This week’s assignment we are going to produce an Incident

You will need to use the “Week6-Assignment Guide.pdf” to assist you in filling out this report.

You will fill out the following form using the incident you chose in Week 1.

Company Background Information

What is your main industry sector? ☐ Defense Industry ☐ Financial Services ☐ Healthcare ☐ Biotech/Pharmaceutical ☐ Food Production/Distribution ☐ Utilities (water, power, etc.) ☐ Transportation/port services ☐ Technology ☐ Energy Production (oil, natural gas, etc.) ☐ R&D/University ☐ Manufacturing ☐ Other ________________________

Does your organization consider itself to be a small, small-medium, medium-sized, or large business? ☐ Small Business (less than 100 employees) ☐ Small-Medium Business (100-999 employees) ☐ Medium-sized Business (1,000-9,999 employees) ☐ Large Business (10,000 employees or more)

How long has your organization been dedicating resources to cybersecurity? ☐ Started within the last year ☐ 1-3 years ☐ 3-5 years ☐ More than 5 years

Does your organization have someone responsible for cybersecurity/information security, such as a CISO (Chief Information Security Officer) or Chief Security Officer (CSO)?

Did your organization have someone responsible for cybersecurity/information security, such as a CISO (Chief Information Security Officer) or Chief Security Officer (CSO), at the time of the incident? ( Yes / No )

1 – Type of Incident

Please identify the major category description that best fits this incident. Check all that apply: ☐ Distributed Denial of Service (DDOS) ☐ Destructive WORM ☐ Ransomware/Extortion ☐ Data Theft ☐ Intellectual Property (IP) ☐ Personally Identifiable Information (PII) ☐ Financial Data ☐ Health Records ☐ Other type of data _______________ ☐ Unknown ☐ Web page defacement ☐ Malware (Variant, if known______________) ☐ Zero-Day Malware Attack ☐ SCADA or Industrial Control System Attack ☐ Accident/Human Error ☐ System Failure ☐ Natural or Man-made (Physical) Disaster ☐ Storage/Back-up Failure ☐ Network Intrusion ☐ Third-Party Event ☐ Phishing ☐ Industrial Espionage ☐ Physical Sabotage ☐ Configuration Error ☐ Insider Attack ☐ Lost Device ☐ Outage ☐ Other ☐ Additional Entry . . .

2 – Severity of Incident (See Assignment Guide Page 10 for charts)

Fill out the information in the columns above. Then using the charts on Page 10, specify the Impact level.

3 – Company Posture at Time of Incident

Does your organization use a cyber risk management framework, best practice, regulation or standard as part of its cyber risk management activities?

If Yes, please identify: _________________

If you are required to be certified compliant with a technical regulation or standard, how are you assessed?

☐ Self-Assessed ☐ Self-Assessed with Third-Party Validation ☐ Third-Party Assessment and Validation ☐ Post-Market Surveillance ☐ N/A: Not Required

Are your organization’s risk management practices formally approved and expressed as policy?

Are your organization’s cybersecurity practices regularly updated based on the application of risk management processes to changes in business/mission requirements and a changing threat and technology landscape?

Is cybersecurity integrated into your organization’s enterprise risk management?

Does your organization define risk-informed policies, processes, and procedures?

If Yes, are they implemented as intended

Are they reviewed?

Does your organization have methods in place to respond effectively to changes in risk?

Do your organization’s personnel possess the knowledge and skills to perform their appointed roles and responsibilities?

Does your organization understand its dependencies and partners and receive information from partners that enable collaboration and risk-based management decisions within your organization in response to events?

4 – Timeline of Incident

What is the interval between initial cyber intrusion to target or significant system compromise (including data records compromise)? ☐ Less than 4 hours (almost immediate) ☐ 4-24 hours (less than a day) ☐ 2-7 days (less than a week) ☐ 7-30 days (more than a week, but less than a month) ☐ 30-180 days (between 1 and 6 months) ☐ 180 days-365 days ( 6 months to a year) ☐ More than a year ☐ Unknown (initial date of intrusion, and/or system compromise undetermined

What is the interval between compromise and detection of the incident’s effects? ☐ Less than 4 hours (almost immediate) ☐ 4-24 hours (less than a day) ☐ 2-7 days (less than a week) ☐ 7-30 days (more than a week, but less than a month) ☐ 30-180 days (between 1 and 6 months) ☐ 180 days-365 days ( 6 months to a year) ☐ More than a year ☐ Unknown (initial date of intrusion, and/or system compromise undetermined

What is the interval between detection of the incident and containment/mitigation? ☐ Less than 4 hours (almost immediate) ☐ 4-24 hours (less than a day) ☐ 2-7 days (less than a week) ☐ 7-30 days (more than a week, but less than a month) ☐ 30-180 days (between 1 and 6 months) ☐ 180 days-365 days ( 6 months to a year) ☐ More than a year ☐ Unknown (initial date of intrusion, and/or system compromise undetermined

5 – Apparent Goal of Attackers

What was the attacker’s apparent end-state goal? Check all that apply.

