MODULE 7 UNIT 3
Ongoing project
HAR CYB Module 7 Unit 3 Ongoing project
Learning outcome:
LO7:
Propose an incident response plan to prepare an organization in the event of an attack.
Name:
1. Instructions and guidelines (Read carefully)
Instructions
1. Insert your name and surname in the space provided above, as well as in the
file name.
Save the file as:
First name Surname M7 U3 Ongoing project
–
e.g. Zadie Smith M7 U3 Ongoing project
.
NB:
Please ensure that you use the name that appears in your student profile on the Online Campus.
2. Write all your answers in this document. There is an instruction that says, “Start writing here” under each question. Please type your answer there.
3. Submit your assignment in
Microsoft Word only
. No other file types will be accepted.
4. Do
not delete the plagiarism declaration
or the
assignment instructions and guidelines
. They must remain in your assignment when you submit.
PLEASE NOTE: Plagiarism cases will be investigated in line with the Terms and Conditions for Students.
IMPORTANT NOTICE:
Please ensure that you have checked your course calendar for the due date for this assignment.
Guidelines
1. Make sure that you have carefully read and fully understood the questions before answering them. Answer the questions fully but concisely and as directly as possible. Follow all specific instructions for individual questions (e. g. “list”, “in point form”).
2. Answer all questions in your own words. Do not copy any text from the notes, readings or other sources.
The assignment must be your own work only.
Plagiarism declaration:
1. I know that plagiarism is wrong. Plagiarism is to use another’s work and pretend that it is one’s own.
2. This assignment is my own work.
3. I have not allowed, and will not allow, anyone to copy my work with the intention of passing it off as his or her own work.
4. I acknowledge that copying someone else’s assignment (or part of it) is wrong, and declare that my assignments are my own work.
2. Question
Each unit in this module explores one of the three crucial areas of cybersecurity management that need to be considered when developing an incident response plan. This ongoing project requires you to use the knowledge gained from each of the three units to formulate and complete the 10 steps of an incident response plan, as identified in the notes from Unit 1.
If you are completing your ongoing project on Sony, you are required to create an incident response plan that the organization should have followed in light of the 2014 hack. For example, detail the detection, analysis, and containment strategies it should have employed, the crisis communications plan it should have adhered to, and recommendations for successful eradication and recovery.
Note:
All ongoing project submissions throughout the course need to focus on the same organization. Or, if you choose to focus on the case study of Sony, you will need to complete all your sub.
Micromeritics - Fundamental and Derived Properties of Powders
MODULE 7 UNIT 3Ongoing projectHAR CYB Module 7 Unit 3 Ongoin.docx
1. MODULE 7 UNIT 3
Ongoing project
HAR CYB Module 7 Unit 3 Ongoing project
Learning outcome:
LO7:
Propose an incident response plan to prepare an organization in
the event of an attack.
Name:
1. Instructions and guidelines (Read carefully)
Instructions
1. Insert your name and surname in the space provided above, as
well as in the
file name.
Save the file as:
First name Surname M7 U3 Ongoing project
–
e.g. Zadie Smith M7 U3 Ongoing project
.
NB:
Please ensure that you use the name that appears in your student
profile on the Online Campus.
2. Write all your answers in this document. There is an
instruction that says, “Start writing here” under each question.
Please type your answer there.
2. 3. Submit your assignment in
Microsoft Word only
. No other file types will be accepted.
4. Do
not delete the plagiarism declaration
or the
assignment instructions and guidelines
. They must remain in your assignment when you submit.
PLEASE NOTE: Plagiarism cases will be investigated in line
with the Terms and Conditions for Students.
IMPORTANT NOTICE:
Please ensure that you have checked your course calendar for
the due date for this assignment.
Guidelines
1. Make sure that you have carefully read and fully understood
the questions before answering them. Answer the questions
fully but concisely and as directly as possible. Follow all
specific instructions for individual questions (e. g. “list”, “in
point form”).
2. Answer all questions in your own words. Do not copy any
text from the notes, readings or other sources.
The assignment must be your own work only.
Plagiarism declaration:
1. I know that plagiarism is wrong. Plagiarism is to use
another’s work and pretend that it is one’s own.
2. This assignment is my own work.
3. 3. I have not allowed, and will not allow, anyone to copy my
work with the intention of passing it off as his or her own work.
4. I acknowledge that copying someone else’s assignment (or
part of it) is wrong, and declare that my assignments are my
own work.
