Create A CIRT Response Plan For A Typical IT Infrastructure.

04 May Create A CIRT Response Plan For A Typical IT Infrastructure.

ISE 510 Security Risk Analysis & Plan

Week 6 HW

Create an CIRT Response Plan for a Typical IT infrastructure

30 points

<Last Name, First Name>

Due <DATE>

Submitted on <DATE>

If late let me know why:

=====================================

Delete these instructions in blue font before submission:

Change file name to HW#6_LAST_FIRST

A few comments up front:

This exercise will help with Milestone #3

Resources

Read (best info comes from here!): Chapter 15: Gibson, D. (2004). Managing Risk in Information Systems, 2nd ed. (eBook). Jones & Bartlett Learning.

Read: JBL lectures TOPIC 3: CIRT Response Plan for a Typical IT infrastructure

— Other resources that will be helpful:

Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer Security Incident Handling Guide Recommendations of the National Institute of Standards and Technology (rev 2). Retrieved fromhttp://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

Valentin, J. (2013). Building an incident response team and IR process. Retrieved from http://resources.infosecinstitute.com/building-an-incident-response-team-and-ir-process/

SEI (n.d.) Create a CSIRT. Retrieved from http://www.cert.org/incident-management/products-services/creating-a-csirt.cfm

Wright, C. (2011). Incident handler’s handbook. Retrieved from https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901

The figure below is a Mock IT infrastructure of “ASA Schools online” where they provide learning content to remote students that sign-up over the Internet. The student workstations can be anywhere in the world, but mostly they are from the US. You don’t have to be a CISCO Architecture to do this assignment. The point here that each of the 7-Domains are present (user, workstation, LAN, WAN-to-WAN, WAN, application, and remote access). These are shown in Appendix.

Figure 1: Mock IT Infrastructure – Copied from JBL LAB Manual

PART I

1. Build a CIRT Plan

a. Purpose

Identify the purpose of a CIRT Plan.

b. Roles and Responsibilities of the CIRT Plan.

Identify the Roles and Responsibilities of the CIRT Plan, (see Ch 15 of our text, supplement as you would like.)

c. Proposed CIRT Plan: In each of the below phases, describe what a company should be doing, either proactively or during an active security breach, to enhance their Incident Response.

1) Preparation 2) Identification 3) Containment 4) Eradication

5) Recovery 6) Lessons Learned

d. The Incident Response Process:

Describe how the Incident Response process works from Preparation, the discovery of a new incident, all the way through Lessons Learned.

This must include business recovery process – step 5 above.

PART II Answer these questions about CIRT Plans

1. How might ASA Schools know if they were being attached by a DOS?

2. Inappropriate usage incidents occur when users violate internal policies. Give two examples of this from our textbook (and page number):

3. One of the important steps when handling an incident is to identify the impact and priority of the incident. Suppose ASA Schools has a virus that is propagating from an email server in the virtualized server farm. As a CIRT member, you get these results:

Current effect rating—Minimal, score of 8 (based on TABLE 15-1)

Projected effect rating—Critical, score of 92 (based on TABLE 15-1)

Criticality rating—Medium, score 61 (based on TABLE 15-2)

Then calculate the Impact Score:

Impact Score = (Current Effect Rating x .25) + (Projected Effect Rating x .25) + (Criticality Rating x .5). Show the math

What is the Incident impact rating from Table 15-3?

4. How Does a CIRT Plan Mitigate an Organization’s Risk?

References

As academic practitioners, I’d recommend over 3 references (preferably over 5) placed here. I’d like you to “up your game” in the area of APA references. Remember, you’re experienced Graduate School students, and as such, you should be equipped to handle investigating strong academic papers and resources.

Appendix – Seven major areas of risk in IT infrastructure

From: Jones and Bartlett Learning, TOPIC 1.

Here are the seven major areas of risk in IT infrastructure: (See Image below).

1. USER: The user domain risk areas include user names, passwords, biometric or other authentication, and social engineering.

2. WORKSTATION: In the workstation domain, the risk areas include end user systems, laptops, desktops, and cells phones. The “desktop domain” where most users enter the IT infrastructure

3. LAN: In the local area network (LAN) domain, the risk areas include the equipment required to create an internal LAN, such as hubs, switches, and media. Small network organized by function or department, allowing access to all resources on the LANs.

4. LAN-to-WAN: The risk areas in the LAN-to-wide area network (WAN) domain include the transition area between the LAN and the WAN, including the router and the firewall. The point at which the IT infrastructure joins a WAN and the Internet

5. WAN: The WAN domain risk areas include the routers and circuits connecting the WAN. The point at which the WAN connects to other WANs via the Internet

6. APPLICATION: In the system, or application, domain, the risk areas include the applications you run on your network, such as e-mail, database, and Web applications. Holds all of the mission-critical systems, applications, and data

7. REMOTE ACCESS: The risk areas in the remote access domain include applications, such as a virtual private network (VPN) to guide remote or travelling users. Connects remote employees and partners to the IT infrastructure

Seven major areas of risk in IT infrastructure

1