ISOL_533_Final_paper1Final_paperAPA_FormatCover_pageExecutive

ISOL 533 Final paper

1

Final paper

APA Format

Cover page

Executive Summary

Introduction

Main Body

Conclusions and Recommendations

References

Appendices

2

introduction

Tell about the company and the issues being presented in the paper

What approach are you taking?

What risk management methods are you using?

3

Main body

Consists of the sections you have written

Threats and vulnerabilities

Risk Assessment, Risk Mitigation, BIA and BCP

DRP and CIRT

Make sure that you state how the research applies to the company

What problem have you solved, transferred or mitigated?

4

conclusion

Summarize what you did

What does the company need to do going forward?

Carvend sales inc IT Network

CarVend Sales

CarVend Finance

CarVend Delivery

Lenders, Banks, Finance Companies, Credit Rating Agencies

Trucking Companies for shipping, small car dealerships, Car Vending machines

Online Customers

Application Servers

Data Servers

Rack Servers

Web Servers

Rack Servers

Data Centers

In addition to online customers, the vendors, creditors, and financial institutions will be accessing the network

Project overview

Overview

Write paper in sections

Understand the company

Find similar situations

Research and apply possible solutions

Research and find other issues

10

CarVend Sales inc

You are an Information Technology (IT) intern

CarVend Sales Inc.

Specializes in online and vending machine sales of new and used cars

Headquartered in Seattle, Washington

Three other locations

Portland Oregon

Phoenix, Arizona

Los Angeles, California

Over 1000 employees

$750 million USD annual revenue

11

Data centers

Each location is near a data center

Managed by a third party vendor

Production centers located at the data centers

12

Carvend sales inc

CarVend Sales

Handles customer purchases, trades and returns

Online sales

Small car lots

CarVend Finance

Web Portal to qualify customers for purchases

Accepts various payment methods including debit, credit cards and loan financing

CarVend Delivery

Vendors who deliver cars to buyers homes

Vendors that deliver to vending machines

13

CarVend Sales IT network

Four corporate data centers

Over 1000 data severs

700 corporate laptops

Mobile devices such as tablets in vendor delivery trucks

Networked vending machines

14

Management request

Current risk assessment was done quickly when the company was founded

Your assignment is to create a new one

Additional threats may be found during re-evaluation

No budget has been set on the project

Threats identified

Loss of company data due to hardware being removed from production systems

Loss of company information on lost or stolen company-owned or vendor assets, such as mobile devices and laptops

Loss of customers due to production outages caused by various events, such as natural disasters, change management, unstable software, and so on

Internet threats due to company products being accessible on the Internet

Insider threats

Changes in regulatory landscape that may impact operations

APA Formatting and Style Guide

Purdue OWL staff

Brought to you in cooperation with the Purdue Online Writing Lab

Welcome to “APA Formatting and Style Guide”. This Power Point Presentation is designed to introduce your students to the basics of APA Formatting and Style Guide. You might want to supplement the presentation with more detailed information posted on Purdue OWL http://owl.english.purdue.edu/owl/resource/560/01/

*

The American Psychological Association (APA) citation style is the most commonly used format for manuscripts in the social sciences.

APA regulates:

Stylistics
In-text citations
References

What is APA Style?

Publication Manual of the American Psychological Association, 6th ed., contains detailed guidelines to formatting a paper in the APA style. APA style is most commonly used for formatting papers in the Social Sciences—business, economics, psychology, sociology, nursing, etc. Updates to APA are posted on the APA website www.apastyle.org. You may also reference the Purdue OWL: http://owl.english.purdue.edu/.

APA format provides writers with a format for cross-referencing their sources--from their parenthetical references to their reference page. This cross-referencing system allows readers to locate the publication information of source material. This is of great value for researchers who may want to locate your sources for their own research projects. The proper use of APA style also shows the credibility of writers; such writers show accountability to their source material. Most importantly, use of APA style can protect writers from plagiarism--the purposeful or accidental use of source material by other writers without giving appropriate credit.

