Cyber Incident Lessons Learned Power Point.
Create a 10 slide PowerPoint presentation that would be presented to the CISO and the nation’s leader concerning attacks, evidence acquired, attribution, impact, business recovery, and remediation success.
Describe not only what occurred during the attack and the results of evidence items but also how operations and communications can be done in a secure fashion.
Describe the need for information sharing and how it can be possible between nations and private business operations without source attribution. Is source attribution needed?
Describe the following information in the presentation at a minimum and additional topics that could better the operational tempo of business units.
Recovery: How the incident was contained and eradicated
The work performed during recovery
Areas where the incident response team was effective
Areas that need improvement
Which security controls failed (including monitoring tools)?
How can we improve those controls?
How can we improve the security awareness programs?
What were the current operating system vulnerabilities that were leveraged to execute the attack?
How can managing patches and basic operating system security enhance security from known threats?