Implement and Evaluate an Incident Response Plan

Assessment Overview (524)

Scenario

Skillage IT was established in 1996 to provide information technology solutions for small to medium-sized businesses. You can learn more about Skillage IT from their website.

You have joined Skillage IT and are working within their ICT department as an ICT Technician. As part of your job role, you are required to back up the system, restore information, secure the system and information and use licensed software in a stand-alone or client-server environment.

Skillage IT has several policies on their website under their Forms & Resources web page. This includes a Cybersecurity Response Plan, but your supervisor Kim wants you to develop an incident response plan that will cover any adverse event, not just cyberattacks.

This section includes the following additional information to assist you:

▢ Organisational Requirements for IT Technicians

▢ Existing Security Policies

▢ Organisational Change Management Procedures

▢ ICT Business Specifications

▢ Risk Analysis Tools and Methodologies

▢ ICT Security Assurance Specifications

▢ Organisational Requirements for IT Technicians

The organisational requirements for technicians to work on client computers state that:

▢ You must be professional in your conduct and behaviour.

▢ Ensure you identify and rectify the problems in a timely fashion.

▢ Your work will require you to work on hardware and software testing, servicing and maintenance.

Evaluate and analyse current practices.

Develop new criteria and procedures for performing current practices.

Use and update a change-management system.

Review and assess change requirements.

Plan and implement change procedures according to organisational guidelines and client requirements.

Prepare and deliver training appropriate to the client.

You must ensure that the client uses the legal and authorised copies of the software applications and tools.

All breaches must be reported to the workplace supervisor or manager.

Existing Security Policies

The existing organisational security policies, organisational expertise and knowledge and possible security environment, including threats to security that are, or are held to be, present in the environment state the following:

Organisational requirements should be taken into account at all times.

Verify that all network computers are running current and legal versions of the software.

Use help-desk procedures, such as:

▢ Customer contact centre or general contact point that then consults with a supplier or other technician.

▢ Customer contact centre staffed by technicians capable of solving problems.

Use the professional methods for assessment, such as:

▢ Review of candidate’s plan for modification of the system.

▢ Direct observation of the candidate testing system changes for performance and identifying and resolving problems.

▢ Review of candidate’s technical documentation.

▢ Direct observation of the candidate delivering training.

Organisational Change Management Procedures

Organisational change management procedures include the following information:

▢ Identify what will be improved.

▢ Present a solid business case to stakeholders.

▢ Plan for the change.

▢ Provide resources and use data for evaluation.

▢ Communication on change management processes and procedures.

▢ Monitor and manage resistance, dependencies, and budgeting risks.

▢ Review, revise and continuously improve.

ICT Business Specifications

The ICT business specifications state the following:

▢ 10% increment in the budget allocation for ICT hardware and software.

▢ The cost estimate should clearly define the purpose of every project, what it will accomplish, what assumptions are made, how long the estimate is valid, and how much the project will cost.

▢ All estimates should be flexible, adaptable and provide a range of the costs involved.

▢ Management will assess the accuracy of cost estimates and budgets.

▢ Not scoping the project thoroughly enough, misunderstanding technical difficulties, and making changes are the most common reasons projects do not adhere to cost estimates and budgets.

▢ Every change should be documented thoroughly.

▢ Management should consider how changes affect other phases of the project.

▢ Management must comply with all federal and state legislation and regulatory requirements.

▢ Also, includes information regarding the future plan, growth forecast, technical requirements and timeline.

▢ A simple, yet effective tool is to use a spreadsheet to prepare the cost estimate and keep all the important data visible in cells, instead of hidden in formulas.

Risk Analysis Tools and Methodologies

The risk analysis tools and methodologies should be researched and selected based on the following threats:

▢ Accident

▢ Cyberattack

▢ Denial of service

▢ Espionage

▢ Information technology failure

▢ Sabotage

▢ Security

▢ Telecommunications network failure

▢ Virus attack

▢ Weather, such as storms and earthquake

ICT Security Assurance Specifications

ICT security assurance specifications include the following information:

▢ Audit trails

▢ Client training

▢ International Organisation for Standardization (ISO), International Electrotechnical Commission (IEC) and Australian Standards (AS) standards

▢ Maintaining equipment inventory

▢ Naming standards

▢ Project management templates and report writing

▢ Satisfaction reports

▢ Version control

▢ Numerical and technical system data

▢ Mathematical equations to calculate data for technical reports

Project Objectives

The purpose of this assessment is to develop and implement an incident response plan.