*

Personal pronouns where appropriate

: “We conducted an experiment…”
: “The authors conducted an experiment….”

Active voice rather than passive voice

: “We asked participants questions.”
: “The participants have been asked questions by the researchers.”

Point of View &Voice

APA format is not limited by the rules of citing the sources- in-text citations and entries in the list of References. It also regulates the stylistics of conveying research.

This slide introduces the basics of APA stylistics related to the point of view and voice in an APA paper, which encourages a writer to use personal pronouns and the active voice. The explanations are provided with examples.

This slide can be supplemented by the relevant section from OWL http://owl.english.purdue.edu/owl/resource/560/15/

*

Language in an APA paper should be:

Clear: be specific in descriptions and explanations

Concise: condense information when you can

Plain: use simple, descriptive adjectives and minimize figurative language

Language

This slide explains the APA requirements to language of an APA paper.

Clarity and conciseness are the major concern when reporting research in APA . It is not easy to balance clarity (which requires providing clarification) and conciseness (which requires packing information). To achieve clarity, a writer should avoid vague wording and be specific in descriptions and explanations. To achieve conciseness, a writer should condense information. Because APA format is widely used in science-related papers, the language of APA format is plain and simple. A writer should avoid using metaphors and minimize the use of figurative language, which is typical for creative writing.

This slide can be supplemented by the relevant sections from OWL

http://owl.english.purdue.edu/owl/resource/560/15/

http://owl.english.purdue.edu/owl/resource/560/14/

and “Conciseness in academic writing” handout http://owl.english.purdue.edu/owl/resource/572/01/

*

The Literature Review:

Summarizes scientific literature on a particular research topic
Includes:
a title page,
introduction, and
a list of references

Types of APA Papers

This slide introduces two most commonly used genres in APA format: the literature review and the experimental report (also known as the research article).

The literature review paper, which is the summary of what the scientific literature in the discipline field says about the topic of research, is the genre students likely encounter in their academic studies. The paper includes the title page, introduction and a list of references.

The experimental report or research article provides an account of conducted research. This genre includes the title page, abstract, introduction (which is the review of the published studies on the research topic with the purpose to find the niche for the reported study), method, results, discussion, references, appendices (optional). The experiential report often contains tables and figures. See the slides describing APA format of tables and figures.

This slide can be supplemented by the relevant section from OWL http://owl.english.purdue.edu/owl/resource/560/13/

*

The Experimental Report:

Describes your experimental research
Includes:
a title page,
abstract,
introduction,
methods, results, and discussion sections,
a list of references,
appendices,
tables, and
figures

Types of APA Papers

This slide introduces two most commonly used genres in APA format: the literature review and the experimental report (also known as the research article).

The literature review paper, which is the summary of what the scientific literature in the discipline field says about the topic of research, is the genre students likely encounter in their academic studies. The paper includes the title page, introduction and a list of references.

The experimental report or research article provides an account of conducted research. This genre includes the title page, abstract, introduction (which is the review of the published studies on the research topic with the purpose to find the niche for the reported study), method, results, discussion, references, appendices (optional). The experiential report often contains tables and figures. See the slides describing APA format of tables and figures.

This slide can be supplemented by the relevant section from OWL http://owl.english.purdue.edu/owl/resource/560/13/

*

If your paper fits neither category:

Follow the general format

Consult the instructor

Consult the APA Publication Manual

Types of APA Papers

The general format, which is introduced in the following six slides, regulates formatting papers of any genre students may encounter in their academic studies. For students, consulting the instructor about the specific requirement is the safest policy. For authors of manuscripts prepared for submission to scientific journal, consulting Publication Manual is a must.

This slide can be supplemented by the “Other papers” section from OWL http://owl.english.purdue.edu/owl/resource/560/13/

*

Your essay should:

be typed,
double-spaced,
have 1” margins,
use 10-12pt. Standard font (ex. Times New Roman), and
be printed on standard-sized paper (8.5”x 11”)

[Note: If you are writing a manuscript draft, APA suggests using two spaces between sentences to aid readability (see pp.87-88 in the APA manual).]

