Worm and Distributed Denial of Service (DDoS) Agent Infestation
Below are the guidelines that needs to be taken into consideration to build action plan and attached word document is the Project that needs to be completed!
On a Tuesday morning, a new worm is released; it spreads itself through removable media, and it can copy itself to open Windows shares. When the worm infects a host, it installs a DDoS agent. The COMPUTER SECURITY INCIDENT HANDLING GUIDE 54 organization has already incurred widespread infections before antivirus signatures become available several hours after the worm started to spread. The following are additional questions for this scenario:
1. How would the incident response team identify all infected hosts?
2. How would the organization attempt to prevent the worm from entering the organization before antivirus signatures were released?
3. How would the organization attempt to prevent the worm from being spread by infected hosts before antivirus signatures were released?
4. Would the organization attempt to patch all vulnerable machines? If so, how would this be done?
5. How would the handling of this incident change if infected hosts that had received the DDoS agent had been configured to attack another organization’s website the next morning?
6. How would the handling of this incident change if one or more of the infected hosts contained sensitive personally identifiable information regarding the organization’s employees?
7. How would the incident response team keep the organization’s users informed about the status of the incident?
8. What additional measures would the team perform for hosts that are not currently connected to the network (e.g., staff members on vacation, offsite employees who connect occasionally)?
We want to give power point presentation also, so please prepare sides also!
So far I’ve realized that the assignment requires me to do the following.
1. Write an essay answering the eight prompts in a 15 page document.
2. Prepare a PowerPoint presentation for the same based on the 15 page document.
15 page document need to be in based on Incident Response team Charter, Action Plan, Incident Response Plan
The 8 points are guidelines to build the action plan
20190614233830residency_tentative_schedule_1_
Solution Preview
Operations security (OPSEC) is a process which is often used to identify and protect information which is critical but not classified. This information is, however, crucial because it can be used by competitors or adversary to get the real picture of your organization. This is possible because they can connect the small pieces of information which are not classified and most of the time they are ignored (“Operations Security For The Rest Of Us”).
(573 words)