Assignment 2: Incident Response (IR) Revamp

Points: 75

Assignment 2: Incident Response (IR) Revamp

Criteria

Unacceptable

Below 60% F

Meets Minimum Expectations

60-69% D

Fair

70-79% C

Proficient

80-89% B

Exemplary

90-100% A

1. Explicate the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures.

Weight: 25%

Did not submit or incompletely explicated the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures.

Insufficiently explicated the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures.

Partially explicated the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures.

Satisfactorily explicated the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures.

Thoroughly explicated the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures.

2. Discuss in detail the role that an IDS / IPS would play in the IR efforts and explain how these systems can assist in the event notification, determination, and escalation processes.
Weight: 20%

Did not submit or incompletely discussed in detail the role that an IDS / IPS would play in the IR efforts and did not submit or incompletely explained how these systems can assist in the event notification, determination, and escalation processes.

Insufficiently discussed in detail the role that an IDS / IPS would play in the IR efforts and insufficiently explained how these systems can assist in the event notification, determination, and escalation processes.

Partially discussed in detail the role that an IDS / IPS would play in the IR efforts and partially explained how these systems can assist in the event notification, determination, and escalation processes.

Satisfactorily discussed in detail the role that an IDS / IPS would play in the IR efforts and satisfactorily explained how these systems can assist in the event notification, determination, and escalation processes.

Thoroughly discussed in detail the role that an IDS / IPS would play in the IR efforts and thoroughly explained how these systems can assist in the event notification, determination, and escalation processes.

3. Explain how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident-handling procedures are taken.

Weight: 25%

Did not submit or incompletely explained how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident-handling procedures are taken.

Insufficiently explained how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident-handling procedures are taken.

Partially explained how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident-handling procedures are taken.

Satisfactorily explained how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident handling procedures are taken.

Thoroughly explained how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident-handling procedures are taken.

4. Explain how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts and describe the potential issues that could arise if not utilized.

Weight: 15%

Did not submit or incompletely explained how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts and did not submit or incompletely described the potential issues that could arise if not utilized.

Insufficiently explained how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts and insufficiently described the potential issues that could arise if not utilized.

Partially explained how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts and partially described the potential issues that could arise if not utilized.

Satisfactorily explained how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts and satisfactorily described the potential issues that could arise if not utilized.

Thoroughly explained how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts and thoroughly described the potential issues that could arise if not utilized.

5. 3 references

Weight: 5%

No references provided

Does not meet the required number of references; all references poor quality choices.

Does not meet the required number of references; some references poor quality choices.

Meets number of required references; all references high quality choices.

Exceeds number of required references; all references high quality choices.

6. Clarity, writing mechanics, and formatting requirements

Weight: 10%

More than 8 errors present

7-8 errors present

5-6 errors present

3-4 errors present

0-2 errors present