General forensic investigation. The response aspects of the

General Question

Scenario 1

How many incident response team members would participate
in handling this

incident?

 

Members
will alternate depending on the skill sets required to assist during an
incident. Teams will differ in size based on the need. This team will remain
active until the incident is end. This team will be responsible for response and
recovery. The response duties of the team are to conduct triage of the
incident, assist in containment of the incident, gather evidence for the post mortem
report and if requested, conduct or assist in a forensic investigation. The
response aspects of the team are centralized about damage assessment and return
it to normal operations, rebuilding back the serves and systems. . The CIRT
should include the Management Group, Information Security Team, IT Contact
Team, Security Team, Financial Auditor, and Human Resources Team.

 

The Management
Group should be involved in the entire security process including the evaluating
security, selecting a team, developing a policy, exercising the plan, and
handling incident response. During an incident, the role of Management in
addition to provide the team the authority that they need to operate and to
make the big decisions based on input from the other members of the team. Management
Team is the team that can make the big decisions, but without management’s
support, the team will likely never be an effective resource. Therefore, it is necessary
to have a member of upper level management on the team.

 

The role
of Information Security Team are evaluating the level of the damage,
containment, basic forensics, and recovery. They are the variable assets not
just as a result of the capacity to deal with a huge number of occurrences. However,
for their capacity to give options and implications of these choices to
administration and different individuals from the group.

 

The
responsibility of IT Department is to care about the university data. In the
even of an incident, the IT team will have the need to know what areas of the
network are off limits and where the data can be accessed. If without the IT
members in the CIRT, it may discover the evidence over written by a well-meaning
tech who discovered a corrupted database and replaced it from a backup. The IT
Team member’s roll is to relief the results to system and users, and to assist
the Information Security team with technical problems as required.

 

An IT auditor to ensure that all
procedures are handled appropriately and that any outdated procedures are
noted. IT auditors are most useful after the event and are tasked with learning
why the incident occurred and discovering preventative future strategies.

 

Besides the incident response team,
what groups within the organization would be

involved in handling this incident?

 

Other than incident response team, Financial Auditor, Attorney
and Human Resources also involving in the incident.

 

When an incident occurs, the Financial Auditors are to put a
monetary figure on the damage that has happened as the result of an incident. A
financial value however is frequently required for insurance companies. Financial Auditor on the Computer
Security Incident Response Team has the hardest job to do when an incident
occurs putting a monetary figure that has occurred as a result of an incident
for insurance companies and to press charges under the National Information
Infrastructure Protection Act.

 

Attorney is the member as a
lawyer who is very familiar with established incident response policies and supplying
a CIRT with legal advice. Their role is to ensure the usability of any evidence
collected during an investigation in the event that the company chooses to take
legal action. Before an incident occurs, the Legal Representative should have
contribution on observing and reaction strategies to guarantee that the
association isn’t being put at lawful hazard during a cleanup or regulation
operation. It is essential to consider the legitimate ramifications of shutting
down a system and conceivably disregarding administration level understandings
or potentially violating with your clients, or not shutting down an involved
system and being at risk for harms caused by attacks launched from that system.

 

The Human Resource Team is to offer expertise on how best to handle the
issues
involving staff and post-incident procedure methods. Alerts the CIRT
of any unusual employee behavior patterns during a critical incident or investigation.
Manages internal rumors and fields internal questions from the employee base
that are not associated with an incident. Human Resource will generally not be
called upon to support with an incident until after an investigation has begun,
and only in the incident that the staff is discovered to be involved.

 

To which external parties would the
team report the incident? When would each

report occur? How would each report
be made? What information would you

report or not report, and why?

 

Federal Information Security Management Act (FISMA)
requires Federal agencies to report incidents to the United States Computer
Emergency Readiness Team (US-CERT), which is a governmentwide incident response
organization that assists Federal civilian agencies in their incident handling
efforts. US-CERT does not replace existing agency response teams, it augments
the efforts of Federal civilian agencies by serving as a focal point for
dealing with incidents. US-CERT analyzes the agency-provided information to
identify trends and indicators of attacks; these are easier to discern when
reviewing data from many organizations than when reviewing the data of a single
organization.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Scenario
2

How many incident
response team members would participate in handling this

incident?

 

The
Computer Incident Response Team is a carefully selected and well-trained group
of people whose purpose is to promptly and correctly handle an incident so that
it can be quickly contained, investigated, and recovered from. The members
included in the CIRT are depend largely on the needs and resources of the
company. The CIRT should include the Management Group, Information Security
Team, IT Contact Team, Security Team, Financial Auditor, and Human Resources
Team.

Security
Team is the team that responsible for physical security. Their roles are
included evaluation of
any physical harm, examination of physical confirmation, and guarding evidence during
a legal sciences examination to keep up a chain of evidence.

Besides the incident response team,
what groups within the organization would be

involved in handling this incident?