M6D1

This activity will address module outcomes 1, 3, and 4. Upon completion of this activity, you will be able to:

Identify why it is important to have a pre-established incident response plan. (CO 1, 2)
Analyze how some breaches are detected. (CO 1, 2, 5)
Evaluate various response efforts (CO 1, 3)
When cyber-attacks hit organizations, the consequences can be costly for years to come. Costs related to mitigation and recovery, corporate branding, and market share are often impacted after a major brief and (as reflected by the Target and Home Depot breaches, for example) a quick and effective response can help minimize the loss.

Having a systematic approach to incident detection and response can also provide a company with information they can use to strengthen the enterprise and address legal issues that may arise as a result of the attack. During this exercise, we will review two documents that examine response efforts.

Read the following documents and respond to the discussion question below.

Creasey, J. & Glover, I. (2000). Cybersecurity incident response guide [PDF file size 5.5 MB]. Retrieved from https://www.crest-approved.org/wp-content/uploads/2014/11/CSIR-Procurement-Guide.pdf
Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide [PDF file size 1.4 MB]. Retrieved from http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
SWOT analysis 1: Looking outside for threats and opportunities [PDF file size 398 KB]. (n.d.). Harvard Business School. Retrieved from https://inside.artcenter.edu/ed/file.php/26283/SWOT_Analysis_1_Loooking_Outside.pdf
Zeltser, L. (2008, August 29). SWOT matrix for describing security posture. Retrieved from https://isc.sans.edu/forums/diary/SWOT+matrix+for+describing+security+posture/4939/
Respond to the following:

Select one or two topics on incident response from the documents above and do a SWOT analysis of the topic(s).
Describe and explain why the topic(s) is/are an important component of incident response?
Are there challenges that should be considered in regard to implementation of the topic?