Team Assignment. Responding to a Security Breach. IT Essay

***YOU ONLY NEED TO DO THE METRICS PORTION OF THIS ASSIGNMENT.
This is a team assignment, but I have only been assigned the metrics portion, should be about 2 pages. Metrics is below next to #3.
Here are the instructions for the whole assignment so you have the big picture.
This week's team assignment is to build a digital forensic business continuity plan. A digital forensic team would follow this plan in order to determine the cause of an incident that required the activation of the business continuity plan. One of the plan's objectives should be to educate key areas within the organization about the artifacts that need to be preserved for an investigation. This should focus on key systems—e-mail, databases, human resources, financial, and production. The plan should be directed toward information security incidents, not events such as major storms or other natural disasters.
-Business Continuity Planning is focused on keeping a business as operational as possible during a crisis. In the event that the crisis was the result of some sort of cyber incident, the business continuity efforts should incorporate the needs of the incident response team in a complimentary fashion. The goals of business continuity include returning to normalcy as quickly as possible. The goals of incident response may be somewhat counter to that as determining the cause of an incident can delay business continuity efforts. As you work through this assignment, think about the requirements for forensically investigating a security breach while balancing the need for business continuity and rapid return to normalcy within the organization.
For this assignment each team prepares a written report that analyzes how to preserve as much information as possible for the incident response team while attempting to not significantly impact business continuity efforts. This assignment centers on a hacking/intrusion attack that disrupts major business functions within the organization. The specific context is a large manufacturing company with extensive intellectual property distributed across multiple locations in the United States and Latin America. There have been several recent small scale attacks that appear to be reconnaissance efforts for a larger scale attack. Within your report each team must address the following:
1) Forensic Response and Investigation Plan – this is a scenario specific forensic response plan for the following major systems within the organization: materials requirements planning, distribution, finance, and intellectual property/document management. This would include a forensic investigative response approach for suspected security breach/unauthorized access of each of the four major systems previously listed, as well as a catastrophic failure of each system. Response approaches should include people, equipment, tools/technologies, and other considerations. The plans should also include a priority classification for the various aspect of the systems involved in the breach or failure, as well as a sequenced staging plan for when and how systems can be brought online as part of the business continuity effort. You should identify the key forensic artifacts and how they can be preserved for investigation and potential legal pursuit. Your artifacts must be preserved in a state that can provide proper attribution of the security breach or catastrophic failure.
2) Coordination Plan – this outlines the necessary steps and measures needed to optimize business continuity while minimizing the potential for compromising the incident response and cause investigation effort.
3) Metrics – this will be used to measure various aspects of the incident, how it occurred, and the steps that can be put in place to reduce the chance for a similar problem in the future. Additionally, outline steps and measures that will be put in place to help determine if the entire situation caused by a security breach or catastrophic failure has been completely resolved. For example, in a security breach situation describe how it will be determined that all unauthorized access has been eliminated after initial response has been completed. This may include some form of ongoing monitoring – both internal and external to the organization.
There are two (2) required deliverables for each team:
Written report -- the length of this paper should be 13-17 pages double spaced not inclusive of the cover page, table of contents, reference pages, or any appendix. Submit your final report in MS Word format and post it in the Collaborative Documents area in your Study Group. The citations and the reference list in the paper should be formatted in accordance with APA 6th edition guidelines.
Prezi presentation (not PowerPoint) -- prepare a brief “Executive Summary” presentation (no more than 10 slides), that is intended to be presented to the senior corporate management at XYZ, Inc. summarizing your recommendations. In addition to the slides, your presentation should include the accompanying Prezi note pages wherever applicable.
You must use the study group area for all communications as I will be monitoring this to evaluate the contribution level of each student. If you hold a chat session, please post a transcript of the chat in your study group area. Please minimize the use of e-mail as I cannot review this for contributions. Substantive communications should be within the study group area and e-mail is reserved for short messages or notices to check the study group area.

CSEC662 Team Assignment Instructions

Due Date: End of Week 10
--------------
Note: The student must check the file(s) right after submission to make sure the right file(s) are submitted. No resubmission after the due date is allowed without prior approval from the instructor. Only valid submission in the correct assignment folder can be graded.

