Question

• You will learn how to write a post-incident executive summary report detailing an incident event and corrective actions taken.

Assignment Requirements

You have been working as a technology associate in the information systems department at Corporation Techs for almost three months now. Yesterday, you got an e-mail, which specified that a security breach has occurred in your company. The other members of your team also received such e-mails. You checked the firewall logs and it confirmed the security breach.

Later, your team took corrective actions in the environment. They isolated the incident and assessed the damage. Today, your manager calls you and asks you to create an executive summary report detailing the events to be presented to executive management. You need to include a summary of corrective options, which may be in the form of architectural adjustments or other configuration changes that will prevent the reoccurrence of this incident in the future.

Tasks

You need to create a post-incident executive summary report that addresses a security breach. Include an overview of actions taken at each phase of the incident response. Also include suggestions for corrective modifications that would prevent the incident from reoccurring.

Answer 1

Security breach has been observed in the organisation and these are the summary steps taken after observing the attack.
1)The source of the breach has been observed and had been contained from spreading to the other departments and layers in the organisation. This include reset passwords, disconnecting the network access to the affected systems.
2)After containing the breach the steps are taken to stop it from further damage.
3)Assessed the damage and causes for the damage.
4)Notified to those who are affected in the damage like customers or vendors.
5)Consulting a security audit to assess the current security architecture and preparation for future attacks has been made.
Some other suggestions for corrective modifications that would prevent the incident from reoccurring are:
1)Enforcing strong passwords for the employees.
2)Monitoring of data through extra-net and limiting the downloads from it.
3)Educate the employees about the current cyber security threats,actions and Train them in required areas accordingly.
4)Encrypting the data.
5)All vulnerabilities in the system has to be detected and patched.
6)Update the software being used.
7)A breach plan has to be made.