Malicious code or malware was reported on multiple users’ systems
Select ONE of the following security incidents and provide the following information:
2. You have discovered a covert leak (exfiltration) of sensitive data to China.
3. Malicious code or malware was reported on multiple users’ systems.
4. Remote access for an internal user was compromised – resulting in the loss of PII data.
Paragraph 1: IRT Team. What would the IRT team look like for this incident (who would be on the team to be able to effectively handle the event)? Justify your choices.
Paragraph 2: Approach. Address HOW you would respond. What logs or tools would you use to identify/analyze the incident? What would alert you to the incident? What tools would you use to contain/recover from the incident?
Paragraph 3: Metrics. Who would you measure your team’s response effectiveness? What measurements/metrics would you track?
Answer preview to malicious code or malware was reported on multiple users’ systems
APA
669 words