Throughout your career in cybersecurity management, you will be asked to manage and protect your company’s IT department to support the company’s strategic goals and mission. Computer security incident response is an important component of IT programs. Performing an incident response is a complex undertaking. Establishing the capability to respond successfully to an incident requires substantial planning and resources. As a leader in a company’s network operations center (NOC), you will be tasked with assessing the company’s risk management and cybersecurity posture. As vulnerabilities and threats arise, you will be responsible for determining the who, what, when, where, and why of these events. Additionally, you will report your findings to upper management, describe how you contained these events, and provide recommendations to limit or prevent these events from happening again.
SCENARIO
You are an incident response (IR) manager working in the newly formed Network Operations Center (NOC) for Psinuvia Inc. After a number of web exploits were reported in the news, the Board of Directors for Psinuvia asked you to validate the company’s security. Following the NOC’s standard operating procedure (SOP), you are asked to run a vulnerability assessment in addition to your regular scans for intrusions on Psinuvia’s systems.
Along with detecting and reporting intrusions, per the SOP, you must perform a vulnerability scan to determine whether or not a vulnerability exists on the system(s) with the potential issue and provide a report to upper management for review.
For this task, you will use the Performance Assessment Lab Area accessed by the Performance Assessment Lab Area link to access the virtual lab environment necessary to run the vulnerability scan. For the full vulnerability and intrusion scans, you will need to complete parts 1, 2, and 3 of the virtual lab environment. Screenshots must be taken in the lab environment and will include your name.
A. Summarize the events that lead to the discovery of the potential vulnerability. Record your summary in the attached “NOC Reporting Template.”
Vulnerability Scan
B. Run the vulnerability scanning tool to confirm the presence of any vulnerabilities and provide the complete scan outputs as Appendix A in the attached “NOC Reporting Template.”

Scan Summary
C. Summarize the results of the vulnerability scans and intrusion alarms, including which systems and data were compromised. Be sure to address the basic assessment questions from the attached “Incident Response Plan” as part of your submission. Record your responses in the attached “NOC Reporting Template.”
Detailed Analysis
D. Explain the steps taken to identify any exploited systems and data that are included in the scope of the incident. Provide screenshots of specific examples within the logs, illustrating your findings as part of your documentation in the attached “NOC Reporting Template.” The screenshots should be taken within the lab environment and will include your name.
Scan Response
E. Identify the event level of the incident, who needs to be contacted, and when should they be contacted based on the company’s incident response plan. Record your responses in the attached “NOC Reporting Template.”
Remediation
Scan Response

E. Identify the event level of the incident, who needs to be contacted, and when should they be contacted based on the company’s incident response plan. Record your responses in the attached “NOC Reporting Template.”

Remediation

F. Justify the interventions you will use to quarantine and remediate the compromised machine using industry best practices. Record your responses in the attached “NOC Reporting Template.”

Recommendations
G. Recommend both administrative controls and technical controls that the NOC could apply to prevent or limit the damage from a similar incident in the future. Record your recommendations in the attached “NOC Reporting Template.”
H. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or summarized.
I. Demonstrate professional communication in the content and presentation of your submission.

CYBERSECURITY MANAGEMENT II – TACTICAL