IS311 Security operations

Version:1.0 StartHTML:0000000105 EndHTML:0000099838 StartFragment:0000045668 EndFragment:0000099798               <!–  /* Font Definitions */  @font-face {font-family:Wingdings; panose-1:5 0 0 0 0 0 0 0 0 0; mso-font-charset:2; mso-generic-font-family:auto; mso-font-pitch:variable; mso-font-signature:0 268435456 0 0 -2147483648 0;} @font-face {font-family:”Cambria Math”; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-536870145 1107305727 0 0 415 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-536859905 -1073732485 9 0 511 0;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-520081665 -1073717157 41 0 66047 0;}  /* Style Definitions */  p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:””; margin-top:0in; margin-right:0in; margin-bottom:8.0pt; margin-left:0in; line-height:107%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:”Calibri”,sans-serif; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:”Times New Roman”; mso-bidi-theme-font:minor-bidi;} h1 {mso-style-unhide:no; mso-style-qformat:yes; mso-style-link:”Heading 1 Char”; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; text-align:center; mso-pagination:widow-orphan; mso-outline-level:1; font-size:24.0pt; font-family:”Times New Roman”,serif; mso-fareast-font-family:”Times New Roman”; font-weight:bold;} p {mso-style-unhide:no; mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; mso-pagination:widow-orphan; font-size:12.0pt; font-family:”Times New Roman”,serif; mso-fareast-font-family:”Times New Roman”;} span.Heading1Char {mso-style-name:”Heading 1 Char”; mso-style-unhide:no; mso-style-locked:yes; mso-style-link:”Heading 1″; mso-ansi-font-size:24.0pt; mso-bidi-font-size:24.0pt; font-family:”Times New Roman”,serif; mso-ascii-font-family:”Times New Roman”; mso-fareast-font-family:”Times New Roman”; mso-hansi-font-family:”Times New Roman”; mso-bidi-font-family:”Times New Roman”; mso-font-kerning:18.0pt; font-weight:bold;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-family:”Calibri”,sans-serif; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:”Times New Roman”; mso-bidi-theme-font:minor-bidi;} .MsoPapDefault {mso-style-type:export-only; margin-bottom:8.0pt; line-height:107%;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.WordSection1 {page:WordSection1;}  /* List Definitions */  @list l0 {mso-list-id:1064259664; mso-list-template-ids:-1966857912;} @list l0:level1 {mso-level-number-format:bullet; mso-level-text:ï‚·; mso-level-tab-stop:.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Symbol;} @list l0:level2 {mso-level-number-format:bullet; mso-level-text:o; mso-level-tab-stop:1.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:”Courier New”; mso-bidi-font-family:”Times New Roman”;} @list l0:level3 {mso-level-number-format:bullet; mso-level-text:; mso-level-tab-stop:1.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Wingdings;} @list l0:level4 {mso-level-number-format:bullet; mso-level-text:; mso-level-tab-stop:2.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Wingdings;} @list l0:level5 {mso-level-number-format:bullet; mso-level-text:; mso-level-tab-stop:2.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Wingdings;} @list l0:level6 {mso-level-number-format:bullet; mso-level-text:; mso-level-tab-stop:3.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Wingdings;} @list l0:level7 {mso-level-number-format:bullet; mso-level-text:; mso-level-tab-stop:3.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Wingdings;} @list l0:level8 {mso-level-number-format:bullet; mso-level-text:; mso-level-tab-stop:4.