General APA Format

This slide presents the general format of an APA formatted paper: An essay should be typed and double-spaced on the standard-sized paper (8.5”x11”) with 1” margins on all sides. Times New Roman or similar font in 10-12 pt. size should be used. The document should include a page header indicating a short title of the essay and a page number in the upper right-hand of every page (including the title page).

*

Every page of your essay should:

Include a page header (Title, all caps) in the upper left-hand corner and
the page number in the upper right

General APA Format

This slide presents the general format of an APA formatted paper: An essay should be typed and double-spaced on the standard-sized paper (8.5”x11”) with 1” margins on all sides. Times New Roman or similar font in 10-12 pt. size should be used. The document should include a page header indicating a short title of the essay and a page number in the upper right-hand of every page (including the title page).

*

Your essay should

include four major

sections:

References

Main Body

Abstract

Title page

General APA Format

This slide introduces four required part of an APA paper: a title page, abstract, main body (essay itself), and a list of References. An abstract page and list of references are titled as Abstract and Reference, respectively.

It is important to remind students that each page should have a page header with a short title and page number.

This slide can be supplemented by the “General Format” section from OWL http://owl.english.purdue.edu/owl/resource/560/01/

*

Title:

(in the upper half of the page, centered)

name (no title or degree) + affiliation (university, etc.)

Page header:

(use Insert Page Header)

title flush left + page number flush right.

Title Page

*

Page header: do NOT include “Running head:”

Abstract: centered, at the top of the page

Write a 150- to 250- word summary of your paper in an accurate, concise, and specific manner.

Abstract Page

This slide provides a visual example of an abstract page, which consists of a page header, a heading—Abstract, and a brief summary of the paper accurately presenting its contents.

Type the heading –Abstract– centered at the top of the page. Below, type the paragraph of the paper summary (between 150 and 250 words) in block format—without indentation.

The abstract should contain the research topic, research questions, participants, methods, results, data analysis, and conclusions. It may also include possible implications of your research and future work you see connected with your finding, and may include keywords.

*

Number the first text page as page number 3

Type and center the title of the paper at the top of the page

Type the text double-spaced with all sections following each other without a break

Identify the sources you use in the paper in parenthetical, in-text citations

Format tables and figures

Main Body (Text)

This slide provides the basic reminders about formatting the text:

Make sure that the first text page is page number 3 (page#1 is a title page, page #2 is an abstract page).
Start with typing the essay title centered, at the top of the page.
Type the text double-space with all sections following each other without a break. Do not use white space between paragraphs.
Create parenthetical in-text citations to identify the sources used in the paper.
Format tables and figures.

The following slides introduce APA formatting of references, in-text citations, and tables and figures.

*

Center the title (References) at the top of the page. Do not bold it.

Double-space reference entries

Flush left the first line of the entry and indent subsequent lines

Order entries alphabetically by the surname of the first author of each work

Reference Page

This slide explains the format and purpose of a references page.

The facilitator may stress that each source referenced within the paper should also appear on the reference page, which appears at the end of the paper.

To create a references page,

center the heading—References—at the top of the page;
double-space reference entries;
flush left the first line of the entry and indent subsequent lines. To use “hanging” feature of “Indent and Space” tab, go to “Paragraph” ”Indentation” choose “Hanging” in the ”Special” box.
Order entries alphabetically by the author’s surnames. If a source is anonymous, use its title as an author’s surname.

Note: Unlike MLA, APA is only interested in what they call “recoverable data”—that is, data which other people can find. For example, personal communications such as letters, memos, emails, interviews, and telephone conversations should not be included in the reference list since they are not recoverable by other researchers.

For specific information about entries in the reference list, go to http://owl.english.purdue.edu/owl/resource/560/05

*

Invert authors’ names (last name first followed by initials)

EX:“Smith, J.Q.”

