University of Maryland University College Cyber Security Incident Response Plan

Develop an eight- to 10-page Incident Response Plan to use in the event of a cyber incident. This is one of your three final deliverables

Focusing on the environmental conditions and coordination mechanisms. Include:

1. roles and responsibilities
2. phases of incident response
3. scenario—provide an incident response plan in the case of distributed data exfiltration attacks, specifically the case of loss of communications
4. activities, authorities pertaining to roles and responsibilities
5. triggering conditions for actions
6. triggering conditions for closure
7. reports and products throughout the incident response activity
8. tools, techniques, and technologies
9. communications paths and parties involved
10. coordination paths and parties involved
11. external partners and stakeholders, and their place in the coordination and communication paths
12. security controls and tracking
13. recovery objectives and priorities

The second half of your report will focus on events and processes of your active response plan. Include the following:

14. incident response checklist. Refer to the NIST Computer Security Incident Handling Guide for an example.

15. data protection mechanisms

16. integrity controls (system integrity checks) after recovery

17. a plan to investigate the network behavior and a threat bulletin that explains this activity

18. defined triggering mechanisms for continuing alerts and notifications throughout the cyber incident

19. additional aspects of the incident response plan necessary to contain a cyber incident on the international domain