Discussion
Select ONE of the following security incidents and provide the following information:
1. A SQL Injection was performed by a hacker, resulting in the loss of PII data.
2. You have discovered a covert leak (exfiltration) of sensitive data to China.
3. Malcious code or malware was reported on multiple users' systems.
4. Remote access for an internal user was compromised - resulting in the loss of PII data.
5. Wireless access. You discovered an "evil twin" access point that resulted in many of your users connecting to the hacker's access point while working with sensitive data.
6. Compromised passwords. You discovered that an attacker used rainbow tables to attack your domain's password file in an offline attack. Assume that all of your user's passwords are compromised.
7. A DoS or DDoS was performed against your system, resulting in the loss of 3 hours of downtime and lost revenue.
Paragraph 1: IRT Team. What would the IRT team look like for this incident (who would be on the team to be able to effectively handle the event)? Justify your choices.
Paragraph 2: Approach. Address HOW you would respond. What logs or tools would you use to identify/analyze the incident? What would alert you to the incident? What tools would you use to contain/recover from the incident?
Paragraph 3: Metrics. Who would you measure your team's response effectivenss? What measurements/metrics would you track?
The response should include a reference list. Double-space, using Times New Roman 12 pnt font, one-inch margins, and APA style of writing and citations.