Capitalize only the first letter of the first word of a title and subtitle, the first word after a colon or a dash in the title, and proper nouns. Do not capitalize the first letter of the second word in a hyphenated compound word.

EX: The perfectly formatted paper: How the Purdue OWL saved my essay.

References: Basics

This slide provides basic rules related to creating references entries.

*

Capitalize all major words in journal titles

Italicize titles of longer works such as books and journals

Do not italicize, underline, or put quotes around the titles of shorter works such as journal articles or essays in edited collections

References: Basics

This slide provides basic rules related to creating references entries.

*

APA is a complex system of citation. When compiling the reference list, the strategy below might be useful:

Identify the type of source:

Is it a book? A journal article? A webpage?

Find a sample citation for this type of source

Check a textbook or the OWL APA Guide: http://owl.english.purdue.edu/owl/resource/560/01/

“Mirror” the sample

Make sure that the entries are listed in alphabetical order and that the subsequent lines are indented (Recall References: Basics)

Making the Reference List

APA is a complex system of citation, which is time-consuming to learn and difficult to keep in mind. To help students handle the requirements of APA format, this slide introduces a strategy of surviving APA.

The facilitator should stress the importance of correct identification of a type of source: e.g., Is it an article from a newspaper or from a scholarly journal? Hard copy or electronic version?

When the source type is identified correctly, it’s fairly easy to find a sample of a similar reference in the APA chapter of a composition book or in an on-line APA resource. The APA guide on the OWL website is particularly easy to browse since its links are organized by types of sources—scroll down to the box of links http://owl.english.purdue.edu/owl/resource/560/01/

After a sample is found, all it takes is to mirror it precisely and arrange entries in the alphabetical order.

Note: Many electronic library databases, e.g. Proquest, have citation feature. The useful strategy is to save and import into a references list citation entries (make sure you choose APA format) while doing literature search. You can always delete later reference entries of the sources you’re not going to use in the paper.

*

In-text citations help readers locate the cited source in the References section of the paper.

Whenever you use a source, provide in parenthesis:

the author’s name and the date of publication

for quotations and close paraphrases, provide the author’s name, date of publication, and a page number

In-text Citation: Basics

This slide explains the basics of in-text citations.

In-text citations help establish credibility of the writer, show respect to someone else’s intellectual property (and consequently, avoid plagiarism). More practically, in-text citations help readers locate the cited source in the references page. Thus, keep the in-text citation brief and make sure that the information provided in the body of the paper should be just enough so that a reader could easily cross-reference the citation with its matching entry on the reference page; i.e., the body of the paper and the in-text citation together contains the author’s name and the year of publication. To avoid plagiarism, also provide a page number (in p.3 / pp.3-5 format) for close paraphrases and quotations.

*

When quoting:

Introduce the quotation with a signal phrase

Include the author’s name, year of publication, and page number

Keep the citation brief—do not repeat the information

In-Text Citation:

Quotations

This slide provides explanation and examples of in-text citations with quotations.

*

Provide the author’s last name and the year of

publication in parenthesis after a summary or a paraphrase.

In-Text Citation:

Summary or Paraphrase

APA format is not limited by the rules of citing the sources- in-text citations and entries in the list of References. It also regulates the stylistics of conveying research.

This slide introduces the basics of APA stylistics related to the point of view and voice in an APA paper, which encourages a writer to use personal pronouns and the active voice. The explanations are provided with examples.

This slide can be supplemented by the relevant section from OWL http://owl.english.purdue.edu/owl/resource/560/15/

*

Include the author’s name in the signal phrase, followed by the year of publication in parenthesis.

In-Text Citation:

Summary or Paraphrase

The following three slides provide instructions and examples of in-text citations with summary/ paraphrase.

The facilitator should emphasize the importance of developing the skills of critical reading (which enables finding main claims in the text), summarizing, and paraphrasing. When paraphrasing or summarizing, the major concern should be fair and accurate representation of the ideas in the source.

