11 Sep Part A: Create an Incident Response Plan
The health care organization IT staff has notified the CISO that one of the new NewTab iPads® has been misplaced, though it is not known if it was lost or stolen. The NewTab information system does not have a mobile device management capability that could track and wipe the device before the sensitive data on the device can be compromised.
Refer to the NewTab Project Profile as you complete Parts A and B below.
Part A: Create an Incident Response Plan
Create a 4- to 4.5-page incident response plan (IRP) specifically for the NewTab missing iPad incident, based on the 4 major components of incident response. Include the following in the IRP:
· Introduction
· Bulleted list of key stakeholders on the health care organization’s Response Team for the NewTab information system
· Bulleted list of compliance/regulatory requirements with respect to the health care organization and NewTab information system
· Component 1: Discovery, including the following:
· Events that should be logged and monitored with respect to the NewTab information system
· How the lost or stolen iPad® incident was discovered and reported
· Component 2: Escalation, including the following:
· Bulleted list of what triggers an event into an incident with respect to the NewTab information system
· Bulleted list of the severity of impact
· Summary of the steps for escalating the NewTab incident
· Component 3: Response, including the following:
· Summary of the planned response for the NewTab incident, including the following:
· Response to the notification of the NewTab incident
· Notification of applicable members on the Response Team
· Summary of the response
· Component 4: Reporting and Lessons Learned, including the following:
· Summary of who participates in the lessons learned for the NewTab information system incident
Part B: Create a Penetration Testing Agreement
Based on the recent incident with the NewTab information system, the CISO has been tasked with hiring a vendor to conduct independent penetration testing on the NewTab information system.
A penetration test agreement is very important to ensuring that both parties, the penetration tester and the client (your company), understand the purpose and scope of the penetration test.
Create a 2- to 3-page penetration testing agreement for the NewTab information system with the major sections listed below. Include the purpose and examples for each section.
· Scope for testing of the NewTab information system, including the following:
· Compliance/regulatory requirements
· Internal or external testing or both
· Technical testing
· Physical security testing
· Threat identification (i.e., who and what are the threats to the NewTab information system)
· Legal issues that must be considered
· Components to be tested, including the following:
· Gathering publicly available information
· Network scanning
· System/application scanning
· Privilege escalation
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.