Incident response paper
Assignment: SEC6060 incident Paper 2016 SP 1 Due: Due via blackboard by Sunday 2/21@ midnight.
- Minimum 5 pages of content, exclusive of cover and reference pages.
- Please don’t exceed 7 pages of content. Succinct writing is generally preferred in business.
- Follow formal APA format. Include Cover and citations, just ignore them for the page count.
- Use good business style. Be succinct, direct, and understandable.
- Remember that your audience (the board of directors) is NOT technically savvy.
- You must include the appropriate citations, including your textbook if referenced. I expect a minimum of at least 3 citations, but use as many as appropriate. If you are referring to or recommending particular standards or guidelines, please provide a citation for them as well.
Citations! I can’t emphasize that enough. Students can cite as many sources as needed, but not citing a source will cause you grief! Also: SafeAssign is not a plagiarism detector; so don’t copy from another student’s paper, and don’t paste text unless you cite it. The best way to avoid plagiarism is to get your paper done early.
Draft Review: If you post your paper by 2/6, I am willing to review your draft and give a general assessment of any significant flaws.
Your organization has had an information security incident. You are assigned your own specific incident (from the attached assignment spreadsheet list). You may supplement the information with published sources; all incidents are real, and you may find additional published accounts of them that add details. You may be a little creative if the published accounts lack critical details, as companies often do not publish all that is known.
You are the CISO (and Incident Response manager) for this organization. Your task is to prepare a detailed brief for your organization’s board of directors, describing & discussing:
- What happened.
- The impact of what happened.
- Why it happened.
- The likelihood of it happening again
- What must be done to prevent it from happening again. (Remediation plan)
Consider the incident from the context of this course and text.
Apply the concepts and tools discussed in the text, and create a useful OUTLINE of a remediation plan.
Some ideas you may want to consider while you work on this:
- What policy failures/gaps may have led to the incident?
- What can be done to prevent a recurrence? (note: is it preventable?)
- What is the impact, short and long term to :
- The public
- Is this impact financial, reputational/trust, inconvenience?
- What is the likely cost in $?
- What (if anything) went wrong during the initial response to the incident?
- Are there any deep organizational problems that led to the incident occurring?
- Were there organizational maturity issues that contributed to the likelihood of, or affected the effectiveness of the response to the incident?
- What mitigation strategies can help?