Part 1: Research Incident Response Plans Note: In this part of the lab, you will research incident response teams to form a basis for their purpose and usage. Understanding the reason behind an incident response team is key to understanding the related policies and procedures.

1. 1. Using your favorite search engine, search for a sample incident response plan.
2. 2. Review the plan.
3. 3. Describe the key components within the incident response plan you identified. Be sure to cite the plan by including a link.
4. 4. In your browser, navigate to https://www.cynet.com/incident-response/incident-response-sans-the-6-steps-in-depth/.
5. 5. Review the six steps listed on the website.
6. 6. Outline the six-step methodology for performing incident response. List each step and its purpose. How closely does the plan that you reviewed follow this methodology?

Note: It is impossible to know at the beginning of any incident whether the case might become a court case. A good incident response team should approach every incident assuming that evidence documentation is required.

Part 2: Create an Incident Response Policy (0/7 completed)Note: There are many types of incident response plans. Remember that a plan is different from a policy. A policy is a high-level document that describes the organization’s stance on the particular topic and how it will comply with related governance and laws. A plan, on the other hand, is how the policy will be executed. An incident response plan should be generic enough to cover a variety of scenarios but also specific enough that an organization can quickly mobilize during an incident. Names of specific people should never be used in an incident response plan. Rather, roles and titles should define who is responsible for what portion(s) of the plan.

1. 1. Navigate to “Security Policy Templates” at https://www.sans.org/information-security-policy/, then locate and review the “Security Response Plan Policy”.
2. 2. Describe how this policy would be associated with an incident response plan.

Note: When responding to an incident, remember who the provider of information is and who the consumer is. Senior management approves the response policy and budget, but it does not possess the subject matter expertise to handle the incident. Meanwhile, the incident response team should make only recommendations to management, not make decisions that might impact business. It is up to senior management to either give or deny approval.

Management remains the consumer and chief decider, based on information provided to it by the experts.

1. 1. Review the following characteristics of the fictional Bankwise Credit Union:

• The organization is a local credit union that has several branches and locations throughout the region.
• Online banking and use of the internet are the bank’s strengths, given its limited human resources.
• The customer service department is the organization’s most critical business function.
• The organization wants to be in compliance with the Gramm-Leach-Bliley Act (GLBA) and IT security best practices regarding its employees.
• The organization wants to monitor and control use of the internet by implementing content filtering.
• The organization wants to eliminate personal use of organization-owned IT assets and systems.
• The organization wants to monitor and control use of the e-mail system by implementing e-mail security controls.
• The organization wants to implement this policy for all the IT assets it owns and to incorporate this policy review into its annual security awareness training.
• The organization wants to create an incident response team to deal with security breaches and other incidents if attacked and provide full authority for the team to perform whatever activities are needed to maintain chain of custody in performing forensics and evidence collection.
• The organization wants to implement this policy throughout the organization to provide full authority during a crisis to the incident response team over all physical facilities, IT assets, IT systems, applications, and data owned by the organization.

1. 1. Create an incident response policy that grants team members full access and authority to perform forensics and maintain a chain of custody for physical evidence containment. Create this policy for the Bankwise Credit Union.

Bankwise Credit Union

Incident Response Team – Access and Authorization Policy

Policy Statement
Insert policy verbiage here.

Purpose/Objectives
Insert the policy’s purpose as well as its objectives; use a bulleted list for the policy definition. Define the incident response team members and the authorization and authority granted to them during a crisis or while securing an incident situation.

Scope
Define this policy’s scope and whom it covers. What elements, IT assets, or organization-owned assets are within the scope of this policy? What access and authority are granted to the incident response team members that may be outside of standard protocol?

Standards
Does this policy point to any hardware, software, or configuration standards? If so, list them here and explain the relationship of this policy to these standards

Procedures
Explain how you intend to implement this policy across the organization. Also, define and incorporate the six-step incident response approach here along with how the chain of custody must be maintained throughout any evidence collection process.

Guidelines
Explain any roadblocks or implementation issues that you must address in this section and how you will overcome them per defined policy guidelines.

Challenge Exercise Note: The following challenge exercise is provided to allow independent, unguided work – similar to what you will encounter in a real situation.

Having an incident response plan is a great first step. However, if the plan is never tested, it likely will not work in a scenario when needed. One way to test an incident response plan is to execute a tabletop exercise. During a tabletop exercise, a probable scenario is created, and all incident response team members are required to meet and discuss the scenario. The purpose of the exercise is to see which parts of the plan work well and which parts fail. Once the exercise has been completed, the incident response team (along with policy and plan writers and other stakeholders) meet to update the plan as necessary.

As the CISO and leader of the organization’s incident response team, you are required to hold an annual tabletop exercise involving the incident response team.  Before the exercise can begin, you must complete the following tasks:

Identify and define an incident scenario for Bankwise Credit Union. The incident must involve some type of cybersecurity issue.

Create a brief abstract of the scenario to be approved by C-level executives.

Controls and Events Programming Assignment Instructions 

Overview

Matthew 28:19-20
Therefore go and make disciples of all nations, baptizing them in the name of the Father and of the Son and of the Holy Spirit, and teaching them to obey everything I have commanded you. And surely I am with you always, to the very end of the age.” 

For your first visual basic assignment you are going to create a basic assignment to present a picture of your choice, a Bible Verse on the importance of mission work, and information on a Missionary of your Choice.  It is so important to understand our call to serve.  This is your chance to show an example of serving. 

