Week 5 Assignment
Describe how a CIRT plan helps an organization mitigate risk. A CIRT plan helps an organization mitigate risk by helping the organization prepare for incidents. This allows for the company to respond to a problem quicker than they would without a plan. One of the most important benefits to the plan is the naming of a CIR team and what their responsibilities are. This allows for the organization to train the team for what skills are needed to help the company when the problem arises. Without a plan the team does not gain the benefit to analyze the response so they will not know how to correctly fix the problem.
A computer forensic investigation has three phases. List what they are and describe the activities that happen in each phase. The three phases of computer forensic investigations are; acquire the evidence, authenticate the evidence, and analyze the evidence. In acquiring the evidence the data is collected. Authenticating the evidence a chain of custody is used for the evidence to ensure its trustworthiness. Finally in analyzing the evidence the data is viewed and if need be a copy of the evidence can be created.
Following a serious incident, post-mortem review meetings are conducted to review what happened. Describe how the CIRT post-mortem review helps mitigate risk. A CIRT plan identifies the tasks each individual team has, therefore during the review they may input critical information so that when a problem of the same category presents itself there could be steps in plan to help mitigate the response.
NIST SP 800-61 describes three models you can use for a CIRT. List the three models and describe how they function. Critical incident response team: May be used by organizations with one location, or have a single team that can cover multiple locations. Distributed incident response teams: If an organization has multiple locations this will be used, but the team at headquarters will have control of all the say at each location. Coordinating team: Senior
A computer forensic investigation has three phases. List what they are and describe the activities that happen in each phase. The three phases of computer forensic investigations are; acquire the evidence, authenticate the evidence, and analyze the evidence. In acquiring the evidence the data is collected. Authenticating the evidence a chain of custody is used for the evidence to ensure its trustworthiness. Finally in analyzing the evidence the data is viewed and if need be a copy of the evidence can be created.
Following a serious incident, post-mortem review meetings are conducted to review what happened. Describe how the CIRT post-mortem review helps mitigate risk. A CIRT plan identifies the tasks each individual team has, therefore during the review they may input critical information so that when a problem of the same category presents itself there could be steps in plan to help mitigate the response.
NIST SP 800-61 describes three models you can use for a CIRT. List the three models and describe how they function. Critical incident response team: May be used by organizations with one location, or have a single team that can cover multiple locations. Distributed incident response teams: If an organization has multiple locations this will be used, but the team at headquarters will have control of all the say at each location. Coordinating team: Senior