MODULE 7 UNIT 3 Ongoing project HAR CYB Module 7 Unit 3 Ongoing project Learning outcome: LO7: Propose an incident response plan to prepare an organization in the event of an attack. Name:  1. Instructions and guidelines (Read carefully) Instructions 1. Insert your name and surname in the space provided above, as well as in the file name. Save the file as: First name Surname M7 U3 Ongoing project – e.g. Zadie Smith M7 U3 Ongoing project. NB: Please ensure that you use the name that appears in your student profile on the Online Campus. 2. Write all your answers in this document. There is an instruction that says, “Start writing here” under each question. Please type your answer there.  3. Submit your assignment in Microsoft Word only. No other file types will be accepted.  4. Do not delete the plagiarism declaration or the assignment instructions and guidelines. They must remain in your assignment when you submit.  PLEASE NOTE: Plagiarism cases will be investigated in line with the Terms and Conditions for Students.  IMPORTANT NOTICE: Please ensure that you have checked your course calendar for the due date for this assignment.  Guidelines 1. Make sure that you have carefully read and fully understood the questions before answering them. Answer the questions fully but concisely and as directly as possible. Follow all specific instructions for individual questions (e. g. “list”, “in point form”).  2. Answer all questions in your own words. Do not copy any text from the notes, readings or other sources. The assignment must be your own work only. Plagiarism declaration: 1. I know that plagiarism is wrong. Plagiarism is to use another’s work and pretend that it is one’s own. 2. This assignment is my own work. 3. I have not allowed, and will not allow, anyone to copy my work with the intention of passing it off as his or her own work. 4. I acknowledge that copying someone else’s assignment (or part of it) is wrong, and declare that my assignments are my own work. 2. Question Each unit in this module explores one of the three crucial areas of cybersecurity management that need to be considered when developing an incident response plan. This ongoing project requires you to use the knowledge gained from each of the three units to formulate and complete the 10 steps of an incident response plan, as identified in the notes from Unit 1.  If you are completing your ongoing project on Sony, you are required to create an incident response plan that the organization should have followed in light of the 2014 hack. For example, detail the detection, analysis, and containment strategies it should have employed, the crisis communications plan it should have adhered to, and recommendations for successful eradication and recovery.  Note:  All ongoing project submissions throughout the course need to focus on the same organization. Or, if you choose to focus on the case study of Sony, you will need to complete all your submissions on Sony.  It is highly recommended that you avoid disclosing any confidential information in your assignments. Although you are encouraged to draw on real-world experience during the course, you are urged to use pseudonyms (false names) and alter any sensitive details or data where necessary. You are responsible for ensuring that you do not disclose any information that is protected by confidentiality undertakings; all information is treated in accordance with our privacy policy. Please read Section 4 of the Honor Code in the Orientation Module course handbook for more guidance.   This assignment requires you to complete the 10 steps of an incident response plan. Use the suggested word counts for each section as a guide for how much detail should be contained under each step. Introduction  It is important for your incident response strategy to meet the requirements of your organizational context. Write a short introduction summarizing your type of organization, and an overview of the business-critical assets your organization relies on. You can use the information you provided in Module 3’s ongoing project, or Module 5’s online activity submission.  (Approx. 150 words)  Start writing here:  Step 1: Prevention Describe the measures your organization will take to protect against a cyberattack from both a technical and non-technical perspective.  (Approx. 150 words) Start writing here:  Step 2: Planning  List the individuals involved in your incident response team and their roles. Ensure that the roles, responsibilities, and structure of your team meets the requirements of your organizational context.  A cyber crisis communication plan is compiled in this phase, but in this incident response plan, include your plan under Step 7: Communication.   (Approx. 200 words)  Start writing here:  Step 3: Preparation  Section 2.3 in Unit 1’s notes details a number of requirements in this step, including reporting mechanisms, the preparation of checklists and jump bags, and auditing procedures. However, for the purpose of this ongoing project, you are required to detail one training exercise the incident response team will undergo. Include specific examples of scenarios or questions, and explain why you have chosen it.  (Approx. 150 words)  Start writing here:  Step 4: Detection List the tools your organization would use to detect a breach.  (Approx. 150 words)  Start writing here:  Step 5: Analysis  Explain how your organization would analyze whether an incident is a cyberattack. Also describe how you would categorize and prioritize cyberattacks in your organization. (Approx. 200 words)  Start writing here:  Step 6: Containment  Describe how your organization would prevent a cyberattack from spreading further. (Approx. 200 words)  Start writing here: Step 7: Communication  As per Section 4 of the Unit 2 notes, compile a cyber crisis communication plan detailing the internal and external stakeholders your organization would need to communicate to in the event of a breach. Describe what communication channels would be used to communicate with these stakeholders.  (Approx. 250 words)  Start writing here:  Step 8: Eradication  Provide insight into the approaches and decisions the team will take to remove the threat from your organization’s internal system. (Approx. 150 words)   Start writing here:  Step 9: Recovery Describe what steps your organization will take to return to its normal operations.  (Approx. 150 words)  Start writing here:  Step 10: Post-event analysis  List the processes that would need to be followed to ensure that lessons learned are implemented.  (Approx. 150 words)  Start writing here:  Note:  The incident response plan is a central part of an organization’s cyber risk mitigation strategy. However, as you will not have an opportunity to revise your plan based on your Tutor’s feedback in time for Module 8, you will not be required to integrate it into your final risk mitigation strategy. Please consult the grading breakdown in the Orientation Module course handbook for more information.   Your ongoing project submission will be graded according to the following rubric: Very poor Poor Satisfactory Very good Exceptional Adherence to brief  All sections in the template are completed.  No submission. OR Student fails to address any element of the brief. (0) Some key elements are not addressed. Most information provided is irrelevant. (5.5) Student adheres to most of the brief. Sufficient information is provided and is mostly relevant. (7) Student adheres to almost all elements of the brief. Almost all information is provided and is relevant. (8.5) Student fully adheres to the brief. All information provided is comprehensive and relevant. (10) Organizational context and preventative measures  Student clearly outlines the context of their chosen organization, and the business-critical assets this organization relies on. Student accurately describes the measures the chosen organization will take to prevent a cyberattack from both a technical and non-technical perspective.  Student thinks critically and incorporates learnings from the content. No submission. OR  Student fails to clearly outline the context of their chosen organization and the measures it will take to prevent a cyberattack from occurring.  There is no evidence that the student has used the content covered in the course to inform their response. (0) Student shows an incomplete understanding of their chosen organization’s context and the measures taken to prevent a cyberattack from occurring.  There is some evidence that the student has engaged with the content covered in the course, but this is not always accurately applied. (5.5) Student demonstrates satisfactory understanding of their chosen organization’s context and the measures taken to prevent a cyberattack from occurring.   The student has clearly engaged with the content covered in the course, but a more nuanced answer is required. (7) Student demonstrates a strong understanding of their chosen organization’s context and the measures it will take to prevent a cyberattack from occurring.  The answer shows a strong grasp of the content. (8.5)   Student demonstrates a thorough and an incisive understanding of their chosen organization’s context and the measures it will take to prevent a cyberattack from occurring.  The student critically applies their learning from the course. (10) Planning and preparation Student lists the individuals that will be involved in their chosen organization’s response team, and their roles. Student details one training exercise the incident response team will undergo to prepare them for a cyberattack, and provides reasoning for their choice. Student thinks critically and incorporates learnings from the content. No submission. OR  Student fails to clearly identify the individuals who will be included in the incident response team, or the training that will be required to prepare this team for an attack. There is no evidence that the student has used the content covered in the course to inform their response. (0) Student shows an incomplete understanding of the individuals who will be included in the incident response team, and the training that will be required to prepare this team for an attack. There is some evidence that the student has engaged with the content covered in the course, but this is not always accurately applied. (5.5) Student demonstrates satisfactory understanding of the individuals who will be included in the incident response team, and the training that will be required to prepare this team for an attack. The student has clearly engaged with the content covered in the course, but a more nuanced answer is required. (7) Student demonstrates a strong understanding of the individuals who will be included in the incident response team, and the training that will be required to prepare this team for an attack. The answer shows a strong grasp of the content. (8.5)   Student demonstrates a thorough and an incisive understanding of the individuals who will be included in the incident response team, and the training that will be required to prepare this team for an attack. The student critically applies their learning from the course. (10) Detect, analyze, and contain Student lists the tools their chosen organization would use to detect a breach. Student explains how their chosen organization would analyze whether an incident is a cyberattack, and how they would categorize and prioritize cyberattacks.  Student describes how their chosen organization would prevent a cyberattack from spreading further. Student thinks critically and incorporates learnings from the content. No submission. OR  Student fails to clearly identify the tools their organization would use to detect a breach, how their organization would go about analyzing, categorizing, and prioritizing an attack, and how their organization would prevent a cyberattack from spreading further. There is no evidence that the student has used the content covered in the course to inform their response. (0) Student shows an incomplete understanding of the tools their organization would use to detect a breach, how their organization would go about analyzing, categorizing, and prioritizing an attack, and how their organization would prevent a cyberattack from spreading further. There is some evidence that the student has engaged with the content covered in the course, but this is not always accurately applied. (5.5) Student demonstrates satisfactory understanding of the tools their organization would use to detect a breach, how their organization would go about analyzing, categorizing, and prioritizing an attack, and how their organization would prevent a cyberattack from spreading further. The student has clearly engaged with the content covered in the course, but a more nuanced answer is required. (7) Student demonstrates a strong understanding of the tools their organization would use to detect a breach, how their organization would go about analyzing, categorizing, and prioritizing an