Cybersecurity Incident Response
Executive Summary
Introducing the Bring Your Device (BYOD) policy and the increased use of wireless networks in the organization creates a security vulnerability. The increased number of devices connected to the organization’s wireless network can illustrate this security vulnerability since even unauthorized devices are connected to the wireless network. The security of the organization’s network can be improved by creating various security configurations to protect the wireless network from authorized access and monitoring that will be useful in identifying devices that are not authorized to connect to the network. Some measures that can be implemented to secure the organization’s wireless network include encryption protocols such as WPA and WPA2. Conducting wireless network monitoring can be facilitated by the use of various network-monitoring tools.
Additionally, the organization can implement remote configuration management that is useful in securing devices that can be used to gain remote access to the organization’s network. The use of remote configuration management is essential in the organization since it makes it possible to protect the organization’s network in case an identity theft occurs. The wireless network monitoring process can be achieved through monitoring for attacks and any vulnerabilities that may present themselves in the network. Conducting wireless network monitoring can also help identify rogue wireless access points.
Do you require an original copy of “Cybersecurity Incident Response”? Contact us
Wireless and BYOD Security Plan
Rogue access points refer to wireless access points installed in an organization’s network without official authorization from either the organization’s management team or network administrator (Shetty et al., 2007). Rogue access points pose a security threat to the organization’s network because they could have been installed by an attacker that can use them to gain unauthorized access into the organization’s network. Either individuals with malicious intentions or employees of the organization who did not have any ill intentions can conduct the installation of rogue access points. Therefore, while addressing security measures involving rogue access points, both employees of the organization and malicious individuals should be considered. There are different ways rogue access points can access the organization’s network. One of the ways is through attackers or individuals with malicious intentions bypassing the organization’s physical security to install wireless access points. In this method, the attackers install the access points on open ports that the organization’s members do not readily view. Another technique that rogues access points access to the organization’s network is using social engineering. Through social engineering, an attacker can manipulate an organization’s employee to install the access points without the employee being aware they are being tricked into compromising the organization’s security. Some computers used in organizations can create a mobile hotspot. Employees can be tricked into enabling the mobile hotspot and giving access to the attacker. Additionally, an employee might make a mobile hotspot to connect to their other devices. If the mobile hotspot is not secured, attackers can quickly access the organization’s network via the mobile hotspot.
The identification of authorized access points also involves the identification of rogue access points. Different methods can be used to detect and identify both official access points and rogue access points. One way to identify authorized access points is to create a list of wireless access points installed by the network administrator and look for any access points not within the list. By doing so, the network administrator can identify rogue access points, and eliminating the rogue access points leads to identifying authorized access points. While eliminating rogue access points is accessible in an organization with a small network, it can be challenging in an organization with an extensive local area network. Therefore, to address this issue, the use of network scanning tools is recommended. The network scanning tools identify the various wireless access points in the organization and can identify the authorized access points and the rogue access points. Some of the recommended network scanning tools that can be used to identify official access points include wireless network scanners, wireless intrusion detection systems (IDS), and intrusion prevention systems (IPS). An example of a network tool that can identify authorized access points is Cisco’s Rogue AP Detection page, which provides information about the organization’s various wireless access points devices (“Rogue AP Detection,” n.d.). After the network administrator adds authorized access points to the Rogue AP Detection page, the access points are indicated as being charged, and those detected but not in the Rogue AP Detection page are classified as rogue. Additional features provided by the IDS/IPS are that they can notify the network administrator if a rogue access point is identified and prevent the rogue access from accessing the organization’s network.
The incident response following an attack refers to the various measures an organization takes after a seizure occurs. The efficiency of the incident response conducted in the organization can be improved using the cyber kill chain framework. The cyber kill chain framework is defined as the various stages that attackers use during the execution of an attack in the organization’s network (Hahn et al., 2015). The settings defined by the cyber kill chain framework range from when the attacker gathers information about the organization until the attacker executes the attack based on their motivation. Analysis of the cyber kill chain framework can aid the organization to better prepare against the attacks. The initial stage of the cyber kill chain framework is the reconnaissance stage, where the attacker looks for various ways of implementing an attack in the organization. During this stage, the organization can mitigate the attack by multiple means, such as user training, to educate its employees on the dangers of oversharing their personal information on social media.
