Fill This Form To Receive Instant Help
Fill This Form To Receive Instant Help
Homework answers / question archive / ANALYSIS RESPONSE Many organizations marginalize the management of the security of their infrastructure in hopes that they will not be the target of cyberattacks
ANALYSIS RESPONSE
Many organizations marginalize the management of the security of their infrastructure in hopes that they will not be the target of cyberattacks. However, cyberattacks happen frequently and tend to become more sophisticated over time. In reality, every organization is a likely target of malicious actors. These attacks result in a range of impacts on an organization and its core business and could significantly interrupt operations.
To be proactive, organizations need to have structures, processes, and plans in place to counter and respond to potential attacks and to deal with the consequences of successful attacks. A suitable security management plan and well-defined security goals that support the overall goals of the organization can ensure a reasonable level of business continuity, even in the case of security incidents.
In any organization, the individuals on the IT staff must work together to support the security goals of the organization. These individuals play significant roles in detecting and preventing security incidents before they occur. In the case of successful attacks, security management professionals are tasked with acting quickly to mitigate the attack’s effects.
In this assessment, you will refer to the attached “Case Study,” which contains details regarding a security incident at a small non-governmental organization (NGO). In part I of this task, you will analyze the security incident and provide specific examples and details from the case study to support your risk assessment. In part II, you will create a plan to effectively address the aftermath of the incident and manage the NGO’s ongoing security risks.
REQUIREMENTS
Your submission must be your original work. No more than a combined total of 30% of the submission and no more than a 10% match to any one individual source can be directly quoted or closely paraphrased from sources, even if cited correctly. An originality report is provided when you submit your task that can be used as a guide.
You must use the rubric to direct the creation of your submission because it provides detailed criteria that will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
Part I: Incident Analysis and Response
A. Determine why the attack on Azumer Water’s infrastructure was successful, including the specific vulnerabilities that allowed the attack to occur. Provide details from the case study to support your claims.
B. Explain how the confidentiality, integrity, and availability of Azumer Water’s operations and PII (personally identifying information) data have been compromised, using NIST, ISO 27002, or another industry-standard framework to support two claims of compromise.
C. Identify a federal regulation this NGO violated, providing a specific example from the case study as evidence of Azumer Water’s noncompliance.
D. Recommend immediate steps to mitigate the impact of the incident, using specific examples from the case study to justify how these steps would mitigate the impact.
E. Explain how having an incident response plan in place will benefit Azumer Water, using details from the case study to support your explanation.
Part II: Risk Assessment and Management
F. Discuss two processes to increase information assurance levels within the organization and bring Azumer Water into compliance with the violated federal regulation identified in part C.
G. Recommend technical solutions to counter the remaining effects of the attack in the case study and to prevent future attacks.
H. Recommend an organizational structure for IT and security management, including a logical delineation of roles and adequate coverage of responsibilities, to support the efficient discovery and mitigation of future incidents.
I. Describe your risk management approach for Azumer Water based on the likelihood, severity, and impact categorization of two risks in the case study.
J. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
K. Demonstrate professional communication in the content and presentation of your submission.
COMPETENCIES
A: SUCCESS OF ATTACK: The submission determines a plausible cause for the success of the attack, including specific vulnerabilities and details from the case study to support the claims.
B: COMPROMISED DATA: The submission explains how the confidentiality, integrity, and availability of Azumer Water’s operations and PII have been compromised and supports 2 claims of compromise with an industry-standard framework.
C: REGULATORY COMPLIANCE: The submission identifies a federal regulation that Azumer Water violated and provides a specific example from the case study that shows evidence of Azumer Water’s noncompliance.
D: IMMEDIATE STEPS: The submission recommends immediate steps that would plausibly mitigate the impact of the incident and justifies these steps with specific examples from the case study.
E: INCIDENT RESPONSE PLAN: The submission explains the benefits of having an incident response plan in place at Azumer Water, using details from the case study to support the explanation.
F: PROCESSES : The submission discusses 2 processes that would increase information assurance levels within the organization and bring Azumer Water into compliance with the violated federal regulation identified in part C.
G: TECHNICAL SOLUTIONS: The submission recommends technical solutions that would counter the remaining effects of the attack and prevent future potential attacks.
H: ORGANIZATIONAL STRUCTURE: The submission recommends an organizational structure, including a logical delineation of roles and adequate coverage of responsibilities, for IT and security management that would plausibly support the efficient discovery and mitigation of future incidents.
I: RISK MANAGEMENT APPROACH: The submission describes the risk management approach for Azumer Water based on the likelihood, severity, and impact categorization of 2 risks in the case study.
J:SOURCES: The submission includes in-text citations for sources that are properly quoted, paraphrased, or summarized and a reference list that accurately identifies the author, date, title, and source location as available. Or the candidate does not use sources.
K: PROFESSIONAL COMMUNICATION: Content reflects attention to detail, is organized, and focuses on the main ideas as prescribed in the task or chosen by the candidate. Terminology is pertinent, is used correctly, and effectively conveys the intended meaning. Mechanics, usage, and grammar promote accurate interpretation and understanding.