2. Question
Each unit in this module explores one of the three crucial areas
of cybersecurity management that need to be considered when
developing an incident response plan. This ongoing project
requires you to use the knowledge gained from each of the three
units to formulate and complete the 10 steps of an incident
response plan, as identified in the notes from Unit 1.
If you are completing your ongoing project on Sony, you are
required to create an incident response plan that the
organization should have followed in light of the 2014 hack. For
example, detail the detection, analysis, and containment
strategies it should have employed, the crisis communications
plan it should have adhered to, and recommendations for
successful eradication and recovery.
Note:
All ongoing project submissions throughout the course need to
focus on the same organization. Or, if you choose to focus on
the case study of Sony, you will need to complete all your
submissions on Sony.
It is highly recommended that you avoid disclosing any
confidential information in your assignments. Although you are
encouraged to draw on real-world experience during the course,
you are urged to use pseudonyms (false names) and alter any
sensitive details or data where necessary. You are responsible
4. for ensuring that you do not disclose any information that is
protected by confidentiality undertakings; all information is
treated in accordance with our privacy policy.
Please read Section 4 of the Honor Code in the Orientation
Module course handbook for more guidance.
This assignment requires you to complete the 10 steps of an
incident response plan. Use the suggested word counts for each
section as a guide for how much detail should be contained
under each step.
Introduction
It is important for your incident response strategy to meet the
requirements of your organizational context. Write a short
introduction summarizing your type of organization, and an
overview of the business-critical assets your organization relies
on. You can use the information you provided in Module 3’s
ongoing project, or Module 5’s online activity submission.
(Approx. 150 words)
Start writing here:
Step 1: Prevention
Describe the measures your organization will take to protect
against a cyberattack from both a technical and non-technical
perspective.
(Approx. 150 words)
Start writing here:
Step 2: Planning
5. List the individuals involved in your incident response team and
their roles. Ensure that the roles, responsibilities, and structure
of your team meets the requirements of your organizational
context.
A cyber crisis communication plan is compiled in this phase,
but in this incident response plan, include your plan under Step
7: Communication.
(Approx. 200 words)
Start writing here:
Step 3: Preparation
Section 2.3 in Unit 1’s notes details a number of requirements
in this step, including reporting mechanisms, the preparation of
checklists and jump bags, and auditing procedures. However,
for the purpose of this ongoing project, you are required to
detail one training exercise the incident response team will
undergo. Include specific examples of scenarios or questions,
and explain why you have chosen it.
(Approx. 150 words)
Start writing here:
Step 4: Detection
List the tools your organization would use to detect a breach.
(Approx. 150 words)
Start writing here:
6. Step 5: Analysis
Explain how your organization would analyze whether an
incident is a cyberattack. Also describe how you would
categorize and prioritize cyberattacks in your organization.
(Approx. 200 words)
Start writing here:
Step 6: Containment
Describe how your organization would prevent a cyberattack
from spreading further.
(Approx. 200 words)
Start writing here:
Step 7: Communication
As per Section 4 of the Unit 2 notes, compile a cyber crisis
communication plan detailing the internal and external
stakeholders your organization would need to communicate to in
the event of a breach. Describe what communication channels
would be used to communicate with these stakeholders.
(Approx. 250 words)
Start writing here:
Step 8: Eradication
Provide insight into the approaches and decisions the team will
take to remove the threat from your organization’s internal
system.
7. (Approx. 150 words)
Start writing here:
Step 9: Recovery
Describe what steps your organization will take to return to its
normal operations.
(Approx. 150 words)
Start writing here:
Step 10: Post-event analysis
List the processes that would need to be followed to ensure that
lessons learned are implemented.
(Approx. 150 words)
Start writing here:
Note:
The incident response plan is a central part of an organization’s
cyber risk mitigation strategy. However, as you will not have an
opportunity to revise your plan based on your Tutor’s feedback
in time for Module 8, you will not be required to integrate it
into your final risk mitigation strategy. Please consult the
grading breakdown in the Orientation Module course handbook
for more information.
Your ongoing project submission will be graded according to
the following rubric:
8. Very poor
Poor
Satisfactory
Very good
Exceptional
Adherence to brief
All sections in the template are completed.
No submission.
OR
Student fails to address any element of the brief. (0)
Some key elements are not addressed. Most information
provided is irrelevant. (5.5)
Student adheres to most of the brief. Sufficient information is
provided and is mostly relevant. (7)
Student adheres to almost all elements of the brief. Almost all
information is provided and is relevant. (8.5)
Student fully adheres to the brief. All information provided is
comprehensive and relevant. (10)
Organizational context and preventative measures
Student clearly outlines the context of their chosen
9. organization, and the business-critical assets this organization
relies on.