Additionally, employees can learn about security threats caused by social engineering. In the next weaponization stage, the attacker prepares their attack modes. In the delivery stage, the attacker sends their intended method of attack to their victims.
An example would be sending emails containing malicious information to the organization’s employees. An attacker can be mitigated at this stage if the target can identify the modes of attacks and prevent them from occurring in the organization. In the exploitation stage, the attacker exploits the various vulnerabilities in the organization’s system to implement their malicious actions in the network. Identifying the vulnerabilities in the design and implementing patches can help mitigate the attack at this stage. The following steps of the framework include installation, command and control, and actions on objectives. Analyzing these stages can aid the organization in identifying the various means involved in compromising the organization’s network, and the organization can create an incident response plan that addresses attacks before they cause damage to the organization.
Tracking Suspicious Behavior
Following the reporting of an employee displaying suspicious behavior, asset tracking can help determine whether the employee threatens the organization’s security (Kim, Seo, Krishna, and Kim, 2008). Asset tracking ensures that the organization does not fall victim to cyber-attacks conducted by compromising the mobile devices owned by employees. Tracking the company’s assets also aids the network administrator in keeping updated information about the location of the organization’s assets and the employee in possession of the assets. By conducting asset tracking, the organization avoids the losses that can occur if the assets are compromised. Such losses include financial losses following an attack, compromising the organization’s operations. There are various ways of tracking the organization’s assets. Most organizations use bar codes and serial numbers to follow the company’s assets. Each purchase is assigned specific bar codes and serial numbers, which are regularly scanned. Regular scanning ensures that the network administrator can pinpoint the location of each investment within the organization. These methods of tracking the company’s assets face challenges when the employees leave the company’s site without help. Therefore, to address these challenges, some of the organization’s asset tracking methods include radio-frequency identification (RFID) and global positioning system (GPS). Using RFID and GPS technologies, an organization can effectively track the location of the assets even when the assets are not within the organization. The management of the tracking process can be improved using asset-tracking software. Through the asset tracking software, the network administrator can identify the location of the assets and the employee using the support.
Identity theft occurs when an individual with malicious intentions gains access to another person’s personally identifiable information (PII) and proceeds to commit crimes using the victim’s identity (Anderson et al., 2008). In cases where the victim of identity theft does not identify that they are victims of identity theft early, the individual with malicious intentions might commit many crimes using the victim’s identity, and the victim suffers the consequences of the crimes committed by the attacker. There are various means of committing identity theft. Some ways include stealing an individual’s personal information, such as social security numbers, and using the information to commit a crime. Additionally, the attacker can steal physical items owned by the victim, such as credit cards and mobile devices, and use them to commit crimes. In the case of mobile devices, the attacker can avoid being caught by authorities by changing the device’s media access control (MAC) address. This is done through MAC spoofing, where the individual with malicious intentions changes the MAC address assigned to the device from the factory to another MAC address, making it challenging to identify the device. Devices with changed MAC addresses can cause a security threat in the organization since the MAC addresses can be adjusted to resemble those of trusted devices. In most organizations, the network administrator creates an allowlist of devices allowing access to the organization’s network. These devices can include the wireless access points, the router, and firewalls the administrator authorizes. A network administrator can implement various ways of identifying identity theft cases involving MAC spoofing. One of the ways they can do this is through reverse address resolution protocol (RARP). RARP can identify MAC spoofing by mapping the MAC address of a device to the IP address of the device. By doing so, the network administrator can identify devices that contain a MAC address included in the allowlist of the organization but not within the range of approved IP addresses. Another network administrator can identify cases of MAC spoofing by looking for duplicate MAC addresses.
