

 

Those services performed in response to a request or a defined event such as a help desk alert are called ____.

 

The first step in building a CSIRT is to ____.

 

Giving the IR team the responsibility for ____ is generally not recommended.

 

The ____ flow of information needed from the CSIRT to organizational and IT/InfoSec management is a critical communication requirement.

 

When an organization completely outsources its IR work, typically to an on-site contractor, it is called a(n) ____ model.

 

The announcement of an operational CSIRT should minimally include ____.

 

The CSIRT must have a clear and concise ____ statement that, in a few sentences, unambiguously articulates what it will do.

 

In the absence of the assigned team manager, the ____ should assume authority for overseeing and evaluating a provided service