TASK 1: ANALYSIS RESPONSE MANAGING INFORMATION SECURITY COMPETENCIES Information

TASK 1: ANALYSIS RESPONSE
MANAGING INFORMATION SECURITY
COMPETENCIES
Information Security
Governance
The graduate recommends modifications to established
information security governance to increase information assurance levels within
an organization.
Threat & Vulnerability
Management
The graduate recommends risk mitigation strategies that meet
regulatory and ethical compliance.
Information Security
Management
The graduate recommends changes to established security
management programs in response to a cyber-related incident on an organization.
Incident Response
The graduate develops security incident response plans that
align to an organization’s security goals and objectives and maintain business
continuity.
INTRODUCTION
Many organizations marginalize the management of the
security of their infrastructure in hopes that they will not be the target of
cyberattacks. However, cyberattacks happen frequently and tend to become more
sophisticated over time. In reality, every organization is a likely target of
malicious actors. These attacks result in a range of impacts on an organization
and its core business and could significantly interrupt operations.
To be proactive, organizations need to have structures,
processes, and plans in place to counter and respond to potential attacks and
to deal with the consequences of successful attacks. A suitable security
management plan and well-defined security goals that support the overall goals
of the organization can ensure a reasonable level of business continuity, even
in the case of security incidents.
In any organization, the individuals on the IT staff must
work together to support the security goals of the organization. These
individuals play significant roles in detecting and preventing security
incidents before they occur. In the case of successful attacks, security
management professionals are tasked with acting quickly to mitigate the
attack’s effects.
In this assessment, you will refer to the attached “Case
Study,” which contains details regarding a security incident at a small
non-governmental organization (NGO). In part I of this task, you will analyze
the security incident and provide specific examples and details from the case
study to support your risk assessment. In part II, you will create a plan to
effectively address the aftermath of the incident and manage the NGO’s ongoing
security risks.
REQUIREMENTS
Your submission must be your original work. No more than
a combined total of 30% of the submission and no more than a 10% match to any
one individual source can be directly quoted or closely paraphrased from
sources, even if cited correctly. An originality report is provided when you
submit your task that can be used as a guide.
You must use the rubric to direct the creation of your
submission because it provides detailed criteria that will be used to evaluate
your work. Each requirement below may be evaluated by more than one rubric
aspect. The rubric aspect titles may contain hyperlinks to relevant portions of
the course.
Part I: Incident Analysis and Response
A. Determine why the attack on Azumer Water’s
infrastructure was successful, including the specific vulnerabilities that
allowed the attack to occur. Provide details from the case study to support
your claims.
B. Explain how the confidentiality, integrity, and
availability of Azumer Water’s operations and PII (personally identifying
information) data have been compromised, using NIST, ISO 27002, or another
industry-standard framework to support two claims of
compromise.
C. Identify a federal regulation this NGO violated,
providing a specific example from the case study as evidence of Azumer Water’s
noncompliance.
D. Recommend immediate steps to mitigate the impact of
the incident, using specific examples from the case study to justify how these
steps would mitigate the impact.
E. Explain how having an incident response plan in
place will benefit Azumer Water, using details from the case study to support
your explanation.
Part II: Risk Assessment and Management
F. Discuss two processes to increase
information assurance levels within the organization and bring Azumer Water
into compliance with the violated federal regulation identified in part C.
G. Recommend technical solutions to counter the
remaining effects of the attack in the case study and to prevent future
attacks.
H. Recommend an organizational structure for IT and
security management, including a logical delineation of roles and adequate
coverage of responsibilities, to support the efficient discovery and mitigation
of future incidents.
I. Describe your risk management approach for Azumer
Water based on the likelihood, severity, and impact categorization of two risks
in the case study.
J. Acknowledge sources, using in-text citations and
references, for content that is quoted, paraphrased, or summarized.
K. Demonstrate professional communication in the
content and presentation of your submission.
RUBRIC
A: SUCCESS OF ATTACK
COMPETENT
The submission determines a plausible cause for the
success of the attack, including specific vulnerabilities and details from
the case study to support the claims.
B: COMPROMISED DATA
COMPETENT
The submission explains how the confidentiality,
integrity, and availability of Azumer Water’s operations and PII have been
compromised and supports 2 claims of compromise with an industry-standard
framework.
C: REGULATORY COMPLIANCE
COMPETENT
The submission identifies a federal regulation that Azumer
Water violated and provides a specific example from the case study that shows
evidence of Azumer Water’s noncompliance.
D: IMMEDIATE STEPS
COMPETENT
The submission recommends immediate steps that would
plausibly mitigate the impact of the incident and justifies these steps with
specific examples from the case study.
E: INCIDENT RESPONSE PLAN
COMPETENT
The submission explains the benefits of having an incident
response plan in place at Azumer Water, using details from the case study to
support the explanation.
F: PROCESSES
COMPETENT
The submission discusses 2 processes that would increase
information assurance levels within the organization and bring Azumer Water
into compliance with the violated federal regulation identified in part C.
G: TECHNICAL SOLUTIONS
COMPETENT
The submission recommends technical solutions that would
counter the remaining effects of the attack and prevent future potential
attacks.
H: ORGANIZATIONAL STRUCTURE
COMPETENT
The submission recommends an organizational structure,
including a logical delineation of roles and adequate coverage of
responsibilities, for IT and security management that would plausibly support
the efficient discovery and mitigation of future incidents.
I: RISK MANAGEMENT APPROACH
COMPETENT
The submission describes the risk management approach for
Azumer Water based on the likelihood, severity, and impact categorization of
2 risks in the case study.
J:SOURCES
COMPETENT
The submission includes in-text citations for sources that
are properly quoted, paraphrased, or summarized and a reference list that
accurately identifies the author, date, title, and source location as
available. Or the candidate does not use sources.
K: PROFESSIONAL COMMUNICATION
COMPETENT
Content reflects attention to detail, is organized, and
focuses on the main ideas as prescribed in the task or chosen by the
candidate. Terminology is pertinent, is used correctly, and effectively
conveys the intended meaning. Mechanics, usage, and grammar promote accurate
interpretation and understanding.
SUPPORTING DOCUMENTS

Leave a Comment

Your email address will not be published.