Tracking the company’s assets faces various legal issues associated with the privacy of the company’s employees. Following the company’s assets includes keeping track of the location and the employee who has the help. In monitoring the support, the company can acquire more personal information about the employees, which can present the possibility of violating laws such as the Health Insurance Portability and Accountability Act involving data privacy. Additionally, the organization can violate privacy laws if they monitor the employees’ activities while tracking the company’s assets without notifying them about the monitoring process. Some federal and state laws prohibit organizations from watching the activities of the employees once they leave the company’s premises. However, for the security of the company’s assets, some organizations continue to track and monitor the support even after they leave the organization’s premises. The legal issues involved in asset tracking can be avoided if the organization is open about the process to the employees. If the employees allow the asset tracking process after being made aware that their activities will be monitored, then the organization can implement the asset tracking process. However, if the employees do not authorize the method, the organization should strive to amend the monitoring process to incorporate employee concerns.
Continuous Improvement Plan
Wired Equivalent Privacy (WEP) refers to the encryption protocol used to secure wireless networks of the IEEE 802.11 standard. The WEP encryption protocol involved the used use of Open System authentication as well as Shared Key authentication methods. While the Wired Equivalent Privacy was created to provide security to wireless networks in a similar manner to the protection offered by wired networks, WEP experienced some challenges that led to the safety of the wireless network being compromised. The encryption protocol used by WEP includes using steam cipher RC4 to ensure that unauthorized individuals do not access the information shared in the wireless network and CRC-32 to ensure that the data transmitted in the wireless network has not been modified during the transmission. The security vulnerability of WEP originated from RC4, where an individual with malicious intentions could access RC4 keys by using a sniffer to obtain vital information while transmitting the network’s data.
Additionally, using single shared keys through WEP increased the security vulnerability presented by WEP. To combat the security vulnerability submitted by WEP, Wi-Fi Protected Access (WPA) was introduced to address the vulnerabilities in WEP. Over the years, WAP has upgraded from WPA to WPA2, with the latest WPA technology being WPA3. WPA2 provides additional security not offered by WPA and addresses any vulnerabilities presented in WPA.
Similarly, WPA3 consists of other security features unavailable in WPA or WPA2. An advantage of WPA is that it implements a 128-bit encryption key. The WPA2 uses the Advanced Encryption Standard (AES), while the WPA3 uses the AES-256 encryption protocol. A disadvantage of both WPA and WPA2 is that both protocols use a pre-shared key, which presents the vulnerability of an attacker being able to guess the passwords. Both WPA and WPA2 make use of pre-shared keys. Pre-shared legends refer to sharing encryption keys from one user to another before the users can use the encryption keys to facilitate secure communication. The sharing of the encryption keys is conducted using a secure channel. The encryption keys used in pre-shared keys are generated using symmetric key algorithms. To comply with FIPS 140-2, the pre-shared keys used in encryption have to use cryptographic keys that are carefully generated and cannot be easily guessed. Since WPA2 makes use of the AES encryption protocol and WPA3 uses the AES-256 protocol, the pre-shared keys used in WPA2 adhered to the requirements for the protocol to be compliant with the FIPS 140-2 (Lashkari, Danesh, and Samadi, 2009).
Various wireless technologies can be used in an organization. These wireless technologies include Bluetooth, Wi-Fi, infrared, Near Field Communication (NFC), and Radio Frequency Identification (RFID). RFID technology involves the use of electromagnetic fields to provide communication between devices. One of the essential applications of RFID is it can be used to track the various assets owned by the organization. A disadvantage of using RFID is that it makes it possible to access PII, which can violate some federal and state regulations concerning privacy. Bluetooth technology is used to create a wireless peer-to-peer network. A limitation of Bluetooth technology is that it is only applicable within a limited distance and a limited number of devices in communication at a single instance. Like Bluetooth technology, NFC involves communication between two devices that use the NFC technology.