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Wingdings;} @list l0:level9 {mso-level-number-format:bullet; mso-level-text:; mso-level-tab-stop:4.5in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:10.0pt; font-family:Wingdings;} @list l1 {mso-list-id:1372850701; mso-list-template-ids:11668974; mso-list-style-id:1658878059;} @list l1:level1 {mso-level-text:”%1\)”; mso-level-tab-stop:.5in; mso-level-number-position:left; text-indent:-.25in;} @list l1:level2 {mso-level-number-format:alpha-lower; mso-level-text:”%2\)”; mso-level-tab-stop:1.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:12.0pt; color:black;} @list l1:level3 {mso-level-number-format:roman-lower; mso-level-text:”%3\)”; mso-level-tab-stop:1.0in; mso-level-number-position:left; margin-left:1.0in; text-indent:-.25in;} @list l1:level4 {mso-level-text:”\(%4\)”; mso-level-tab-stop:1.25in; mso-level-number-position:left; margin-left:1.25in; text-indent:-.25in;} @list l1:level5 {mso-level-number-format:alpha-lower; mso-level-text:”\(%5\)”; mso-level-tab-stop:1.5in; mso-level-number-position:left; margin-left:1.5in; text-indent:-.25in;} @list l1:level6 {mso-level-number-format:roman-lower; mso-level-text:”\(%6\)”; mso-level-tab-stop:1.75in; mso-level-number-position:left; margin-left:1.75in; text-indent:-.25in;} @list l1:level7 {mso-level-tab-stop:2.0in; mso-level-number-position:left; margin-left:2.0in; text-indent:-.25in;} @list l1:level8 {mso-level-number-format:alpha-lower; mso-level-tab-stop:2.25in; mso-level-number-position:left; margin-left:2.25in; text-indent:-.25in;} @list l1:level9 {mso-level-number-format:roman-lower; mso-level-tab-stop:2.5in; mso-level-number-position:left; margin-left:2.5in; text-indent:-.25in;} @list l2 {mso-list-id:1658878059; mso-list-template-ids:11668974; mso-list-style-name:”Style Outline numbered Black1″;} @list l2:level1 {mso-level-text:”%1\)”; mso-level-tab-stop:.5in; mso-level-number-position:left; text-indent:-.25in;} @list l2:level2 {mso-level-number-format:alpha-lower; mso-level-text:”%2\)”; mso-level-tab-stop:1.0in; mso-level-number-position:left; text-indent:-.25in; mso-ansi-font-size:12.0pt; color:black;} @list l2:level3 {mso-level-number-format:roman-lower; mso-level-text:”%3\)”; mso-level-tab-stop:1.0in; mso-level-number-position:left; margin-left:1.0in; text-indent:-.25in;} @list l2:level4 {mso-level-text:”\(%4\)”; mso-level-tab-stop:1.25in; mso-level-number-position:left; margin-left:1.25in; text-indent:-.25in;} @list l2:level5 {mso-level-number-format:alpha-lower; mso-level-text:”\(%5\)”; mso-level-tab-stop:1.5in; mso-level-number-position:left; margin-left:1.5in; text-indent:-.25in;} @list l2:level6 {mso-level-number-format:roman-lower; mso-level-text:”\(%6\)”; mso-level-tab-stop:1.75in; mso-level-number-position:left; margin-left:1.75in; text-indent:-.25in;} @list l2:level7 {mso-level-tab-stop:2.0in; mso-level-number-position:left; margin-left:2.0in; text-indent:-.25in;} @list l2:level8 {mso-level-number-format:alpha-lower; mso-level-tab-stop:2.25in; mso-level-number-position:left; margin-left:2.25in; text-indent:-.25in;} @list l2:level9 {mso-level-number-format:roman-lower; mso-level-tab-stop:2.5in; mso-level-number-position:left; margin-left:2.5in; text-indent:-.25in;} ol {margin-bottom:0in;} ul {margin-bottom:0in;} –>    
· Review and analysis the provided Incident Response Plan in comparison to what you have read in the Incident Response Planning section of this week’s reading.
Prepare a 350- to 1,050-word paper that fully discusses the topic questions
Format your paper consistent with APA guidelines. Format your paper consistent with APA guidelines.  

