1. Your final deliverable should be professionally formatted and should not exceed 10 pages. The goal is to be clear and concise in your reporting of your analysis of this incident. This report should reflect your learning and analysis. For that reason, the citation rules are relaxed and you may write from your own knowledge as an “expert.” BUT, if you paste exact phrases, sentences, or paragraphs from another document or resource, you must cite that source using an appropriate citation style (e.g. footnotes, end notes, in-text citations).
2. You may include annotated diagrams if necessary to illustrate your analysis and/or make your point(s). You may use the figures in this assignment as the foundation for diagrams in your final report (no citations required).
3. Use the NIST Incident Handling Process (see Table 1) to guide your incident analysis. You do not need to cite a source for this table.
4. You may assume that the company has implemented one or more of the IT products that you recommended in your Case Studies for this course. You may also assume that the company is using the incident response guidance documents that you wrote for your labs and that the associated operating systems utilities are in use (e.g. you can assume that system backups are being made, etc.).
5. DOCUMENT YOUR ASSUMPTIONS about people, processes, and technologies as if they were fact. But, don’t change any of the factual information provided in the incident report from the Red Team.
6. Use the incident report form that appears at the end of this file. Copy it to a new MS Word document. Insert a title page at the beginning of your file and include the title of the report, your name, and the due date.
7. After you perform your incident analysis, fill in the required information in the provided form (see the end of this file). Attach the file to your assignment folder entry, and submit it for grading as your final project.
8. For section 1 of the form, use your own name but provide reasonable but fictitious information for the remaining fields.
9. For section 2 of the form, assign IP addresses in the following ranges to any servers, workstations, or network connections that you need to discuss.
a. R&D Center 10.10.120.0/24
b. Test Range 10.10.128.0/24
c. Corporate Headquarters 10.10.135.0/24
10. For sections 2, 3, and 5, you should use and interpret information provided in this file (Overview, Background, Issues Summary). You may use a judicious amount of creativity, if necessary, to fill in any missing information.
11. For section 4 of the form you may provide a fictitious cost estimate based upon $100 per hour for IT staff to perform “clean-up” activities. Reasonable estimates are probably in the range of 150 to 300 person hours. What’s important is that you document how you arrived at your cost estimate.
12. Discuss the contract requirements and derivative requirements for cybersecurity at Sifers-Grayson in 3 to 5 paragraphs under “Section 6 General Comments.”