The NFC technology is also limited between the devices that can communicate via the technology and the distance within which the devices can communicate. Infrared (IR) technology applies infrared waves to facilitate communication. IR is faced with various challenges that limit its applicability. One of the challenges is the requirement for the devices communicating via IR to be in the line of sight. The IR is also limited by the distance over which the technology can achieve communication. While the organization can adopt various wireless technologies, Wi-Fi is the most suitable.
Remote Configuration Management
Remote configuration management involves making changes to devices without requiring physical access. An example is if a network administrator needs to change some of the configurations in the device used by an employee, not within the organization’s premises, they can do so through remote configuration management. Remote configuration management is implemented by installing software in the devices not within the network administrator’s physical location and installing another software on the network administrator’s side that will be used to manage the remote devices. With the installation of the remote communication software, the network administrator can conduct various management tasks on remote machines using the software. The network administrator can perform multiple remote device actions in remote configuration management. Some of the steps that the network administrator can implement include changing the configurations of the devices to increase the security of the device, remote wipe to delete any information related to the organization from compromised machines, conducting troubleshooting to identify any errors in the devices, as well as monitoring the activities undertaken in the machine.
Additionally, the network administrator can perform patch management through remote configuration management. The monitoring capability and remote wipe capability of the remote configuration management improve the security of the organization’s network. Also, the remote configuration management can notify the network administrator of any suspicious activity in the remote devices. After being notified of the suspicious activity, the network administrator can check for possibilities of unauthorized network access via the device and implement measures to limit the privileges of the device. The various uses of remote configuration management increase its advantages in the organization.
After finding an undocumented device in the company’s network, the device should be removed from the web to prevent an attack from being conducted through the machine. The removal of the unauthorized device from the organization’s network can be achieved through various means. One way to remove the device from the network is by using the administration interface of the router used in the organization. To access the administration web interface, the network would have to identify the default gateway used by the router and type the address on the browser from a computer connected to the organization’s network. An example of an address used to access the router’s web interface is http://192.168.2.1/index.html. The network administrator can identify the various devices connected to the organization network from the web interface and their IP addresses. Some routers allow the network administrator to block the devices connected to the network directly from the web interface. This is one of the ways that the network administrator can block unauthorized devices from accessing the organization’s network. Another option for removing the undocumented device from the company’s network is changing the password for the wireless network. The device cannot rejoin the grid without access to the new password. Additionally, resetting the router can return the router to the default configurations from which the network administrator can define new passwords and configurations. These passwords and configurations can then be shared amongst the authorized devices, which removes the unauthorized device from the organization’s network.
Employee Misconduct
In an organization’s network, most devices communicate with each via a central router or wireless access point. However, within the organization’s network, the employees can create a wireless ad hoc network that utilizes neither the router nor the wireless access points to communicate with each other. The communication between devices in an ad hoc wireless network communicates directly with each (Deng, Li, and Agrawal, 2002). This presents security challenges to the organization’s security. This is because the various security measures implemented in the routers and wireless access points are bypassed without using the router or wireless access points. Ignoring the security measures creates a vulnerability attackers can exploit to conduct cyber-attacks on the organization’s network. Wireless ad hoc networks also present the exposure of reducing the available bandwidth for other network users. Ad hoc wireless networks can create attacks by creating fake SSIDs, which can infect a user’s device if the user connects to counterfeit SSIDs. Self-configuring dynamic networks on open access architecture involve the networks that have automated the management process of the various configurations of a network. The self-configuring networks allow network devices to join the network without requiring any structures to be conducted by the network administrator. Hence, after joining the network, the device automatically performs the required formats, such as assigning IP addresses. While self-configuring networks reduce the administrator’s effort to manage the organization’s devices, it presents the disadvantage of not allowing the administrator to protect the organization’s network from unauthorized devices. If the aspects of self-configuring networks are adopted in ad hoc wireless networks, the security challenges of the network increase.
