Develop policies and procedures to address the following areas
dynamic vulnerability analysis, intrusion detection, and incident response. The description should include the critical aspects of each area in measurable terms, as well as the role various technologies play in executing the policy and procedure strategy.
Course Goals:
1. Develop and utilize policies, procedures, and technologies for incident analysis.
3. Develop incident response plans and procedures that maintain investigative integrity for a variety of incidents and exposures.
4. Incorporate incident management, containment, identification, eradication, and recovery.
7. Utilize forensic techniques to determine extent of incidents and formulate corrective and evidentiary-based response.
8. Incorporate analysis and response results into appropriate action plans, reporting information sharing, improvement cycles, and exposure elimination.
Scenario:
Greiblock Credit Union (GCU) is a $5 billion financial services firm with a central office located in Chicago, Illinois, and approximately 100 branch offices located throughout the Midwest. The central office provides primary technical services for the all of the corporate locations including branch offices. This is done through a centralized architecture housed in the Chicago data center. Because of security considerations, no IT services are outsourced.
GCU has been the victim of an increasing number of security situations including fraud, identity theft, and cyber attacks. The GCU Board of Directors has charged you with ensuring that proper policies and procedures are in place to proactively address these situations. They ask that these policies and procedures be developed with a set of metrics so that their effectiveness can be determined. These metrics should include what is to be measured, how measured, and what actions will be performed with the information. Specific areas that you must address include dynamic vulnerability analysis, intrusion detection, and incident response.
These policies and procedures should include one technical and one social aspect for each of the three areas (dynamic vulnerability analysis, intrusion detection, and incident response). These policies and procedures should be in the following format: 1) Purpose, 2) Scope, 3) Policy, 4) Enforcement, 5) Metrics. Incorporate subtopic areas as appropriate – i.e., 1.1, 1.2, etc.
Deliverables:
You need to design policies, procedures, and metrics to address the following areas: dynamic vulnerability analysis, intrusion detection, and incident response. The description should include the critical aspects of each area in measurable terms, as well as the role various technologies play in executing the policy and procedure strategy. Your paper should have a title page, table of contents, overview with references, followed by the policies and procedures in following format: 1) Purpose, 2) Scope, 3) Policy, 4) Enforcement, 5) Metrics. Note that the policies and procedures should be delivered in an applied business policy format for GCU, not as an academic research paper explaining general polices.
Grading Rubric/Criteria:
This assignment is worth 10 percent of your total grade.
Criteria
Excellent A (90+)
Satisfactory B (80-89)
Needs Improvement (below 80)
Policies and procedures to address dynamic vulnerability analysis.
(20%)
Policies, procedures, and metrics to address dynamic vulnerability analysis are fully developed and logically presented.
Policies, procedures, and metrics to address dynamic vulnerability analysis are sufficiently developed and logically presented.
Policies, procedures, and metrics to address dynamic vulnerability analysis are not sufficiently developed and/or logically presented.
Policies and procedures to address intrusion detection.
(20%)
Policies, procedures, and metrics to address incident response are fully developed and logically presented.
Policies, procedures, and metrics to address incident response are sufficiently developed and logically presented.
Policies, procedures, and metrics to address incident response are not sufficiently developed and/or logically presented.
Policies and procedures to address incident response.
(20%)
Policies, procedures, and metrics to address incident response are fully developed and logically presented.
Policies, procedures, and metrics to address incident response are sufficiently developed and logically presented.
Policies, procedures, and metrics to address incident response are not sufficiently developed and/or logically presented.
Quality of documented support (10%)
Assignment thoroughly incorporates the appropriate references in the literature. Correct APA format.
Assignment applies the appropriate references in the literature. Correct APA format.
The scope of the research presented in the assignment is inadequate. Errors in APA format.
Organization (5%)
The content is well organized with clear transitions among major subtopics.
The content is generally well organized with some improvement possible in transitioning among subtopics.
The organization of the content is confusing without clear transitions among subtopics.
Writing style (10%)
Graduate level writing is reflected throughout the paper, including accurate spelling, punctuation, grammar and sentence structure.
Writing is acceptable, a few errors in spelling, punctuation, grammar, and/or sentence structure.
Writing does not meet graduate standards. Unacceptable number of errors in spelling, punctuation, grammar, sentence structure, and/or citation format.
Overall Quality (15%)
Above average relative to rest of class.
Approximately class average.
Below class average.
Assessment:
