Wilmington University Computer Security Incident Response Team Paper Understand CSIRT process and be able coordinate and respond to CERT. Understand an
Wilmington University Computer Security Incident Response Team Paper Understand CSIRT process and be able coordinate and respond to CERT. Understand and be able to apply Zero Trust to an environment Zero Trust
Zero Trust, Zero Trust Network, or Zero Trust Architecture refer to security concepts and threat
model that no longer assumes that actors, systems or services operating from within the security
perimeter should be automatically trusted, and instead must verify anything and everything
trying to connect to its systems before granting access. The term was coined by a security analyst
at Forrester Research (Forrester 2017)
Over the next two weeks, you will be a security consultant hired by a mobile bank. The bank is
not “Brick and Mortar” they are online only. Your job is to write a proposal for them to
implement a Zero Trust environment. (both internal and external networks cannot be trusted)
Identify Your Sensitive Data
Map the Data Flows of Your Sensitive Data
Architect Your Network
Create Your Automated Rule Base
Continuously Monitor the Ecosystem
For this assignment, a minimum of 50 PowerPoint slides. APA style applies.
CSIRT – Computer Security Incident
Response Team
CSIRT – “One particular organizational entity that may be established to help coordinate
and manage the incident management process in an organization is a computer security
incident response team” (us-cert.gov)
The team’s mission is to focus on minimizing damage, and recovering quickly.
Responsibility: Collects and analyzes all evidence, determines root cause, directs the other
security analysts, and implements rapid system and service recovery
CSIRT incident handling activities include:
determining the impact, scope, and nature of the event or incident
understanding the technical cause of the event or incident
identifying what else may have happened or other potential threats resulting from the
event or incident
researching and recommending solutions and workarounds
coordinating and supporting the implementation of the response strategies with other
parts of the enterprise or constituency,1 (Links to an external site.) including IT groups
and specialists, physical security groups, information security officers (ISOs), business
managers, executive managers, public relations, human resources, and legal counsel
disseminating information on current risks, threats, attacks, exploits, and
corresponding mitigation strategies through alerts, advisories, Web pages, and other
technical publications
coordinating and collaborating with external parties such as vendors, ISPs, other
security groups and CSIRTs, and law enforcement
maintaining a repository of incident and vulnerability data and activity related to the
constituency that can be used for correlation, trending, and developing lessons learned
to improve the security posture and incident management processes of an organization
For your assignment, you work in the information security department of a hospital. You
are responsible for all CERTs that are reported at the national level that impact the
hospital’s systems/infrastructure.
You will be responding to this vulnerability listed below. :
https://www.kb.cert.org/vuls/id/119704/ (Links to an external site.)
Microsoft Windows Task Scheduler SetJobFileSecurityByName privilege escalation
vulnerability
Following the guidelines in the syllabus, document who, what, and how the CSIRT will
respond to this CERT. You can approach this as a bullet point format with steps/roles or in
research paper form all in APA format. I want to be able to see that you understand the
different facets of incident response.
Main focus: Understand CSIRT process and be able coordinate and respond to CERT.
Short paper on topic (4-5 pgs)*
Purchase answer to see full
attachment
