97%(37)36 out of 37 people found this document helpful
This preview shows page 15 - 18 out of 30 pages.
the systems; File integrity checker to detect changes to important files during attack incidents and awareness programs for both internal and external users to keep them abreast of the latest attack incidents and to create a reporting route after anomalies have been identified (Cichonski et.al., 2012).The Containment, Eradication and Recovery phase is used to manage incident attacks before they overwhelm the system and result into more fatal damages, using predetermined procedures such as disabling system functions or shutting down the systems and disconnecting them from the network to mitigate the effects of any attack (Cichonski et.al, 2012). Finally the post incident activity phase is used by the organization or response team to reflect on the new threats and use lessons learned to improve on incident response plan (Cichonski et.al, 2012).
Information Assurance Plan16The incident response plan created will be used in responding to a variety of potential threatsor security incidents that have been identified at CFZ such as Unauthorized access or unauthorized privilege escalation and data breaches, Denial or Distributed Denial of Service Attacks, Firewall Breaches, Viruses and malware outbursts,Theft or physical loss of equipment, andInsider Threats (Rouse, 2014).To mitigate these issues, some of the recommended actions that have been put in place at CFZ includes the following:Incident TypeKill ChainStagePriorityLevelRecommended ActionUnauthorized AccessExploitation & InstallationHighDetect, monitor and investigate unauthorized access attempts with priority on those that mission critical or contain sensitive data.Unauthorized Privilege EscalationExploitation & InstallationHighCritical systems are configured to record all privileged escalation events and set alarms for unauthorized privilege escalation attempts.Data BreachSystem CompromiseHighDuring a data breach, all evidence is captured carefully and evidentiary data is collected. Alarms are set to alert system and administrators and emergency systemshut down and data recovery steps is initiated.All critical documents or data are backed up on a different system. Denial or Distributed Denial of Service AttacksExploitation & InstallationHighAn IPS is implemented to monitor, detect and automatically terminate all traffic patterns that steps out of the normal behavior of the system. Viruses or Malware Delivery & AttackLowRemediate any malware infections as quickly as possible. The rest of the network needs to scanned to ensure no further compromise were associated with the outbreak.Insider BreachSystem CompromiseHighUser accounts are routinely monitored using system log events and security information and event management products that can generate alerts based on
Information Assurance Plan17the analysis of log filesTheft of Physical LossSystem CompromiseHighWhole disk encryption is used to protect all laptops and mobile devices. Lockout screen or remote wiping is lost or stolen