Assignment 9

See instructions below on group assignment. Write five pages on the bulleted list below. See attached for group working template. Include references from relevant sources.


Digital Forensic Response and Investigation Plan
Digital Incident Team
 IR Forensic Response and Response Approaches 


Group Assignment instructions
Business Continuity Planning is  focused on keeping a business as operational as possible during a  crisis.  In the event that the crisis was the result of some sort of  cyber incident, the business continuity efforts should incorporate the  needs of the incident response team in a complimentary fashion.  The  goals of business continuity include returning to normalcy as quickly as  possible.  The goals of incident response may be somewhat counter to  that as determining the cause of an incident can delay business  continuity efforts.  As you work through this assignment, think about  the requirements for forensically investigating a security breach while  balancing the need for business continuity and rapid return to normalcy  within the organization.
For this assignment each team prepares  a written report that analyzes how to preserve as much information as  possible for the incident response team while attempting to not  significantly impact business continuity efforts. This assignment  centers on a hacking/intrusion attack that disrupts major business  functions within the organization. The specific context is a large  manufacturing company with extensive intellectual property distributed  across multiple locations in the United States and Latin America. There  have been several recent small scale attacks that appear to be  reconnaissance efforts for a larger scale attack.  Within your report  each team must address the following:
1) Forensic  Response and Investigation Plan – this is a scenario specific forensic  response plan for the following major systems within the organization:   materials requirements planning, distribution, finance, and intellectual  property/document management.  This would include a forensic  investigative response approach for suspected security  breach/unauthorized access of each of the four major systems previously  listed, as well as a catastrophic failure of each system. Response  approaches should include people, equipment, tools/technologies, and  other considerations. The plans should also include a priority  classification for the various aspect  of the systems involved in the breach or failure, as well as a  sequenced staging plan for when and how systems can be brought online as  part of the business continuity effort.  You should identify the key  forensic artifacts and how they can be preserved for investigation and  potential legal pursuit.  Your artifacts must be preserved in a state  that can provide proper attribution of the security breach or  catastrophic failure.
2) Coordination  Plan – this outlines the necessary steps and measures needed to  optimize business continuity while minimizing the potential for  compromising the incident response and cause investigation effort.
3) Metrics  – this will be used to measure various aspects of the incident, how it  occurred, and the steps that can be put in place to reduce the chance  for a similar problem in the future.  Additionally, outline steps and  measures that will be put in place to help determine if the entire  situation caused by a security breach or catastrophic failure has been  completely resolved.  For example, in a security breach situation  describe how it will be determined that all unauthorized access has been  eliminated after initial response has been completed.  This may include  some form of ongoing monitoring – both internal and external to the  organization.