☐ Acquisition/Theft – Illicit acquisition of valuable assets for resale or extortion in a way that preserves the assets’ integrity but may incidentally damage other items in the process.

☐ Business Advantage – Increased ability to compete in a market with a given set of products. The goal is to acquire business processes or assets.

☐ Technical Advantage – Illicit improvement of a specific product or production capability. The primary goal is to acquire production processes or assets rather than a business process.

☐ Damage to Property – Injury to the target organization’s physical/electronic assets, or intellectual property.

☐ Bodily Injury/Death – Injury to or death of the target organization’s personnel.

☐ Denial – Prevent the target organization from accessing necessary data or processes.

☐ Disruption of System/Service Availability – Interference with or degradation of the target organization’s legitimate business transactions.

☐ Production Loss – Reduction or halting of the target organization’s ability to create goods and services by damaging or destroying its means of production.

☐ Environmental Harm – Adverse impact to land, air, or water resources.

☐ Degradation of Reputation – Public portrayal of the target organization in an unflattering light, causing it to lose influence, credibility, competitiveness, or stock value.

☐ Unknown – Intent of the attack is not known.

☐ Not Applicable – Attack does not appear to have been an intentional/hostile incident.

☐ Additional Entry . . .

6 – Contributing Causes

Incident Progression	Step 1	Step 2	Step 3	Step 4	Step 5	Step 6
Intentionally caused or conducted by third party vendor	☐	☐	☐	☐	☐	☐
Unintentionally/negligently introduced through third party information sharing partner (e.g., link to an infected site, or poor protection of shared materials)	☐	☐	☐	☐	☐	☐
Third party vendor infrastructure (e.g., remote access connection)	☐	☐	☐	☐	☐	☐
Third party vendor account credentials	☐	☐	☐	☐	☐	☐
Data was under third party control when compromised	☐	☐	☐	☐	☐	☐
Direct access by Insider	☐	☐	☐	☐	☐	☐
Physical access by unauthorized personnel	☐	☐	☐	☐	☐	☐
Spear phishing email attachment	☐	☐	☐	☐	☐	☐
Spear phishing email link	☐	☐	☐	☐	☐	☐
Poor Passwords	☐	☐	☐	☐	☐	☐
Stolen Authorized Credentials	☐	☐	☐	☐	☐	☐
Employee Human Error in authorized procedure (e.g., distracted/multitasking, inadequate training)	☐	☐	☐	☐	☐	☐
Employee Human Error – unauthorized/reckless activity (system or authorization misuse, benign shortcuts, etc.).	☐	☐	☐	☐	☐	☐
Improper sensor tuning	☐	☐	☐	☐	☐	☐
Malicious Insider Activity	☐	☐	☐	☐	☐	☐
Unauthorized Device (e.g., personal laptop)	☐	☐	☐	☐	☐	☐
Misconfigured Device (firewall, router, switch)	☐	☐	☐	☐	☐	☐
Compromised mobile media (e.g. USB)	☐	☐	☐	☐	☐	☐
Compromised firmware	☐	☐	☐	☐	☐	☐
Known vulnerability not patched	☐	☐	☐	☐	☐	☐
Previously unknown vulnerability	☐	☐	☐	☐	☐	☐
Brute Force attack	☐	☐	☐	☐	☐	☐
Virus w/ A/V	☐	☐	☐	&#x26 Collepals.com Plagiarism Free Papers Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers. Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS Why Hire Collepals.com writers to do your paper? Quality- We are experienced and have access to ample research materials. We write plagiarism Free Content Confidential- We never share or sell your personal information to third parties. Support-Chat with us today! We are always waiting to answer all your questions. In a paragraph, share what you learned from your Survey res Share links to two sources from the Shapiro Library that yo Related Posts computer science What best practices should Sifers-Grayson follow when establishing a SOCC? In your talking points, you should address how your selected best prac computer science Technology Briefing for Sifers-Grayson Executives Must post first.Subscribe You are approaching the end of your time supporting Sifers-Grayson. Y computer science Describe one situation where it is most appropriate to use symmetric encryption and one situation where it is most appropriate to use asymmetric All Rights Reserved Terms and Conditions College pals.com Privacy Policy 2010-2018