Ad hoc and self-configuring networks can be secured using critical management services incorporating cryptography and secure routing. In some cases, the network administrator can protect the network’s security by hiding the SSID of the organization’s wireless network. By hiding the SSID of the wireless network, the network administrator prevents unauthorized individuals from connecting to the organization’s wireless network. However, this is not an effective way to secure the organization’s network since experienced attackers can implement strict measures to identify its SSID and compromise security. A recommendation for barring the wireless network is to use encryption protocols such as WPA, WPA2, and WPA3. Validating that a network user is working outside of business hours can involve the definition of multiple rules in the network that define the authorized hours for the employees, after which, if the employee exceeds the allowed hours, the network administrator is notified.
Analyzing Wireless Traffic
Analysis of the pre-captured files of wireless traffic on the organization’s network showed that eight wireless network devices were connected to the organization’s network. Out of the eight devices, only two were identified as approved devices. This is because they were listed in the organization’s allowlist of network devices prepared by the organization’s network administrator. Cisco-Li provided the two authorized wireless access points, and their SSIDs included Coherer and Test. On the other hand, the fake access points were provided by Netgear and had various SSIDs. These SSIDs included “!!!!!!!!!!!!”, “%%%%%%%%%%%%
“, “LLLLLLLLLLLL”, “PPPPPPPPPPPP”, “XXXXXXXXXXXX”, and “88888888888”. All the fake SSIDs used Channel 6, while the approved access points used Channel 1 and Channel 48.
Similar Post: No Child Left Behind Act NCBL
References
Anderson, K. B., Durbin, E., & Salinger, M. A. (2008). Identity theft. Journal of Economic Perspectives, 22(2), 171-192.
Deng, H., Li, W., & Agrawal, D. P. (2002). Routing security in wireless ad hoc networks. IEEE Communications Magazine, 40(10), 70-75.
Hahn, A., Thomas, R. K., Lozano, I., & Cardenas, A. (2015). A Multi-Layered And Kill-Chain Based Security Analysis Framework For Cyber-Physical Systems. International Journal of Critical Infrastructure Protection, 11, 39-50.
Kim, S. J., Seo, J. H., Krishna, J., & Kim, S. J. (2008, July). Wireless Sensor Network Based Asset Tracking Service. In PICMET’08-2008 Portland International Conference on Management of Engineering & Technology (pp. 2643-2647). IEEE.
Lashkari, A. H., Danesh, M. M. S., & Samadi, B. (2009, August). A survey on wireless security protocols (WEP, WPA, and WPA2/802.11 i). In 2009 2nd IEEE International Conference on Computer Science and Information Technology (pp. 48-52). IEEE.
Rogue AP Detection. (n.d.). https://www.cisco.com/assets/sol/sb/AP541N_Emulators/AP541N_Emulator_v1.9.2/help_Rogue_AP_Detection.htm
Shetty, S., Song, M., & Ma, L. (2007, October). Rogue Access Point Detection By Analyzing Network Traffic Characteristics. In MILCOM 2007-IEEE Military Communications Conference (pp. 1-7). IEEE.
ORDER A PLAGIARISM-FREE PAPER HERE
We’ll write everything from scratch
Question 
Project 2
Today’s companies face many security challenges to their networks, and a company’s incident manager must be ready to respond to potential threats. Some of those threats can occur from the actions of well-intentioned employees who fail to follow security protocols, and others can arise from disgruntled workers who may be able to access accounts on personal devices long after leaving an organization.
Cybersecurity Incident Response
Wireless devices and bring-your–device (BYOD) computing often increase productivity and convenience in the workplace. However, such ubiquitous access to resources can significantly threaten organizational security, and BYOD computing adds another layer of concern for the incident manager.
Remote management, such as tracking and data swipes, helps to locate devices containing company data and to eliminate any unauthorized viewing of that data. Authentication, access controls, and strong encryption are just some of the security measures that need to be part of a secure wireless network and mobile device management practices in the workplace. However, security will need to evolve to protect against employees who may have malicious intent. It will need to include behavior cues as well as effective countermeasures, as the need for greater employee availability drives more wireless computing and BYOD integration in the workplace.
For this project, you will closely examine the variety of threats facing an incident manager as you develop a cybersecurity incident report (CIR) for management with an executive summary, along with an executive briefing for a company. See the project’s final step for details on the assignments’ length.