This slide can be supplemented by the “Quoting, Paraphrasing, and Summarizing” section from OWL

http://owl.english.purdue.edu/owl/resource/563/01/

and sections on APA in-text citations:

http://owl.english.purdue.edu/owl/resource/560/01/

http://owl.english.purdue.edu/owl/resource/560/02

*

When including the quotation in a summary/paraphrase, also provide a page number in parenthesis after the quotation:

In-Text Citation:

Summary or Paraphrase

This slide continues explaining formatting in-text citations with summary/ paraphrase.

*

Introduce quotations with signal phrases, e.g.:

According to Xavier (2008), “….” (p. 3).

Xavier (2008) argued that “……” (p. 3).

Use such signal verbs such as:

acknowledged, contended, maintained,

responded, reported, argued, concluded, etc.

Use the past tense or the present perfect tense of verbs in signal phrases when they discuss past events.

In-Text Citation:

Signal Words

Acquiring a rich repertoire of signal words and phrases is the key to success in representing others’ ideas in academic writing. This slide provides a few examples of those and reminds that APA requires to use the past or present perfect tense of verbs in signal phrases.

The facilitator might want to point to the chapter in the composition book that introduces and practices signal words.

*

When the parenthetical citation includes two or

more works, order them in the same way they appear in the reference list—the author’s name, the year of publication—separated by a semi-colon.

In-Text Citation:

Two or More Works

This slide explains and exemplifies the specific cases of in-text citations. It might be supplemented with “Author/Authors” section from OWL http://owl.english.purdue.edu/owl/resource/560/03/

*

When citing a work with two authors, use

In the signal phrase, use “and” in between the authors’ names

In parenthesis, use “&” between names

In-Text Citation:

Works with Two Authors

This slide explains and exemplifies the specific cases of in-text citations. It might be supplemented with “Author/Authors” section from OWL http://owl.english.purdue.edu/owl/resource/560/03/

*

When citing a work with three to five authors, identify all authors in the signal phrase or in parenthesis.

(Harklau, Siegal, & Losey, 1999)

In subsequent citations, only use the first author's last name followed by "et al." in the signal phrase or in parentheses.

(Harklau et al., 1993)

In-Text Citation:

Works with 3-5 Authors

This slide explains and exemplifies the specific cases of in-text citations. It might be supplemented with “Author/Authors” section from OWL http://owl.english.purdue.edu/owl/resource/560/03/

*

When citing a work with six and more authors, identify the first author’s name followed by “et al.”

Smith et al. (2006) maintained that….

(Smith et al., 2006)

In-Text Citation:

Works with 6+ Authors

This slide explains and exemplifies the specific cases of in-text citations. It might be supplemented with “Author/Authors” section from OWL http://owl.english.purdue.edu/owl/resource/560/03/

*

When citing a work of unknown author:

use the source’s full title in the signal phrase
cite the first word of the title followed by the year of publication in parenthesis.

According to “Indiana Joins Federal Accountability System” (2008)

OR

(“Indiana,” 2008)

Titles:

Articles and Chapters = “ ”

Books and Reports = italicize

In-Text Citation:

Unknown Author

This slide explains and exemplifies the specific cases of in-text citations. It might be supplemented with “Author/Authors” section from OWL http://owl.english.purdue.edu/owl/resource/560/03/

*

When citing an organization:

mention the organization the first time you cite the source in the signal phrase or the parenthetical citation.

If the organization has a well-known abbreviation, include the abbreviation in brackets the first time the source is cited and then use only the abbreviation in later citations.

In-Text Citation:

Organization

This slide explains and exemplifies the specific cases of in-text citations. It might be supplemented with “Author/Authors” section from OWL http://owl.english.purdue.edu/owl/resource/560/03/

*

When citing authors with the same last names, use first initials with the last names.

(B. Kachru, 2005; Y. Kachru, 2008)

When citing two or more works by the same author and published in the same year, use lower-case letters (a, b, c) after the year of publication to order the references.