Instructions 

When the application runs the user will see the picture of your choice and a Bible Verse on mission work. The form will have the option to close the application and a mission button. When the mission button is pressed, the user will be presented with an image of a missionary of your choice and a label with information on the missionary.

The following steps must be completed. 

1. Form Setup

a. Your form should have 2 buttons, 2 images, 1 label, and 1 textbox. 

b. Name the initial form frmAssignment1 and put Assignment 1 in its title bar.

c. Set the backcolor of the form to a color of your choice in the properties menu.

d. Lock all controls on the form 

e. Create access keys for the buttons for both buttons.

f. The tab order of the buttons should go from Missions to Quit. The form should open with the Missions button as the highlighted option. 

2. PictureBox

a. Add two PictureBox controls to your form and name the PictureBox picStudentImage and picMissionary

b. Import an image for both picture boxes to the resources of the project (Make sure you save the image in the project folder before you inport it to the resources folder)

c.  Use the stretch image property for the image

d. Make the picMissionary not available for vieiwing at the run of the application.

3. TextBox

a. Name the textbox txtVerse and enter a Bible verse on why missionary work is important. 

b. The font of the textbox should be something other than the default Microsoft Sans Serif. 

c. The text should be center aligned. 

d. The text box should be multi-line. 

e. The backcolor and forecolor should be different from the default.

f. The user should not be able to tab to the text box.

4. Label

a. A label should be created called lblMissions. 

b. The label should be created on the form but not show on the load. 

c. The label should include the missionary name, your name and your teacher name and the date you finished your project.. **This is a main requirement and the assignment will not be accepted without this detail.

5. Mission Button

a. When the Missionary button is pressed the lblMissions label is displayed using the visible property. 

b. The Missionary image is also made visible

6. Quit Button

a. The application will quit

7. Code

a. Create a comment section at the beginning of the code with the name of the assignment, purpose of the assignment, and your name. Comments must be throughout each sub of the application. 

b. Remove any subs that are not utilized by the program

Based on your prioritized top 10 InfoSec policies from your Week 3 Homework Assignment, create a full draft version of the highest priority policy (3-4 pages). Use the “CYB454 Sample Full Draft Information Security Policy” file attached below as guide for formatting your policy. The heading must contain at least the following information: Policy Number, Policy Title, Version Number, Effective Date, Approving Authority (executive); and you can optionally include in the heading: Category and/or Previous Version(s). Additionally, you can include a Revision History either near the beginning or the end of the policy. Using the example format, preceding the policy, you must provide 3-4 paragraphs as an explanation of how you propose to start implementing the policy in the company of your selected option. The policy itself must start at the top of a new page. 

Assignment outcomes: (1) Full draft version of the highest priority InfoSec policy; preceded by (2) an explanation of how you would start implementing it

You should have two websites for  questions 1,2,3  and 4 

Website 1 : 

Your favorite web site  overseas and preferably NOT English Language. And its short description. The URL must have the country extension.

Example of websites with county extension

www.——–.ac.in             : Website in India

Do your web search and the find the website that you want to use.   And provide the screenshot the first page of your website.

Website 2: 

Your favorite web site in the USA preferably English Language (it can be sports team, car manufacture, fashion, music band, restaurant or your favorite person’s website or something similar).  And provide the screenshot the fist page of your website.

Have these two websites for the following questions. 

QUESTION 1: 

Using  Whois domain lookup to see the ownership and tenure of a domain name.

https://www.whois.com/whois

And provide the report of each website by providing  for each website.

• Registrant Contact Name and City:
• Registered On and Expires On:

QUESTION 2: 

Open the MS command prompt on your computer and do     ping to your two websites one by one. And, provide the screenshots. Answer the following questions for each website.

For example C:\Users\myComputer > ping  www.Your Favorite Website.com

• How many packets were sent?
• How many packets were received?
• Approximate time of round trip
• TTL ( allocated time to live for the package ) for each website

( get the screenshot of the PING report for both  and paste them on this MS word)

QUESTION 3:  

Windows-based system, use the command prompt and execute tracert and the URL of the two websites that you have declared. tracert will be displaying the route and measuring transit delays of packets across Internet.

For example C:\Users\myComputer > tracert www.Your Favorite Website.com

Compare both results by identifying all intermediate hops between the nodes for each URL.

Write the number stops (hops) achieved for each website. Which one has more hops ? Why?

QUESTION 4: 

Open the command prompt and for each web site do nslookup (name space lookup)

nslookup allows you to query the D N S database from any computer on a network.

1. a) Do nslookup form your computer command line to find the IP address of the web sever of the two websites

Example C:\Users\myComputer > nslookup  www.Your Favorite Website.com. And,

Use https://www.ipvoid.com/find-website-ip/  to Find the IP address of  the web sever of the two websites  Compare the  Ip addresses you have gathered form nslookup and ipvoid.com  for the same website.

1. b) Then use https://www.iplocation.net/ to see location  of a website.  And provide short report on; country, region and city of each websites’ server location (for each website)

QUESTION 5:  

Use the undersea fiber optic cable map (https://www.submarinecablemap.com/) and answer the following questions.

1. Find the Caucasus Cable System on the undersea fiber optic cable map. And visit the owner of the cable and see what kind of products they offer.
2. Select a fiber line between USA and Japan and provide the following

Ready for service date (RFS):

Cable Length:

Owners:

URL:

Landing Points ( the main ones )

And copy/past the screenshot of cable map here. Us can use Snipping tool.