sample 
Incident Response Plan
This document discusses the steps taken during an incident response plan. To create the plan, the steps in the following example should be replaced with contact information and specific courses of action for your organization. 
1) The person who discovers the incident will call the grounds dispatch office. List possible sources of those who may discover the incident. The known sources should be provided with a contact procedure and contact list. Sources requiring contact information may be: 
a) Helpdesk 
b) Intrusion detection monitoring personnel 
c) A system administrator 
d) A firewall administrator 
e) A business partner 
f) A manager 
g) The security department or a security person. 
h) An outside source. 
List all sources and check off whether they have contact information and procedures. Usually each source would contact one 24/7 reachable entity such as a grounds security office. Those in the IT department may have different contact procedures than those outside the IT department. 
2) If the person discovering the incident is a member of the IT department or affected department, they will proceed to step 5. 
3) If the person discovering the incident is not a member of the IT department or affected department, they will call the 24/7 reachable grounds security department at 555-5555. 
4) The grounds security office will refer to the IT emergency contact list or effected department contact list and call the designated numbers in order on the list. The grounds security office will log: 
a) The name of the caller. 
b) Time of the call. 
c) Contact information about the caller. 
d) The nature of the incident. 
e) What equipment or persons were involved? 
f) Location of equipment or persons involved. 
g) How the incident was detected. 
h) When the event was first noticed that supported the idea that the incident occurred.
5) The IT staff member or affected department staff member who receives the call (or discovered the incident) will refer to their contact list for both management personnel to be contacted and incident response members to be contacted. The staff member will call those designated on the list. The staff member will contact the incident response manager using both email and phone messages while being sure other appropriate and backup personnel and designated managers are contacted. The staff member will log the information received in the same format as the grounds security office in the previous step. The staff member could possibly add the following: 
a) Is the equipment affected business critical? 
b) What is the severity of the potential impact? 
c) Name of system being targeted, along with operating system, IP address, and location. 
d) IP address and any information about the origin of the attack. 
6) Contacted members of the response team will meet or discuss the situation over the telephone and determine a response strategy. 
a) Is the incident real or perceived? 
b) Is the incident still in progress? 
c) What data or property is threatened and how critical is it? 
d) What is the impact on the business should the attack succeed? Minimal, serious, or critical? 
e) What system or systems are targeted, where are they located physically and on the network? 
f) Is the incident inside the trusted network? 
g) Is the response urgent? 
h) Can the incident be quickly contained? 
i) Will the response alert the attacker and do we care? 
j) What type of incident is this? Example: virus, worm, intrusion, abuse, damage. 
7) An incident ticket will be created. The incident will be categorized into the highest applicable level of one of the following categories: 
a) Category one – A threat to public safety or life. 
b) Category two – A threat to sensitive data 
c) Category three – A threat to computer systems 
d) Category four – A disruption of services 
8) Team members will establish and follow one of the following procedures basing their response on the incident assessment: 
a) Worm response procedure 
b) Virus response procedure 
c) System failure procedure 
d) Active intrusion response procedure – Is critical data at risk? 
e) Inactive Intrusion response procedure 
f) System abuse procedure 
g) Property theft response procedure 
h) Website denial of service response procedure 
i) Database or file denial of service response procedure 
j) Spyware response procedure. 
The team may create additional procedures which are not foreseen in this document. If there is no applicable procedure in place, the team must document what was done and later establish a procedure for the incident. 
9) Team members will use forensic techniques, including reviewing system logs, looking for gaps in logs, reviewing intrusion detection logs, and interviewing witnesses and the incident victim to determine how the incident was caused. Only authorized personnel should be performing interviews or examining evidence, and the authorized personnel may vary by situation and the organization. 
10) Team members will recommend changes to prevent the occurrence from happening again or infecting other systems. 
11) Upon management approval, the changes will be implemented. 
12) Team members will restore the affected system(s) to the uninfected state. They may do any or more of the following: 
a) Re-install the affected system(s) from scratch and restore data from backups if necessary. Preserve evidence before doing this. 
b) Make users change passwords if passwords may have been sniffed. 
c) Be sure the system has been hardened by turning off or uninstalling unused services. 
d) Be sure the system is fully patched. 
e) Be sure real time virus protection and intrusion detection is running. 
f) Be sure the system is logging the correct events and to the proper level. 
13) Documentation—the following shall be documented: 
a) How the incident was discovered. 
b) The category of the incident. 
c) How the incident occurred, whether through email, firewall, etc. 
d) Where the attack came from, such as IP addresses and other related information about the attacker. 
e) What the response plan was. 
f) What was done in response? 
g) Whether the response was effective. 
14) Evidence Preservation—make copies of logs, email, and other communication. Keep lists of witnesses. Keep evidence as long as necessary to complete prosecution and beyond in case of an appeal. 
15) Notify proper external agencies—notify the police and other appropriate agencies if prosecution of the intruder is possible. List the agencies and contact numbers here. 
16) Assess damage and cost—assess the damage to the organization and estimate both the damage cost and the cost of the containment efforts. 
17) Review response and update policies—plan and take preventative steps so the intrusion can’t happen again. 
a) Consider whether an additional policy could have prevented the intrusion. 
b) Consider whether a procedure or policy was not followed which allowed the intrusion, and then consider what could be changed to ensure that the procedure or policy is followed in the future. 
c) Was the incident response appropriate? How could it be improved? 
d) Was every appropriate party informed in a timely manner? 
e) Were the incident-response procedures detailed and did they cover the entire situation? How can they be improved? 
f) Have changes been made to prevent a re-infection? Have all systems been patched, systems locked down, passwords changed, anti-virus updated, email policies set, etc.? 
g) Have changes been made to prevent a new and similar infection? 
h) Should any security policies be updated? 
i) What lessons have been learned from this experience? 

Don't use plagiarized sources. Get Your Custom Essay on
IS311 Security operations
Just from $13/Page
Order Essay
My Essay Gram
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work with Us

Top Quality and Well-Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

Professional and Experienced Academic Writers

We have a team of professional writers with experience in academic and business writing. Many are native speakers and able to perform any task for which you need help.

Free Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account or by contacting our support.

Prompt Delivery and 100% Money-Back-Guarantee

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. In case you cannot provide us with more time, a 100% refund is guaranteed.

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text. We also promise maximum confidentiality in all of our services.

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your order

Fill in the order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits you most.

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

Admissions

Admission Essays & Business Writing Help

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied with the service offered.

Live Chat+1(405) 367-3611Email