Smith’s (1998a) study of adolescent immigrants…

In-Text Citation:

Same Last Name/Author

This slide explains and exemplifies the specific cases of in-text citations. It might be supplemented with “Author/Authors” section from OWL http://owl.english.purdue.edu/owl/resource/560/03/

*

When citing interviews, letters, e-mails, etc., include the communicator’s name, the fact that it was personal communication, and the date of the communication.

Do not include personal communication in the reference list.

In-Text Citation:

Personal Communication

This slide explains and exemplifies the specific cases of in-text citations. It might be supplemented with “Author/Authors” section from OWL http://owl.english.purdue.edu/owl/resource/560/03/

*

When citing an electronic document, whenever possible, cite it in the author-date style. If electronic source lacks page numbers, locate and identify paragraph number/paragraph heading.

In-Text Citation:

Electronic Sources

This slide explains and exemplifies the specific cases of in-text citations. It might be supplemented with “Author/Authors” section from OWL http://owl.english.purdue.edu/owl/resource/560/03/

*

APA uses a system of five heading levels

APA Headings
Level	Format
1	Centered, Boldfaced, Upper & Lowercase Headings
2	Left-aligned, Boldface, Upper & Lowercase Headings
3	Indented, boldface, lowercase heading with a period.
4	Indented, boldface, italicized, lowercase heading with period.
5	Indented, italicized, lowercase heading with a period.

Headings

This slide explains a system of five heading levels in APA. It might be supplemented by the section “APA Headings” from OWL http://owl.english.purdue.edu/owl/resource/560/16/

*

Here is an example of the five-level heading system:

Headings

Thus, if the article has four sections, some of which have subsection and some of which don’t, use headings depending on the level of subordination. Section headings receive level one format. Subsections receive level two format. Subsections of subsections receive level three format. In APA Style, the Introduction section never gets a heading and headings are not indicated by letters or numbers. Levels of headings will depend upon the length and organization of your paper. Regardless, always begin with level one headings and proceed to level two, etc.

*

Label tables with an Arabic numeral and provide a title. The label and title appear on separate lines above the table, flush-left and single-spaced.

Cite a source in a note below the table.

Table 1

Internet users in Europe

Note: The data are adapted from “The European Union and Russia” (2007). Retrieved from http://epp.eurostat.ec.europa.eu

Country	Regular Users
France	9 ml

Tables

Tables are a common and often required feature of an APA format (consider, the research article, for example). This slide provides visual guidelines to formatting tables in APA.

The facilitator should point that a table format consists of four elements:

The table label—e.g., Table 1
The title in italics , both appearing on separate lines above the table, flush-left and single-spaced
The table
The Citation of the source below the table in the form of Note (see the example on the slide).

*

Label figures with an Arabic numeral and provide a title. The label and the title appear on the same line below the figure, flush-left .

You might provide an additional title centered above the figure.

Cite the source below the label and the title.

Figure 1. Internet users in Europe. Adapted from The European Union and Russia: Statistical comparison by Eurostat Statistical Books, 2007, Retrieved from http://epp.eurostat.ec.europa.eu

Figures

Although figures in an APA paper are formatted in a manner which is similar to that of formatting tables, there a few differences.

In particular, the order is the following:

You might provide an additional title centered above the figure.
The figure
The label and title (in italics) on the same line below the figure, flush-left: Figure 1. Internet users in Europe
A Citation of the source below the table in the form of Note (see the example on the slide).

*

The Purdue OWL: http://owl.english.purdue.edu

The Purdue Writing Lab @ HEAV 226

Composition textbooks

Publication Manual of the American Psychological Association, 6th ed.

APA’s website: http://www.apastyle.org

Additional Resources

There are many rules for following APA format, and the facilitator should stress that it is nearly impossible to memorize them all. Students’ best course of action is to utilize the official APA handbook or the APA section in an updated composition textbook as guides for properly using the documentation format. Since the American Psychological Association, a professional group of behavioral and social science professors and instructors, periodically updates the guide, students should be certain that they are using the most current information possible.

