Incident summary (6 points total, 1 point deducted per wrong answer) | ||
Title of Incident: | Provide a brief descriptive name for this incident | |
Discovery date: | When was this incident discovered? | |
Start date of Incident: | When did this incident begin? (Beginning of offensive operations) | |
End date of incident: | When did this incident end? (Back to normal operations) | |
Organization affected: | What is the name of the organization that was directly impacted? | |
Number of employees | Approximate number (Use OSINT if this is not provided, provide source) | |
Revenues | Approximate revenues (Use OSINT if this is not provided, provide source) | |
Country | Where is the head office located? (Use OSINT if this is not provided) | |
Line of business | What is their main business (Use OSINT if this is not provided) | |
Cause of the incident: | Accident, Error or Voluntary? (No explanations are necessary) | |
Aspect affected: | Confidentiality, Integrity or Availability? There could be multiple answers. | |
Incident description (4 points) | ||
Provide a paragraph describing the incident itself. Don’t cover its resolution. (How would you describe this incident to me if I don’t know anything about it?) | ||
Direct impacts (4 points) | ||
Provide a description of how the operations of the affected organization have been impacted and explain why. | ||
Direct cost (4 points) | ||
Do we know anything about the direct costs of this incident for the affected organization? How has this money been spent? You can speculate or extrapolate on this if the information is not available. | ||
Incident timeline (4 points) | ||
Provide a timeline of the major events related to this incident. This should include at least the beginning of the incident, its discovery, and its resolution. | ||
Perpetrator (4 points) | ||
Do we know who is the likely perpetrator of this incident? What is our level of confidence? Why? I need answers to these 3 questions. | ||
Motivation (4 points) | ||
Do we know anything about the likely motive(why and what) for causing this incident? What is our level of confidence? Why? I need answers to these 3 questions. | ||
Vulnerabilities being exploited and techniques used by the attackers (4 points) | ||
An incident can only happen if the organization was vulnerable to something. What exploited vulnerabilities led to this incident? What specific techniques were used by the attackers? You can speculate or extrapolate on this if the information is not available. | ||
Incident resolution (4 points) | ||
What was done by the affected organization to resolve this incident and get back to normal operations? Can we say that the incident has been fully resolved or are there aspects that can never be fully resolved? I need answers to these 2 questions. | ||
Communications to external parties (4 points) | ||
Was the organization affected forthcoming on their communications? Did they seem to have a communication strategy? Did this have an impact on the outcome of this incident? I need answers to these 3 questions. | ||
Long-term impacts (4 points) | ||
Has there been or do you anticipate any long-term impacts to the organization? Why? I need answers to these 2 questions. | ||
Lessons learned (4 points) | ||
Could the organization have done anything differently to prevent this incident from happening? Can we say this organization had done their due diligence? I need answers to these 2 questions. |
Get expert help for CCCS 454 Security Incident Analysis and many more. 24X7 help, plag free solution. Order online now!