Assignment5
Assignment Week 5
Victor Sabani
ITT Technical Institute
Assignment Week 5
1. Describe how a CIRT plan helps an organization mitigate risk.
It helps mitigate risks by identifying which person is responsible for what task in case of.
2. A computer forensic investigation has three phases. List what they are and describe the activities that happen in each phase.
The three phases of computer forensic investigations are; acquire the evidence, authenticate the evidence, and analyze the evidence. In acquiring the evidence the data is collected. Authenticating the evidence a chain of custody is used for the evidence to ensure its trustworthiness. Finally in analyzing the evidence the data is viewed and if need be a copy of the evidence can be created.
3. Following a serious incident, post-mortem review meetings are conducted to review what happened. Describe how the CIRT post-mortem review helps mitigate risk.
A CIRT plan identifies the tasks each individual team has, therefore during the review they may input critical information so that when a problem of the same category presents itself there could be steps in plan to help mitigate the response.
4. NIST SP 800-61 describes three models you can use for a CIRT. List the three models and describe how they function.
Critical incident response team: May be used by organizations with one location, or have a single team that can cover multiple locations.
Distributed incident response teams: If an organization has multiple locations this will be used, but the team at headquarters will have control of all the say at each location.
Coordinating team: Senior personnel, who provide advice to other teams, but don’t have any authority over the team.
References
Gibson, D. (2011). Managing Risk in Information Systems. Sudbury, MA: Jones & Bartlett Learning.
Victor Sabani
ITT Technical Institute
Assignment Week 5
1. Describe how a CIRT plan helps an organization mitigate risk.
It helps mitigate risks by identifying which person is responsible for what task in case of.
2. A computer forensic investigation has three phases. List what they are and describe the activities that happen in each phase.
The three phases of computer forensic investigations are; acquire the evidence, authenticate the evidence, and analyze the evidence. In acquiring the evidence the data is collected. Authenticating the evidence a chain of custody is used for the evidence to ensure its trustworthiness. Finally in analyzing the evidence the data is viewed and if need be a copy of the evidence can be created.
3. Following a serious incident, post-mortem review meetings are conducted to review what happened. Describe how the CIRT post-mortem review helps mitigate risk.
A CIRT plan identifies the tasks each individual team has, therefore during the review they may input critical information so that when a problem of the same category presents itself there could be steps in plan to help mitigate the response.
4. NIST SP 800-61 describes three models you can use for a CIRT. List the three models and describe how they function.
Critical incident response team: May be used by organizations with one location, or have a single team that can cover multiple locations.
Distributed incident response teams: If an organization has multiple locations this will be used, but the team at headquarters will have control of all the say at each location.
Coordinating team: Senior personnel, who provide advice to other teams, but don’t have any authority over the team.
References
Gibson, D. (2011). Managing Risk in Information Systems. Sudbury, MA: Jones & Bartlett Learning.
References: Gibson, D. (2011). Managing Risk in Information Systems. Sudbury, MA: Jones & Bartlett Learning.