Student accurately describes the measures the chosen
organization will take to prevent a cyberattack from both a
technical and non-technical perspective.
Student thinks critically and incorporates learnings from the
content.
No submission.
OR
Student fails to clearly outline the context of their chosen
organization and the measures it will take to prevent a
cyberattack from occurring.
There is no evidence that the student has used the content
covered in the course to inform their response. (0)
Student shows an incomplete understanding of their chosen
organization’s context and the measures taken to prevent a
cyberattack from occurring.
There is some evidence that the student has engaged with the
content covered in the course, but this is not always accurately
applied. (5.5)
Student demonstrates satisfactory understanding of their chosen
organization’s context and the measures taken to prevent a
cyberattack from occurring.
The student has clearly engaged with the content covered in the
course, but a more nuanced answer is required. (7)
10. Student demonstrates a strong understanding of their chosen
organization’s context and the measures it will take to prevent a
cyberattack from occurring.
The answer shows a strong grasp of the content. (8.5)
Student demonstrates a thorough and an incisive understanding
of their chosen organization’s context and the measures it will
take to prevent a cyberattack from occurring.
The student critically applies their learning from the course.
(10)
Planning and preparation
Student lists the individuals that will be involved in their
chosen organization’s response team, and their roles.
Student details one training exercise the incident response team
will undergo to prepare them for a cyberattack, and provides
reasoning for their choice.
Student thinks critically and incorporates learnings from the
content.
No submission.
OR
Student fails to clearly identify the individuals who will be
included in the incident response team, or the training that will
be required to prepare this team for an attack.
There is no evidence that the student has used the content
covered in the course to inform their response. (0)
11. Student shows an incomplete understanding of the individuals
who will be included in the incident response team, and the
training that will be required to prepare this team for an attack.
There is some evidence that the student has engaged with the
content covered in the course, but this is not always accurately
applied. (5.5)
Student demonstrates satisfactory understanding of the
individuals who will be included in the incident response team,
and the training that will be required to prepare this team for an
attack.
The student has clearly engaged with the content covered in the
course, but a more nuanced answer is required. (7)
Student demonstrates a strong understanding of the individuals
who will be included in the incident response team, and the
training that will be required to prepare this team for an attack.
The answer shows a strong grasp of the content. (8.5)
Student demonstrates a thorough and an incisive understanding
of the individuals who will be included in the incident response
team, and the training that will be required to prepare this team
for an attack.
The student critically applies their learning from the course.
(10)
Detect, analyze, and contain
Student lists the tools their chosen organization would use to
detect a breach.
Student explains how their chosen organization would analyze
12. whether an incident is a cyberattack, and how they would
categorize and prioritize cyberattacks.
Student describes how their chosen organization would prevent
a cyberattack from spreading further.
Student thinks critically and incorporates learnings from the
content.
No submission.
OR
Student fails to clearly identify the tools their organization
would use to detect a breach, how their organization would go
about analyzing, categorizing, and prioritizing an attack, and
how their organization would prevent a cyberattack from
spreading further.
There is no evidence that the student has used the content
covered in the course to inform their response. (0)
Student shows an incomplete understanding of the tools their
organization would use to detect a breach, how their
organization would go about analyzing, categorizing, and
prioritizing an attack, and how their organization would prevent
a cyberattack from spreading further.
There is some evidence that the student has engaged with the
content covered in the course, but this is not always accurately
applied. (5.5)
Student demonstrates satisfactory understanding of the tools
their organization would use to detect a breach, how their
organization would go about analyzing, categorizing, and
prioritizing an attack, and how their organization would prevent
13. a cyberattack from spreading further.
The student has clearly engaged with the content covered in the
course, but a more nuanced answer is required. (7)
Student demonstrates a strong understanding of the tools their
organization would use to detect a breach, how their
organization would go about analyzing, categorizing, and
prioritizing an attack, and how their organization would prevent
a cyberattack from spreading further.
The answer shows a strong grasp of the content. (8.5)
Student demonstrates a thorough and incisive understanding of
the tools their organization would use to detect a breach, how
their organization would go about analyzing, categorizing, and
prioritizing an attack, and how their organization would prevent
a cyberattack from spreading further.
The student critically applies their learning from the course.