There are other resources for finding current information on APA documentation style. The APA web site offers some limited information about recent format changes, especially regarding the documentation of World Wide Web and electronic sources. The Purdue University Writing Lab has a page on APA formatting and documentation style at its web site: http://owl.english.purdue.edu/owl/resource/560/01/ For quick questions on APA format, students can also call the Writing Lab Grammar Hotline at 494-3723.

*

The End

APA Formatting and Style Guide

Brought to you in cooperation with the Purdue Online Writing Lab

Writer and Designer: Jennifer Liethen Kunka

Contributors: Muriel Harris, Karen Bishop, Bryan Kopp, Matthew Mooney, David Neyhart, and Andrew Kunka

Revising Author: Ghada M. Gherwash and Joshua M. Paiz, 2014 Elizabeth Angeli, 2011; Elena Lawrick, 2008; Arielle McKee, 2014

Developed with resources courtesy of the Purdue University Writing Lab

Grant funding courtesy of the Multimedia Instructional Development Center at Purdue University

*

Managing Risk in Information Systems

Lesson 15

Mitigating Risk with a Computer Incident Response Team Plan

www.jblearning.com

1

Computer Security Incident

Violation, or imminent threat of a violation of a security policy or security practice

Examples

Denial of service (DoS) attack

Malware code

Unauthorized access

Inappropriate usage

Multiple component

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

What Is a Computer Incident Response Team Plan?

Computer incident response team (CIRT)

A group of people that will respond to incidents

A CIRT plan:

Is a formal document that outlines an organization’s response to computer incidents

Formally defines a security incident

May designate the CIRT team

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Purpose of CIRT Plan

Prepares you for unscheduled computer incidents

Helps you apply critical thinking to solve problems

Helps you develop best responses to reduce damage

Outlines the purpose of the response effort

The five Ws: what, where, who, when, and why

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Growth of Incidents

1988 – one incident was news

2003 – 137,529 incidents

Today – Off the chart

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Elements of a CIRT Plan

CIRT members

IT staff and security professionals who understand risks and threats posed to networks and systems

Accountabilities

CIRT policies

Incident handling process

Communication escalation procedures

Incident handling procedures

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

CIRT Team Members

Team leader

Information security members

Network administrators

Physical security personnel

Legal

Human resources (HR)

Communications

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Team leader—This individual is responsible for the team’s actions.

A team leader is usually a senior manager with expertise in security, However, some CIRTs identify the first team member that arrives on the scene as the team leader.

Information security members—These individuals could be experts on boundary protection.

This includes firewalls and routers on the edge of the network. They are able to identify the source of breaches and recommend solutions.

These members could also be experts in intrusion detection systems (IDSs) and other systems that include audit logs and audit trails.

Network administrators—Network administrators understand the details about a network.

They understand what systems are connected and how they’re connected. They also understand what systems are accessible from the Internet. They know what normal traffic flow is and can recognize abnormal traffic.

Physical security—Because attackers can be social engineers and might be on company property, physical security personnel need to be represented on the team.

They know what physical security controls the organization uses, where these controls are located, and their purpose.

Legal—Legal personnel provide advice on the organization’s legal responsibilities and legal remedies.

This can be before, during, and after an incident. Legal personnel understand what legal actions are possible against the attackers. They also understand

the requirements necessary to pursue legal actions.

Human resources (HR)—If the attack originated from an employee, HR needs to be involved.

HR understands the organization’s policies. They are also aware of the available enforcement methods. For example, if an employee violates the AUP, the first offense may result in a formal written warning. A second or third offense may result in termination. HR personnel would know if the employee had been previously warned.

Communications—Public relations (PR) personnel become the face of the organization if the incident becomes public.

They help to present an image of resolve, even if everything is not quite under control. If PR reps aren’t used, team members might express frustration or confusion about the attack. This can present a poor image to customers, vendors, and stockholders of the organization.

