CYB 320 Module Three Activity Guidelines and Rubric
Incident Report Components
Overview
In the last module, you worked on incident response strategies to implement during an event. Now you will be assessing a realworld breach while working on components of an incident report. While following response plans, you may be required to generate incident reports on the entirety or part of an incident. This is challenging because there are many times when an incident strays off on tangents and moves away from the root cause. Therefore, it is important to be able to identify the components of an incident report before you have to generate the final output.
Proper documentation is a necessity when trying to document incidents as they are happening and after the fact. This documentation may include identification of the issue, assets involved, and effects of the incident. Many organizations have their own templates on how an incident response will be documented. It is important to find a reporting mechanism that works for your organization. It should not impede the process but facilitate it. If, at any point, the documentation becomes confusing and cannot be used to learn from the situation, then the type of documentation should be revisited. Once a root cause is identified, it should be shared with all members of your organization. This will promote a stronger awareness of identifying the same type of issue as soon as possible.
As you read through the articles for this assignment, consider the complexity involved in continuing to provide aid during an active breach with weak data protection processes. Guidelines and protections exist to prevent this type of incident, but how do you best deal with it in the middle of a crisis? As you think about root cause, remember that it often entails many contributing factors and no single easy fix.
Prompt
From the Module Three Reading and Resources, review “A ‘Major Privacy Incident’ at FEMA Exposes Personal Information of 2.5 Million Disaster Survivors,” “FEMA OIG: Agency Mistakenly Shared Data on 2.3M Hurricane, Fire Victims,” and “Management Alert— FEMA Did Not Safeguard Disaster Survivors’ Sensitive Personally Identifiable Information (REDACTED).” You will use the viewpoints presented in both articles, along with the CIS Controls document, to develop components of an incident report that includes contributing factors to the root cause of the incident.
You must address the critical elements listed below.
- FEMA Incident
- Explain the contributing factors that could inform the root cause analysis of the incident
- Identify the data assets affected by the incident
- Recommend security improvements based on the recommendations from OIG
- Describe how two critical controls can be used during the root cause analysis of the incident
What to Submit
Your submission should be 2 to 3 pages in length. Use double spacing, 12-point Times New Roman font, and one-inch margins. Any references should be cited according to APA style. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.
Module Three Activity Rubric
| Criteria | Exemplary (100%) | Proficient (85%) | Needs Improvement (55%) | Not Evident (0%) | Value |
|---|---|---|---|---|---|
| FEMA Incident: Contributing Factors | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Explains the contributing factors that could inform the root cause analysis of the incident | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 22.5 |
| FEMA Incident: Data Assets | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Identifies the data assets affected by the incident | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 22.5 |
| FEMA Incident: Security Improvements | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Recommends security improvements based on the recommendations from OIG | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 22.5 |
| FEMA Incident: Critical Controls | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Describes how two critical controls can be used during the root cause analysis of the incident | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 22.5 |
| Articulation of Response | Submission is free of errors related to citations, grammar, spelling, and organization and is presented in a professional and easy-to-read format | Submission has no major errors related to citations, grammar, spelling, or organization | Submission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideas | Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas | 10 |
| Total: | 100% |