(10)
Communicate and eradicate
Student compiles a cyber crisis communication plan detailing
the internal and external stakeholders their chosen organization
would need to communicate to in the event of a breach, and
describes what channels would be used to communicate with
these stakeholders.
Student identifies the approaches and decisions the team will
take to remove the threat from their chosen organization’s
internal system.
Student thinks critically and incorporates learnings from the
content.
14. No submission.
OR
Student fails to clearly compile a cyber crisis communication
plan, or to describe what channels would be used to
communicate with stakeholders during a cyberattack.
Student fails to identify the approaches and decisions the team
will take to remove the threat from their chosen organization’s
internal system.
There is no evidence that the student has used the content
covered in the course to inform their response. (0)
Student shows an incomplete understanding of a cyber crisis
communication plan and the channels that would be used to
communicate with stakeholders during a cyberattack.
Student shows an incomplete understanding of the approaches
and decisions the team will take to remove the threat from their
chosen organization’s internal system.
There is some evidence that the student has engaged with the
content covered in the course, but this is not always accurately
applied. (5.5)
Student demonstrates satisfactory understanding of a cyber
crisis communication plan, and the channels that would be used
to communicate with stakeholders during a cyberattack.
Student demonstrates a satisfactory understanding of the
approaches and decisions the team will take to remove the
threat from their chosen organization’s internal system.
15. The student has clearly engaged with the content covered in the
course, but a more nuanced answer is required. (7)
Student demonstrates a strong understanding of a cyber crisis
communication plan, and the channels that would be used to
communicate with stakeholders during a cyberattack.
Student demonstrates a strong understanding of the approaches
and decisions the team will take to remove the threat from their
chosen organization’s internal system.
The answer shows a strong grasp of the content. (8.5)
Student demonstrates a thorough and an incisive understanding
of a cyber crisis communication plan, and the channels that
would be used to communicate with stakeholders during a
cyberattack.
Student demonstrates a thorough and incisive understanding of
the approaches and decisions the team will take to remove the
threat from their chosen organization’s internal system.
The student critically applies their learning from the course.
(10)
Recovery and post-event analysis
Student describes what steps their chosen organization will take
to return to its normal operations after a cyberattack.
Student lists the processes that would need to be followed to
ensure that lessons learned are implemented.
Student thinks critically and incorporates learnings from the
content.
16. No submission.
OR
Student fails to clearly describe the steps their organization will
take to recover from a cyberattack, or the processes that will be
followed to ensure that lessons learned are implemented.
There is no evidence that the student has used the content
covered in the course to inform their response. (0)
Student shows an incomplete understanding of the steps their
organization will take to recover from a cyberattack, and the
processes that will be followed to ensure that lessons learned
are implemented.
There is some evidence that the student has engaged with the
content covered in the course, but this is not always accurately
applied. (5.5)
Student demonstrates satisfactory understanding of the steps
their organization will take to recover from a cyberattack, and
the processes that will be followed to ensure that lessons
learned are implemented.
The student has clearly engaged with the content covered in the
course, but a more nuanced answer is required. (7)
Student demonstrates a strong understanding of the steps their
organization will take to recover from a cyberattack, and the
processes that will be followed to ensure that lessons learned
are implemented.
The answer shows a strong grasp of the content. (8.5)
Student demonstrates a thorough and an incisive understanding
17. of the steps their organization will take to recover from a
cyberattack, or the processes that will be followed to ensure that
lessons learned are implemented.
The student critically applies their learning from the course.
(10)
Application of course content to organizational context
S
tudent accurately applies the learnings from the course content
to their own organization or Sony’s unique context.
No submission.
OR
The student has not made use of their organization's unique
organizational context and constraints to inform their response.
(0)
Student demonstrates a limited understanding of their
organization's unique context and constraints and context. (5.5)
Student demonstrates a satisfactory understanding of their
organization's context and constraints; however, a there is room
for deeper engagement with its nuances. (7)
There is clear evidence that the student has thought about their
organization's unique context and constraints, and catered for
this in their strategy accordingly. (8.5)
There is strong evidence that the student understands and thinks
carefully about their organization's unique context and
constraints, and has provided recommendations in their strategy
accordingly. (10)
18. Organization of writing
Answers are structured clearly and logically.
No submission or complete lack of logical structure. (0)
Answer has some logical structure, but not enough to justify a
passing grade. (5.5)
Answer is structured fairly well in terms of logic and clarity.
(7)
Answer is structured very well in terms of logic and clarity.
(8.5)
Answer is structured exceptionally well in terms of logic and
clarity. (10)
Total:
80 marks