In this assignment, you will complete the final course project focusing on incident response, network investigation, and findings documentation. As a capstone exercise, this will require knowledge th

Stuck with a difficult assignment? No time to get your paper done? Feeling confused? If you’re looking for reliable and timely help for assignments, you’ve come to the right place. We promise 100% original, plagiarism-free papers custom-written for you. Yes, we write every assignment from scratch and it’s solely custom-made for you.


Order a Similar Paper Order a Different Paper

In this assignment, you will complete the final course project focusing on incident response, network investigation, and findings documentation.  As a capstone exercise, this will require knowledge that you have acquired throughout the course.  Thus, in addition to reviewing the links provided, also be sure to review the resources provided throughout the course, as appropriate.

The following Wikipedia article may be a helpful reference to you for this project:

Cyber threat hunting. (2020, January 16). Retrieved January 20, 2020, from https://en.wikipedia.org/wiki/Cyber_threat_hunting. (Links to an external site.)

NIST Security Incident Handling Guide Download NIST Security Incident Handling Guide

Instructions

This project has three parts. For part two, you will take the information you gathered for your four scenarios and combine them into a formal Incident Response Report.  Lastly, you will combine your new report with your Acme Incident Response Report into a single file for submission.

Wireshark and Excel will be used for this project and you may find it helpful to download and install NotePad++ file to view some of the log files. https://notepad-plus-plus.org/downloads/ (Links to an external site.)

Part 2

In part two, you will combine the answers that you completed for your scenarios in Part one into an Incident Response Report. The audience of your report will be the senior leadership of Acme Software and Services.

Report Technical details:

  • Use this template  Download this templatefor your report.
  • Use proper grammar and punctuation and check your paper for clarity.
  • Cite a minimum of three references in your report using APA format.