There are seven steps to complete the project. Each stage will highlight the types of threats you will encounter. Most efforts in this project should take no more than two hours to complete, and the project as a whole should take no more than two weeks to complete. Begin with the workplace scenario, and then continue to Step 1.
Step 1: Develop a Wireless and BYOD Security Plan
Since your company has instituted a bring your device (BYOD) policy, security attitudes have been lax; all sorts of authorized and unauthorized devices have been connected to the company’s wireless infrastructure. In this first step, you will develop a company’s wireless and BYOD security plan.
Use the NIST Guidelines for Securing Wireless Local Area Networks (WLANs) Special Publication 800-153 to provide an executive summary to answer other security concerns related to BYOD and wireless. Within your cybersecurity incident report, give answers to the threat of unauthorized equipment or rogue access points on the company wireless network and the methods to find other rogue access points. Describe how to detect rogue access points and how they can connect to the network. Describe how to identify authorized access points within your network.
Within your plan, including how the Cyber Kill Chain framework and approach could be used to improve the incident response times for networks.
Include this at the beginning of your CIR as the basis for all wireless- and BYOD-related problems within the network. Title the section “Wireless and BYOD Security Plan.”
Click the following link to learn more about security management: Security Management.
In the next step, you will explore a scenario on suspicious behavior, and your report will provide another section of your CIR.
Step 2: Track Suspicious Behavior
You’ve completed your wireless and BYOD security plan. Now it’s time to take a look at another workplace situation.
You have been notified of an employee exhibiting suspicious behavior. You decide to track the employee’s movements using various tools and techniques. You know the location and time stamps associated with the employee’s mobile device.
How would you track the location of the company asset?
Explain how identity theft and MAC spoofing could occur in the workplace. How would you protect against both identity theft and MAC spoofing? Address if it is feasible to determine if MAC spoofing and identity theft has occurred in the workplace. Include an allowlist of approved devices for this network. Examples may include authorized access points, firewalls, and other similar devices.
Are there any legal issues, problems, or concerns with your actions? What should be conducted before starting this investigation? Were your activities authorized, was the notification valid, or are there other concerns? Include your responses in the CIR titled “Tracking Suspicious Behavior.”
In the next step, you will explore another workplace scenario, and your responses will help you formulate a continuous improvement plan, which will become another part of your CIR.
Step 3: Develop a Continuous Improvement Plan
Now that you’ve completed the section on tracking suspicious behavior for your CIR, you are confronted with another situation in the workplace.
You receive a memo for continuous improvement in your company’s wireless network and are asked to provide a report on the wireless network used in your company. You have been monitoring the activities on the WPA2. Provide for your leadership a description of wired equivalent privacy and Wi-Fi-protected access networks for education purposes. Include the pros and cons of each type of wireless network and WPA2.
Since WPA2 uses encryption to provide secure communications, define the scheme for using preshared keys for encryption. Is this FIPS 140-2 compliant, and if not, what is necessary to attain this? Include this for leadership. Include a list of other wireless protocols, such as Bluetooth, and compare four protocols, including the pros, cons, and suitability for your company.
Include your responses in the CIR titled “Continuous Improvement Plan.”
In the next step, you will look at yet another workplace scenario and use that incident to show management how remote configuration management works.
Step 4: Develop Remote Configuration Management
You’ve completed the continuous improvement plan portion of the CIR. Now, it’s time to show how your company has implemented remote configuration management.
Start your incident report with a description of remote configuration management and how it is used in maintaining the security posture of your company’s network. Then, consider the following scenario:
An undocumented device is found on the company network. You have determined that the device’s owner should be removed from the web. Implement this and explain how you would remove the employee’s device. How would you show proof that the device was removed?
Include your responses in the CIR titled “Remote Configuration Management.”
In the next step, you will illustrate how you investigate possible employee misconduct.
