I need support with this Computer Science question so I can learn better.
Incident Response Plan
CYB 670 Project 2: Nations Behaving Badly
This is a group project and my task is Incident Response Plan
See attach for deliverable
Also,see the attached sample you can reword it if you choose but if you follow the sample i will be satisfied.
Prior to the summit, your nation team was tasked with setting up its own independent secure comms network. Now, at 3 a.m., just hours before the summit begins, you receive a text message from your CISO that reads: “I need to meet with the team immediately about an urgent matter. Please come to the conference room next to my hotel room now so we can discuss it.”
You quickly dress and head to the conference room. When you arrive, she breaks the news to your team: The nation hosting the summit has detected exfiltration in its IDS (intrusion detection system). It is likely that this pattern of network traffic could result in buffer overflows or other vulnerabilities such as denial of service. Each nation’s server is at risk.
“The report shows that the pattern of network traffic is anomalous,” says the CISO. “And the point of origin is internal. Someone at the summit is involved in this.”
Given the nature of the summit, participants understand that all nations are allied and have a common goal. “None of the FVEY members would have done this,” says a colleague. “It’s got to be the Russians or the Chinese. Friends don’t read each other’s mail.”
The CISO says, “No one is above suspicion here. Our FVEY partners have been known to both collect intelligence and seek to embarrass other partners when it suited their strategic needs. It could have been anyone. Until we know for sure, though, we will continue to regard them as allies.”
Leaders of the nations at the summit agree they all need to perform forensic analysis on their respective systems to identify the bad actor.
Your CISO continues. “Let’s get to the bottom of this. We’re all familiar with DDoS attacks; do you think that’s what we’re dealing with here? Or do you think there’s more? Use our packet sniffing tools to analyze the network traffic. Additionally, we need to identify attack vectors and attributes. Give me any information you can find on the tools, techniques, and the identity of this bad actor. Also, establish an incident response plan that we can use in case of another cyber event.”
“Our systems went down due to this DDoS. We need to examine the service-level agreement to see what it will take to get the summit back up and running. After our analysis, we need to quickly let our allies know how to protect their networks through an indicator sharing report.
“Remember, no one is above suspicion—not even our allies. Got it?”
Everyone nods in agreement. The CISO says, “Good. Now get to work. I’m going to try to go back to sleep for a few hours.”