7

Incident Response Lifecycle

Four phases defined by NIST SP 800-61

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

DDoS Attack From a Botnet

What are the indications on the attacked server?

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

How CIRT Plan Can Mitigate Risk

Quick and focused response to incidents

Clearly defined roles and responsibilities for response

Enhanced understanding of needed skills

Enhanced ability to respond to threats and remove risks

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

The CIRT plan helps an organization prepare for incidents. When prepared, the organization responds to incidents much quicker and with focused action.

One of the primary benefits of the CIRT plan is the identification of CIRT members. The plan identifies these individuals so that the organization knows who they are. Additionally, individuals on the team know their roles and responsibilities.

Once the plan and the members are identified, the organization has a better understanding of the skills needed. The members can be trained to ensure they have the skills needed to support the requirements.

If you can remove a threat you remove the risk.

R = T * V

(where R= Risk, T= Threats and V= Vulnerabilities)

10

Best Practices for CIRT

Define a computer security incident

Include policies in CIRT plan to guide members

Provide training

Develop CIRT checklists

Subscribe to security notification bulletins

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Define a computer security incident—Incidents are interpreted differently by different organizations. When you define the incident in the CIRT plan, it is clear to all parties.

Include policies in the CIRT plan to guide CIRT members—These policies can be related to CIRT members attacking back at attackers. They can include statements regarding the use of chain of custody, or otherwise protecting evidence.

Provide training—Ensure the CIRT members and end users are trained. The CIRT members should understand their responsibilities. They should also know the best way to respond to different types of incidents. All personnel should understand the threats, as well as basic steps they can take to mitigate the threats.

Include checklists—The checklists can be formal step-by-step checklists that must be performed in a specific order. They can also be informal bullet statements designed to help ensure the CIRT members don’t overlook key data.

Subscribe to security notifications—There are many security bulletins you can sign up for. These provide e-mails describing different types of threats, including new emerging threats.

11

Summary

Computer security incidents

Purpose and critical success factors of CIRT and incident response plan

Major parts of an incident response plan

Best practices for a CIRT

Page ‹#›

Managing Risk in Information Systems

www.jblearning.com

Proper Citation

When to cite a source

Direct quote

Paraphrase – meaning you change a few words

Summarize

Facts, Data,

Supplementary Information

Figures

https://www.princeton.edu/pr/pub/integrity/pages/cite/

When not to cite

Commonly known items such as historical fact

Your ideas or conclusions (unless you have published it previously)

Conclusions based on items previously cited

https://davidson.libguides.com/c.php?g=349327&p=2361764

https://owl.english.purdue.edu/owl/resource/589/02/

APA Guides

Taken from http://guides.libraries.psu.edu/apaquickguide/intext

Example paragraph with in-text citation

A few researchers in the linguistics field have developed training programs designed to improve native speakers' ability to understand accented speech (Derwing, Rossiter, & Munro, 2002; Thomas, 2004). Their training techniques are based on the research described above indicating that comprehension improves with exposure to non-native speech. Derwing et al. (2002) conducted their training with students preparing to be social workers, but note that other professionals who work with non-native speakers could benefit from a similar program.

References

Derwing, T. M., Rossiter, M. J., & Munro, M. J. (2002). Teaching native speakers to listen to foreign-accented speech. Journal of Multilingual and Multicultural Development, 23(4), 245-259.

Thomas, H. K. (2004). Training strategies for improving listeners' comprehension of foreign-accented speech (Doctoral dissertation). University of Colorado, Boulder.

APA citing

Taken from http://guides.libraries.psu.edu/apaquickguide/intext

Web page with author:

In-text citation

Role-play can help children learn techniques for coping with bullying (Kraiser, 2011).

Reference entry

Kraizer, S. (2011). Preventing bullying. Retrieved from http://safechild.org/categoryparents/preventing-bullying/

blog2

Get help from top-rated tutors in any subject.