× Limited Time Offer ! FLAT 20-40% off - Grab Deal Before It’s Gone. Order Now
Connect With Us
Order Now

SIT763 Cyber Security Management Assignment Sample

Task 1: Security Education Training and Awareness (SETA) Programme

Create a role-based SETA programme in the following three roles: real estate agents, data centre operators, and cyber security engineers. For each role, recommend the most appropriate and unique SETA element using the table shown below. Here is the description of each criterion:

Goals – identify two unique and meaningful goals. Explain why you have chosen them.

Objectives – identify one or more unique objectives for each goal. Explain why you have chosen them and how the objectives help attain the goals.

Programmes – choose from security education, security training, or security awareness the most appropriate program for the role. Justify why you choose it.

Delivery – identify a suitable SETA element delivery method. Explain and justify why the method will be effective for the role.

Value – explain what the attendees can take away from the programme that will help or advance their knowledge, skill, or awareness level.

When writing your answer for each criterion, consider the background and skill level of the staff in each role. Also, make sure you explain and provide justifications that are supported by relevant references.

Task 2: Incident Management and Response

You will use the NIST Incident Response framework to develop a cybersecurity incident response plan. Answer the following questions.

2.1 Create a visual representation (diagram) of the cybersecurity incident response plan's critical phases. Give a brief explanation of the important message conveyed by the diagram.

2.2 Using the diagram above, briefly describe the incident response steps taken by the security incident response team after a critical data breach is detected.

2.3 Explain how the information gathered during the incident response process will be used.
Your response to the above questions for assignment help must be supported by references, theory and demonstrate application of critical thinking skills.

Solution

Task 1: Security Education Training and Awareness (SETA) Programme

Task 2: Incident Management and Response

Figure 1 Cybersecurity incident response plan's phases

The important message conveyed by the diagram is that

- A process of preparation, detection/identification, analysis, containment, eradication, recovery, and post-incident review is essential for effectively and successfully responding to security incidents. These phases are the essential framework for thoroughly managing security incidents and provide a basis for achieving organizational resilience [1].

- It is also conveyed from diagram that incident response requires a structured, systematic approach in order to be successful in identifying and mitigating threats, as well as in restoring normal operations

- It also emphasizes the need for organizations to prepare and test the incident response plan and to categorize the incident types in order to be ready and prepared for such a situation.

2.2 The security incident response team (SIRT) will take the following steps when a data breach has been detected:

Validate the incident: The SIRT will verify the incident and analyze the nature of the data that has been compromised.

Contain the incident: The SIRT should identify any affected systems and isolate them to prevent further damage. They should also delete any malicious or unauthorized files and disable any affected accounts or services [4].

Gather evidence: The SIRT should collect, preserve, and analyze all necessary evidence to identify the circumstances surrounding the incident.

Investigate the incident: The SIRT should investigate the incident to identify its root cause and the extent of the damage [4].

Create a timeline: The SIRT should also create a timeline of events surrounding the incident. This includes recording the time of the incident, the time the incident was discovered, and the time each incident response action was taken.

Restore normal essential services: The SIRT should restore essential services as quickly and securely as possible to minimize the impact of the incident on the business.

Test and monitor: The SIRT should test the security measures that have been implemented to ensure that they are properly protecting the environment and are working as intended. They should also monitor systems for any suspicious activity that may indicate that the incident is still in progress.

Communicate: The SIRT should communicate their findings to stakeholders and relevant parties to ensure that any action taken to remediate the incident is understood.

Document the incident

Take preventive measures: such as implementing new security measures and implementing stricter access controls to prevent similar incidents [5].


2.3 The security incident response team will use the information gathered during the incident response process for multiple purposes.

- To Identify the Source and Impact of the Breach: The information gathered during the incident response process, such as log files, alerts, and other activities across the network/systems will help the security incident response team to identify the source of the breach and estimate the potential impact of the incident.

- To Take Steps to Contain the Breach: The security incident response team will use the information to take steps to limit any further loss or damage by isolating the affected systems and networks, halting any ongoing activities, and limiting access to the affected data/systems.

- To Identify malicious actors and Targeted Techniques: The security incident response team will use the information to investigate and identify any malicious actors, their techniques, tactics and procedures, and any malicious code or files that have been deployed.

- To Recover Data and Services: The security incident response team will use the information to take steps to recover any data or services that were compromised such as restoring any lost data and running vulnerability scans to identify any other potential threats.

- To Properly Inform Senior Management and Other Stakeholders: The security incident response team will also use the information to properly inform senior management and other stakeholders about the incident, its impact, and the steps taken to contain and remedy the breach [4].

References

Fill the form to continue reading

Download Samples PDF

Assignment Services