Incident Response and Recovery Recommendations Overview In the cybersecurity industry, something going wrong is a certainty. It’s not if you will experience an incident, but when.

by Posted on

Incident Response and Recovery Recommendations

Overview

In the cybersecurity industry, something going wrong is a certainty. It’s not if you will experience an incident, but when. To be prepared, organizations create incident response plans, business continuity plans, and disaster recovery plans. As an analyst, you will be asked to review and update these plans based on your expertise with the organization’s assets and how they function as a system. It’s your charge to use your proactive mindset to anticipate problems that don’t exist yet and have plans to remediate and respond to them. These plans need to be living documents; they are not something that can be created and not touched until you have a problem. Issues related to business continuity and disaster recovery are critical. The more you practice responding to incidents, the better prepared you will be when time-sensitive issues arise. It is always the goal to return to normal business operations after an incident; however, it is also important to understand and set expectations that it is very likely you will not be able to get your organization back to 100% whole.

In this project, you will experience a malware attack to practice managing an incident in real time. This project will leverage what you have learned throughout your degree program in terms of network defense and security strategies. You will need to look at an organization as a whole to defend against potential problems.

The project incorporates three stepping stones, which will be submitted in Modules Two, Three, and Four. The project will be submitted in Module Six.

In this assignment, you will demonstrate your mastery of the following competencies:

  • Manage and resolve a cybersecurity incident
  • Design business continuity and disaster recovery strategies based on organizational requirements

Scenario

The organization’s help desk gets a call from a user in the Finance department. The user says that they cannot open one of the critical files needed to do the organizational financials. Once at the user’s desk, the help desk technician sees that there is a message on the screen saying that files have been encrypted. The help desk technician, unsure of what to do next, calls you, the cybersecurity analyst. As the help desk technician is talking to you on the phone, the Finance department manager is being notified as well. You walk to the Finance department, look at the computer screen, and realize the user has been infected with ransomware.

You quickly call your manager and let them know what is happening. After the phone call, you start searching the internet to see if there is a publicly available solution (key) to unencrypt the files. You do have the option of paying the ransom; however, this is not the ideal solution, and it requires executive assistance. Also, you have the option of restoring from backup since the backups are stored locally. Cumulative backups are performed once a month. However, you are not sure which departments, other than Finance, have been affected. Similarly, a couple of departments were designed to be segmented off the network, but it was discovered that they were not.

Published by Negota