Complete the 10 steps of an incident response plan. Use the suggested word counts for each section as a guide for how much detail should be contained under each step.
Introduction
It is important for your incident response strategy to meet the requirements of your organizational context. Write a short introduction summarizing your type of organization, and an overview of the business-critical assets your organization relies on. You can use the information you provided in Module 3’s ongoing project.
(Approx. 100 words)
Start writing here:
Step 1: Prevention
Describe the measures Sony should have taken to protect against a cyberattack from both a technical and non-technical perspective.
(Approx. 100 words)
Start writing here:
Step 2: Planning
List the individuals involved in your incident response team and their roles. Ensure that the roles, responsibilities, and structure of your team meets the requirements of your organizational context.
A cyber crisis communication plan is compiled in this phase, but in this incident response plan, include your plan under Step 7: Communication.
(Approx. 200 words)
Start writing here:
Step 3: Preparation
Section 2.3 in Unit 1’s notes details a number of requirements in this step, including reporting mechanisms, the preparation of checklists and jump bags, and auditing procedures. However, for the purpose of this ongoing project, you are required to detail one training exercise the incident response team will undergo. Include specific examples of scenarios or questions, and explain why you have chosen it.
(Approx. 100 words)
Start writing here:
Step 4: Detection
List the tools Sony should have used to detect the breach.
(Approx. 100 words)
Start writing here:
Step 5: Analysis
Explain how Sony should have analyzed whether an incident is a cyberattack. Also describe how Sony should categorize and prioritize cyberattacks.
(Approx. 150 words)
Start writing here:
Step 6: Containment
Describe how Sony should have prevented the cyberattack from spreading further.
(Approx. 150 words)
Start writing here:
Step 7: Communication
As per Section 4 of the Unit 2 notes, compile a cyber crisis communication plan detailing the internal and external stakeholders Sony should have communicated at the time of the breach. Describe what communication channels would be used to communicate with these stakeholders.
(Approx. 200 words)
Start writing here:
Step 8: Eradication
Provide insight into the approaches and decisions the team should have taken to remove the threat from Sony’s internal system.
(Approx. 100 words)
Start writing here:
Step 9: Recovery
Describe what steps Sony should have taken to return to its normal operations.
(Approx. 100 words)
Start writing here:
Step 10: Post-event analysis
List the processes that would need to be followed to ensure that lessons learned are implemented.