attack, and how their organization would prevent a cyberattack from spreading further. The answer shows a strong grasp of the content. (8.5)   Student demonstrates a thorough and incisive understanding of the tools their organization would use to detect a breach, how their organization would go about analyzing, categorizing, and prioritizing an attack, and how their organization would prevent a cyberattack from spreading further. The student critically applies their learning from the course. (10) Communicate and eradicate Student compiles a cyber crisis communication plan detailing the internal and external stakeholders their chosen organization would need to communicate to in the event of a breach, and describes what channels would be used to communicate with these stakeholders. Student identifies the approaches and decisions the team will take to remove the threat from their chosen organization’s internal system. Student thinks critically and incorporates learnings from the content. No submission. OR  Student fails to clearly compile a cyber crisis communication plan, or to describe what channels would be used to communicate with stakeholders during a cyberattack. Student fails to identify the approaches and decisions the team will take to remove the threat from their chosen organization’s internal system. There is no evidence that the student has used the content covered in the course to inform their response. (0) Student shows an incomplete understanding of a cyber crisis communication plan and the channels that would be used to communicate with stakeholders during a cyberattack. Student shows an incomplete understanding of the approaches and decisions the team will take to remove the threat from their chosen organization’s internal system. There is some evidence that the student has engaged with the content covered in the course, but this is not always accurately applied. (5.5) Student demonstrates satisfactory understanding of a cyber crisis communication plan, and the channels that would be used to communicate with stakeholders during a cyberattack. Student demonstrates a satisfactory understanding of the approaches and decisions the team will take to remove the threat from their chosen organization’s internal system.  The student has clearly engaged with the content covered in the course, but a more nuanced answer is required. (7) Student demonstrates a strong understanding of a cyber crisis communication plan, and the channels that would be used to communicate with stakeholders during a cyberattack. Student demonstrates a strong understanding of the approaches and decisions the team will take to remove the threat from their chosen organization’s internal system. The answer shows a strong grasp of the content. (8.5)   Student demonstrates a thorough and an incisive understanding of a cyber crisis communication plan, and the channels that would be used to communicate with stakeholders during a cyberattack. Student demonstrates a thorough and incisive understanding of the approaches and decisions the team will take to remove the threat from their chosen organization’s internal system. The student critically applies their learning from the course. (10) Recovery and post-event analysis Student describes what steps their chosen organization will take to return to its normal operations after a cyberattack.  Student lists the processes that would need to be followed to ensure that lessons learned are implemented.  Student thinks critically and incorporates learnings from the content. No submission. OR  Student fails to clearly describe the steps their organization will take to recover from a cyberattack, or the processes that will be followed to ensure that lessons learned are implemented.  There is no evidence that the student has used the content covered in the course to inform their response. (0) Student shows an incomplete understanding of the steps their organization will take to recover from a cyberattack, and the processes that will be followed to ensure that lessons learned are implemented.  There is some evidence that the student has engaged with the content covered in the course, but this is not always accurately applied. (5.5) Student demonstrates satisfactory understanding of the steps their organization will take to recover from a cyberattack, and the processes that will be followed to ensure that lessons learned are implemented.  The student has clearly engaged with the content covered in the course, but a more nuanced answer is required. (7) Student demonstrates a strong understanding of the steps their organization will take to recover from a cyberattack, and the processes that will be followed to ensure that lessons learned are implemented.  The answer shows a strong grasp of the content. (8.5)   Student demonstrates a thorough and an incisive understanding of the steps their organization will take to recover from a cyberattack, or the processes that will be followed to ensure that lessons learned are implemented.  The student critically applies their learning from the course. (10) Application of course content to organizational context Student accurately applies the learnings from the course content to their own organization or Sony’s unique context.  No submission. OR The student has not made use of their organization’s unique organizational context and constraints to inform their response. (0)  Student demonstrates a limited understanding of their organization’s unique context and constraints and context. (5.5)  Student demonstrates a satisfactory understanding of their organization’s context and constraints; however, a there is room for deeper engagement with its nuances. (7)  There is clear evidence that the student has thought about their organization’s unique context and constraints, and catered for this in their strategy accordingly. (8.5) There is strong evidence that the student understands and thinks carefully about their organization’s unique context and constraints, and has provided recommendations in their strategy accordingly. (10)  Organization of writing Answers are structured clearly and logically. No submission or complete lack of logical structure. (0) Answer has some logical structure, but not enough to justify a passing grade. (5.5)  Answer is structured fairly well in terms of logic and clarity. (7) Answer is structured very well in terms of logic and clarity. (8.5)  Answer is structured exceptionally well in terms of logic and clarity. (10) Total: 80 marks