In this assignment, you will complete the final course project focusing on incident response, network investigation, and findings documentation. As a capstone exercise, this will require knowledge th
CIS425 Final Project Student’s Name Professor’s Name ECPI University Month Year Scenario 1 Analysis Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Recommendations Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries. Scenario 2 Analysis Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Recommendations Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries. Scenario 3 Analysis Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Recommendations Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries. Scenario 4 Incident Report Complete the Incident Report Template. Take that report and write a summary report of evens. Incident Information Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries. Action Plan Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries. Conclusion/Recommendations Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries. References
In this assignment, you will complete the final course project focusing on incident response, network investigation, and findings documentation. As a capstone exercise, this will require knowledge th
Incidence Response Report Name: Institution: Course: Background Acme is a software and service company that runs Microsoft windows ten and other applications. It is a robust company that has been embraced all over the world. In addition, the company’s security system is highly secured to prevent attacks and threats. For example, it uses firewalls and cyber threat hunting to prevent attacks. On the other hand, the employees are advised not to share their security details, including passwords, to avoid attacks. Everyone who wants to access the company needs to be authenticated and verified. However, after network investigation, the following scenarios were identified. Scenario 1: Unauthorized Access to the Company’s System On 8/25/19, at 9:56:09 AM, the unauthorized person was seen leaving the manager’s office and running down the stairs towards the gate. Incidentally, the manager had left his computer on and logged in to the company’s network system. On checking, it was noticed that everything was in place, but the mouse had been interfered with. The manager ordered an immediate investigation to check if the person had interfered with the system by uploading the virus. Scenario 1 Incident Detector’s Information Date/Time of Report 8/25/19 9:56:09 AM First Name Juliana Last Name Wendo OPDIV (Operating Division) Information Systems Title/Position Information administrator Work Email Address [email protected] Contact Phone Numbers +212-4618-7563-3649 +212-7649-6206-1204 Other Reported Incident Information Reporting Person ICT Expert Start Date/Time 8/25/19 10:01:03 AM Incident Location Acme manager’s office Ukraine Impact Description and Severity Levels (Choose one severity level from each category) Functional Impact Minimal Impact to non-critical services Minimal impact to critical services Information Impact Privacy data breach Proprietary information breach Destruction of non-critical systems Critical systems data breach Destruction of critical systems Recoverability Regular Supplemented Priority Rating Medium PII/PHI Compromise? No Privacy Info? No Attack Vector Taxonomy Attrition – brute force to compromise, degrade or destroy Web – web based application or website Email/Phishing – attack executed via email Description of Incident Unauthorized access to the companies system Incident Attributes Location of observed activity Level 3 – Business Network Management/Accounts/Trust stores Level 5 – Critical System Management Level 6 – Critical Systems Additional Support Action Requested Method Detected IDS Number of Hosts Affected 1 Information Sharing Through software and hardware. System Unknown Status Ongoing Attacking Computer(s) Information IP Address / Range Host Name Operating System Ports Targeted System Purpose 17.173.01.165 Homer Microsoft windows RCA connector Hacking Victims Computer(s) Information IP Address / Range Host Name Operating System Ports Targeted System Purpose 98.230.77.123 Bart Apple IOS Display port Transmission of data Action Plan Isolate affected system? Remove affected systems from network – Yes Backup affected system? Verify previous backups for affected systems – Yes Forensics performed Haden zabron & yourie alpha Vulnerability identification Vulnerability was identified. Leaving the computer system open was the main reason for the intrusion. Action Description Unauthorized access Requestor System administrator Assignee Incident response team Time Frame 2 days Status Risks fully identified. Conclusion / Summary Entities Notified DIS Resolution Not fully recovered Lessons Learned Ensure that one logs off from the system Scenario: Compromised Database Server. On a Friday morning, an administrator of the database notices that there are unfamiliar names on the servers when performing morning maintenance on the database servers. The database server administrator reviews any possibility that the database server might have been tampered with. The administrator finds out that the server was attacked after viewing some files and decides to call the incident response team to assist him. The incident response team investigation concludes that the attack had been successful, and the attacker has been on the database server for the last four weeks. Acme Software – Security Incident Report Incident Detector’s Information Date/Time of Report 25/08/19 First Name Morgan Last Name Gerhart OPDIV (Operating Division) Information Security Title/Position Compromised database server Work Email Address [email protected] Contact Phone Numbers +234-1549-1092-1926 +234-1471-2451-1907 Other Reported Incident Information Reporting Person Morgan Start Date/Time Gerhart Incident Location United States Impact Description and Severity Levels (Choose one severity level from each category) Functional Impact -Select all that apply Significant impact to non-critical services Denial of non-critical services Significant impact to critical services Denial of critical services/Loss of control Information Impact Critical systems data breach Core credential compromise Destruction of critical systems Recoverability Extended Priority Rating Medium PII/PHI Compromise? No Privacy Info? No Attack Vector Taxonomy Removable Media Description of Incident Incident Attributes Location of observed activity Level 7 – Safety System Additional Support Action Requested Method Detected Notification Number of Hosts Affected 1 Information Sharing Email System Unknown Status Ongoing Attacking Computer(s) Information IP Address / Range Host Name Operating System Ports Targeted System Purpose 73.124.12.88 Bart Google’s macOS VGA Victims Computer(s) Information IP Address / Range Host Name Operating System Ports Targeted System Purpose 19.172.18.29 Homer Linux operating system USB Action Plan Isolate affected system? Yes Backup affected system? Yes Forensics performed FOR578 course Vulnerability identification No Action Description Compromised database server Requestor Database server administrator Assignee Incident response team Time Frame 4 weeks Status Detected Conclusion / Summary Entities Notified DNS (Domain Name System) Resolution Not recovered Lessons Learned Monitoring all database access activity and usage patterns in real time to detect data leakage, unauthorized SQL and big data transactions, and protocol and system attacks. Formal Incident Response Report Scenario 1: Unauthorized Access NAME OF PERSON REPORTING THE INCIDENT: Fred Miller DATE OF THE INCIDENT: 08/25/19 POINT OF CONTACT: Incidence response team PHONE: +212-4618-7563-3649 EMAIL: [email protected] LOCATION OF THE INCIDENT: Acme company North Carolina SYSTEM AFFECTED: Operating system METHOD OF DETECTION: SIEM correlation ACTION TAKEN: issuing guidelines on mandatory logging out of the system when not around. Scenario 2: Compromised Database Server NAME OF PERSON REPORTING THE INCIDENT: Romano DATE OF THE INCIDENT: 08/25/19 POINT OF CONTACT: incidence response team PHONE: +234-1549-1092-1926 EMAIL: [email protected] LOCATION OF THE INCIDENT: Acme United States SYSTEM AFFECTED: critical data systems METHOD OF DETECTION: encryption ACTION TAKEN: frequent monitoring of databases

Writerbay.net

We’ve proficient writers who can handle both short and long papers, be they academic or non-academic papers, on topics ranging from soup to nuts (both literally and as the saying goes, if you know what we mean). We know how much you care about your grades and academic success. That's why we ensure the highest quality for your assignment. We're ready to help you even in the most critical situation. We're the perfect solution for all your writing needs.

Get a 15% discount on your order using the following coupon code SAVE15


Order a Similar Paper Order a Different Paper