Forensically investigating a security breach while balancing the need for business continuity and rapid return to normalcy within the organization
A written report that analyzes how to preserve as much information as possible for the incident response team while attempting to not significantly impact business continuity efforts. This assignment centers on a hacking/intrusion attack that disrupts major business functions within the organization. The specific context is a large manufacturing company with extensive intellectual property distributed across multiple locations in the United States and Latin America. There have been several recent small scale attacks that appear to be reconnaissance efforts for a larger scale attack. The report must address the following:
1) Forensic Response and Investigation Plan i?? this is a scenario specific forensic response plan for the following major systems within the organization: materials requirements planning, distribution, finance, and intellectual property/document management. This would include a forensic investigative response approach for suspected security breach/unauthorized access of each of the four major systems previously listed, as well as a catastrophic failure of each system. Response approaches should include people, equipment, tools/technologies, and other considerations. The plans should also include a priority classification for the various aspect of the systems involved in the breach or failure, as well as a sequenced staging plan for when and how systems can be brought online as part of the business continuity effort. You should identify the key forensic artifacts and how they can be preserved for investigation and potential legal pursuit. Your artifacts must be preserved in a state that can provide proper attribution of the security breach or catastrophic failure.
2) Coordination Plan i?? this outlines the necessary steps and measures needed to optimize business continuity while minimizing the potential for compromising the incident response and cause investigation effort.
3) Metrics i?? this will be used to measure various aspects of the incident, how it occurred, and the steps that can be put in place to reduce the chance for a similar problem in the future. Additionally, outline steps and measures that will be put in place to help determine if the entire situation caused by a security breach or catastrophic failure has been completely resolved. For example, in a security breach situation describe how it will be determined that all unauthorized access has been eliminated after initial response has been completed. This may include some form of ongoing monitoring i?? both internal and external to the organization.
Response and Investigation Plan must be thoroughly developed and logically presented. Proper sequencing and staging to resume normal operations, as well as procedures to support incident attribution are described in considerable detail.
The Coordination Plan must be thoroughly developed and logically presented. Reflects detailed and appropriate balance between business continuity and incident response/ investigation.
The Metrics must be thoroughly developed and logically presented. Metrics presented offer considerable utility in aiding the investigation and ensuring that all issues are addressed.
please include a table of contents.