Step 5: Investigate Employee Misconduct
In this portion of your CIR report, you will show how you would investigate possible employee misconduct. You have been reported that an employee has recorded logins during unofficial duty hours. The employee has set up access through an ad-hoc wireless network. Define ad hoc wireless networks and identify the threats and vulnerabilities to a company. How could this network contribute to the company infrastructure, and how would you protect against those threats? Use notional information or actual case data and discuss.
Address self-configuring dynamic networks on open access architecture, the associated threats and vulnerabilities, and the possible protections that should be implemented. From your position as an incident manager, how would you detect an employee connecting to a self-configuring or ad hoc network? Provide this information in the report. How would signal hiding be a countermeasure for wireless networks? What are the countermeasures for signal hiding? How do cybersecurity professionals on wireless networks use the service set identifier (SSID)? Are these continuously broadcast, and if not, why not? How would you validate that the user is working outside of business hours?
Include your responses as part of the CIR titled “Employee Misconduct.”
In the next step, you will use lab tools to analyze wireless traffic
Step 6: Analyze Wireless Traffic
You’ve completed several steps that you will use to present your CIR. In this step, as part of a virtual lab, you will analyze wireless traffic.
You are given access to pre-captured files of wireless traffic on the company network. This is another way to monitor employee behavior and detect any intentional or unintentional malicious behavior.
Step 7: Prepare the Cybersecurity Incident Report, Executive Briefing, and Executive Summary
You’ve completed all of the individual steps for your cybersecurity incident report. It’s time to combine the words you met in the previous actions into a single CIR.
The assignments for this project are as follows:
- Executive briefing: This is a three- to five-slide visual presentation for business executives and board members.
- Executive summary: This is a one-page summary at the beginning of your CIR.
- Cybersecurity Incident Report (CIR): Your report should be a minimum 12-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or quotations.
Submit all three documents to the assignment folder.
Deliverables: Cybersecurity Incident Report (CIR), Slides to Support Executive Briefing
Learning Competencies: 5.1, 5.3, 5.5., 5.6, 5.7, 5.9
Check Your Evaluation Criteria
Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them. To view the complete grading rubric, click My Tools, select Assignments from the drop-down menu, and then click the project title.
1.1: Organize the document or presentation that promotes understanding and meets the assignment’s requirements.
1.2: Develop coherent paragraphs or points to be internally unified and function as part of the document or presentation.
1.3: Provide sufficient, correctly cited support substantiating the writer’s ideas.
1.4: Tailor communications to the audience.
1.5: Use sentence structure appropriate to the task, message, and audience.
1.6: Follow conventions of Standard Written English.
1.7: Create neat and professional-looking documents appropriate for the project.
1.8: Create clear oral messages.
2.1: Identify and clearly explain the issue, question, or problem under critical consideration.
2.2: Locate and access sufficient information to investigate the issue or problem.
2.3: Evaluate the information logically and organize it to determine its value and relevance to the problem.
2.4: Consider and analyze information in context to the issue or problem.
2.5: Develop well-reasoned ideas, conclusions, or decisions, checking them against relevant criteria and benchmarks.
5.4: Identify potential threats to operating systems and the security features necessary to guard against them.
7.3: Knowledge of methods and tools used for risk management and mitigation.
8.1: Demonstrate the ability to detect, identify, and resolve host and network intrusion incidents.
8.2: Possess knowledge and skills to categorize, characterize, and prioritize an incident and handle relevant digital evidence appropriately.
8.3: Responds to incidents through threat mitigation, preparedness, and response and recovery approaches to preserve life, property, and information security. Investigates, analyze, and continuously improve relevant response activities and practices.
8.4: Knowledge of proper and effective communication in case of an incident or crisis.
8.5: Obtain knowledge and skills to conduct a post-mortem analysis of an incident and provide sound recommendations for business continuity.
Complete the 
Complete the order payment after filling in the order form. We’ll receive your order and assign it to a writer.
The assigned writer will complete your paper and forward it to our Editing Team for review and approval.
Once approved by the editor, the completed paper will be uploaded to your account for you to download, review and approve.