The following are the goals and objectives to complete this assessment task:

▢ Prepare to develop an incident response plan

▢ Identify and document organisational incident response plan requirements

▢ Identify and document incident response team services according to organisational requirements

▢ Identify incident response plan structure according to organisational requirements

▢ Determine and document the alignment of the organisation’s existing incident response plan against identified requirements

▢ Submit documentation to required personnel, seek and respond to feedback

▢ Develop the incident response plan

▢ Develop and document incident management policy according to task requirements

▢ Create incident response plans according to organisational requirements and security policies and procedures

▢ Develop incident handling and reporting procedures

▢ Create incident response exercises, red-teaming activities, staffing and training requirements

▢ Develop a procedure for collecting and protecting forensic evidence during incident response procedures according to organisational requirements

▢ Establish and document incident the response plan

▢ Implement the incident response plan

▢ Apply response actions to reported security incident according to incident response plan and task requirements

▢ Assist in collecting, processing and preserving evidence according to requirements

▢ Execute incident response plans, red-teaming activities and incident response exercises

▢ Document security incident response and actions according to task requirements

▢ Collect, analyse and report incident management measures according to task requirements

▢ Evaluate incident response plans

▢ Assess and document efficiency and effectiveness of incident response plans activities

Examine and document the effectiveness of red teaming and incident response tests, training and exercises

Assess the effectiveness of communication between incident response team and required internal and external organisations

Determine and document response improvement activities

Submit documentation to required personnel and obtain final task sign off

Workplace Option: Alternatively, you can use your workplace environment to complete this assessment:

NOTE: You will be required to submit all supporting resources that are similar or equal to the documents that are used in the Simulated Case Study. Without the submission of these supporting documents and resources, your trainer/assessor may deem your submission Not Yet Satisfactory.

Upskilled complies with all Privacy legislation. All submitted documents are confidential and will not be shared with other organisations or 3rd party vendors.

This is an individual assessment.

To ensure your responses are satisfactory, you should consult a range of learning resources and other information such as textbooks, and learner resources in Canvas, etc.

All questions must be answered to gain competency for this assessment.

This assessment task requires you to complete different assessment activities as per the given scenario.

You must use the given templates while giving the answers.

Your Trainer/Assessor will assess your work according to the given performance criteria/ performance checklist.

If you have any questions about the project or the resources required to complete this assessment contact your Trainer/Assessor.

Your Role and Responsibilities

As part of your job role, you have the following job responsibilities:

Monitors outcomes of decisions, considering results and identifying key concepts and principles that may be adaptable in the future

Interprets, analyses and documents numerical and technical system data

Uses mathematical equations to calculate data for technical reports

Uses listening and questioning techniques to confirm task requirements and relevant information using succinct language

Analyses textual information and data to determine necessary actions

Prepares required workplace documentation detailing processes and outcomes using cohesive language

Uses a variety of relevant communication tools and strategies in building and maintaining effective working relationships

Influences and fosters a collaborative culture facilitating a sense of commitment and workplace cohesion

Understands diversity and seeks to integrate diversity into the work context for managing change, making decisions and achieving shared outcomes

Monitors and reviews the organisation's policies, procedures and adherence to legislative requirements to implement and manage change

Works autonomously, making high-level decisions to achieve and improve organisational goals

Develops and implements strategies that ensure organisational policies, procedures and regulatory requirements are met

Operates from a broad conceptual plan, developing the operational detail in stages, regularly reviewing priorities and performance during implementation, and identifying and addressing issues

Roles and Responsibilities of Participants

Throughout the project, you will be required to communicate with your participants, either face to face or remotely through teleconferencing or the use of social media technologies or applications.

Your friends, family members or fellow students (befriend students in the course discussion forums) will play the part of participants in the variety of roles for each of the activities. All participants need to be (18) eighteen years of age or older. They can be the same people or differing people for each of the activities. The general role your participant will play is to:

Assist you in completing the project on time

Be active and engaging participants helping to support you to perform at your best

Participant: Supervisor (Kim)

The supervisor is the individual who supervises you in your job role. They belong to a higher rank or status. Their role and responsibilities are:

Assist you to complete the project on time

Help you to clarify relevant information

Review the incident response plan and provide feedback

Provide final sign off for incident response plan

Assessment Requirements

Successful submission of the project means that you submit evidence for all Activities listed below. You are to submit this document and all documents listed in the Assessment Checklist at the end of this document:

Activity 1: Prepare to develop an incident response plan (Written & Audio)

Activity 2: Develop an incident response plan (Written)

Assessment Activities

Activity 1: Prepare to develop an incident response plan (Written & Audio)

This assessment activity will be performed in two parts:

Part A: You are required to prepare for the development of an incident response plan (Written).