--------------

Objective:

Analyze the requirements for forensically investigating a security breach while balancing the need for business continuity and rapid return to normalcy within the organization.

Competencies:

Team building skills/systems thinking. Please watch this short video to see team work as an important social competency for success in today's Cybersecurity environment: http://polaris(dot)umuc(dot)edu/de/csi/CYBER/pyramid/Hierarchy_of_competencies_.swf

Instructions: 

Team Assignment Rules:

1) Team Assignment is required for every student as an important component of graduate education.
2) Team memberships are decided by the instructor objectively according to the alphabetical order of students' last names with no exceptions.
3) No personal preferences from any student will be accepted by the instructor in deciding the team memberships.
4) Each team size can be 5, 6, or 7 in this order of preference. The instructor can use size 7 only if he/she has to. Team size difference between any two teams should be no more than 1. 
5) Each team shall select a team leader to coordinate the progress and outline the milestones within two weeks after receiving the Team Assignment.
6) Individual grade on the team assignment may vary based on student peer reviews and instructor evaluation of actual individual participation and contribution.
-----------------------

Business Continuity Planning is focused on keeping a business as operational as possible during a crisis.  In the event that the crisis was the result of some sort of cyber incident, the business continuity efforts should incorporate the needs of the incident response team in a complimentary fashion.  The goals of business continuity include returning to normalcy as quickly as possible.  The goals of incident response may be somewhat counter to that as determining the cause of an incident can delay business continuity efforts.  As you work through this assignment, think about the requirements for forensically investigating a security breach while balancing the need for business continuity and rapid return to normalcy within the organization.

For this assignment each team prepares a written report that analyzes how to preserve as much information as possible for the incident response team while attempting to not significantly impact business continuity efforts. This assignment centers on a hacking/intrusion attack that disrupts major business functions within the organization. The specific context is a large manufacturing company with extensive intellectual property distributed across multiple locations in the United States and Latin America. There have been several recent small scale attacks that appear to be reconnaissance efforts for a larger scale attack.  Within your report each team must address the following:

1)    Forensic Response and Investigation Plan – this is a scenario specific forensic response plan for the following major systems within the organization:  materials requirements planning, distribution, finance, and intellectual property/document management.  This would include a forensic investigative response approach for suspected security breach/unauthorized access of each of the four major systems previously listed, as well as a catastrophic failure of each system. Response approaches should include people, equipment, tools/technologies, and other considerations. The plans should also include a priority classification for the various aspect of the systems involved in the breach or failure, as well as a sequenced staging plan for when and how systems can be brought online as part of the business continuity effort.  You should identify the key forensic artifacts and how they can be preserved for investigation and potential legal pursuit.  Your artifacts must be preserved in a state that can provide proper attribution of the security breach or catastrophic failure.

2)    Coordination Plan – this outlines the necessary steps and measures needed to optimize business continuity while minimizing the potential for compromising the incident response and cause investigation effort.

3)    Metrics – this will be used to measure various aspects of the incident, how it occurred, and the steps that can be put in place to reduce the chance for a similar problem in the future.  Additionally, outline steps and measures that will be put in place to help determine if the entire situation caused by a security breach or catastrophic failure has been completely resolved.  For example, in a security breach situation describe how it will be determined that all unauthorized access has been eliminated after initial response has been completed.  This may include some form of ongoing monitoring – both internal and external to the organization.

There are two (2) required deliverables for each team:

1. Written report -- the length of this paper should be 13-17 pages double spaced not inclusive of the cover page, table of contents, reference pages, or any appendix. Submit your final report in MS Word format and post it in the Collaborative Documents area in your Study Group. The citations and the reference list in the paper should be formatted in accordance with APA 6th edition guidelines.
   
   
   
2. Prezi presentation (not PowerPoint) -- prepare a brief “Executive Summary” presentation (no more than 10 slides), that is intended to be presented to the senior corporate management at XYZ, Inc. summarizing your recommendations. In addition to the slides, your presentation should include the accompanying Prezi note pages wherever applicable.
   
   You must use the study group area for all communications as I will be monitoring this to evaluate the contribution level of each student. If you hold a chat session, please post a transcript of the chat in your study group area. Please minimize the use of e-mail as I cannot review this for contributions. Substantive communications should be within the study group area and e-mail is reserved for short messages or notices to check the study group area.