Part B: You are required to arrange and participate in a meeting with your supervisor to confirm requirements for the incident response plan and seek feedback (Audio).

Part A: Prepare to develop an incident response plan (Written)

For this assessment activity, you must complete the following template:

Incident Response Plan Preparation

Determine the organisational requirements for the incident response plan (50-100 words).

Review Skillage I.T,’s existing policies and identify possible areas for improvements against the organisational requirements (50-100 words).

Create the incident management policy (500-1000 words) including the following criteria: Purpose Scope Incident management process Legislation and regulation requirements Summary

Identify at least two (2) services required by the incident response team (50 -100 words).

Describe the required structure of the incident response plan (50-100 words).

Create at least three (3) procedures for incident handling and reporting (50-100 words).

Develop at least two (2) response exercises and red-teaming activities (50-100 words).

Create at least two (2) specific processes for collecting and protecting forensic evidence during the incident response (50-100 words).

Identify incident response staffing and training requirements (50-100 words)

Part B: Submit documentation and confirm requirements (Audio)

In this part of the assessment, you are required to arrange and participate in a meeting with your supervisor (your participant) to submit your documentation from Part A, confirm requirements for the incident response plan and seek feedback.

▢ Arrange the meeting

This part requires you to:

▢ Read and understand the task requirements

▢ Identify the purpose of the meeting

▢ Select the right participant to attend the meeting

▢ Decide where and when to hold the meeting

▢ Decide what time the meeting will start and end

Confirm the availability of the participant and space to conduct the meeting. If meeting off-site, think of a location that is convenient and suits your needs. If it is a virtual meeting, include dial-in information.

Prepare a preliminary meeting agenda to participate in a meeting with your participant

Topics you want to discuss

Seek input from the participants

Identify the next steps to complete the task

You must use the Arrange a Meeting template (Appendix 1) to document your response.

Arrange a Meeting Template

Application task requirements

Write a brief of what is required to be completed and identify the purpose of the meeting (30-50 words).

Expectations and requirements (30-50 words).

Meeting requirements

Who is Participating?

Why are they participating (10-20 words)?

Where will the meeting occur?

When the meeting occurs?

Provide evidence (screenshots of emails) of arranging the meeting, confirming the availability of the participants and space.

Meeting agenda

Meeting agenda items:

The next steps to complete the task:

Participate in the meeting

This part requires you to participate in the meeting with your participant. Remember to audio record the meeting.

When participating in the meeting, you are required to:

▢ Greet the client and discuss the purpose of the meeting.

Discuss the following:

▢ Incident Response Plan Preparation

▢ Gather feedback from the client.

▢ Confirm understanding of requirements, present information and obtain feedback using applicable language

▢ Obtain verbal approval from the supervisor.

▢ Record any required actions that are required.

▢ Use listening and questioning techniques to confirm task requirements and relevant information using succinct language.

The supervisor will:

▢ Clarify their doubts by asking questions.

▢ Provide feedback and approval as required.

After the meeting, you are then required to:

▢ Prepare the Meeting Minutes template.

You must use the Meeting Minutes Template (Appendix 2) to complete this part of the activity.

Meeting Minutes Template
Date / Time:
Location:
Chairperson:
Meeting Attendees: Full names and rolls
Agenda Item/Topic	Discussion/Outcomes	Action Officer	Due Date
Welcome
(Agenda item 1) Topic?
(Agenda item 2) Topic?
(Agenda item 3) Topic?
(Agenda item 4) Topic?
Overall Summary:
Decisions Made: (What, Why, Impacts)
Actions: (Next steps)
Signatures: (All attendees)
Signature of attendee 1: Signature of attendee 2:

Record the meeting

This part requires you to upload the recorded meeting with your participant.

Refer to Activity 1 Assessors Observation Checklist when conducting this meeting.

The audio should be between 5 and 8 minutes in duration.

Save your submission in an appropriate format:

Audio files must be saved in WAV, MP3, AAC, WMA or FLAC format.