Evaluate inter and intra organizational resources for incident investigation and response

Objective: Analyze  malware trends and infection points, as well as methods for analyzing  malware.  This will include describing what is involved in a malware  analysis environment, including tools, techniques, emerging developments  in malware analysis.

Course Goals:

1. Develop and utilize policies, procedures, and technologies for incident analysis.

8. Incorporate analysis and response  results into appropriate action plans, reporting information sharing,  improvement cycles, and exposure elimination.

9. Incorporate analysis and response  results into appropriate action plans, reporting, information sharing,  improvement cycles, and exposure elimination.

10. Evaluate inter and intra organizational resources for incident investigation and response.

 

Scenario:

The use of computers and  electronic devices to aid in the commission of crimes has seen explosive  year over year growth.  There is a high risk/reward potential for  criminals in this environment compared to many other types of crimes.   One of the tools of choice for criminals is malware, whether for theft  of personal information, computing resources, or other forms of  mischief.

Most organizations cease their effort  once they have removed a malware threat or removed an infection.  Our  goal is to go much further and perform a full malware analysis of the  incident. This means that we need a malware analysis procedures,  environment, tools, and knowledge.  Outline what is needed in terms of  tools, procedures, and knowledge to analyze malware using both dynamic  (behavioral) and static (code) analysis techniques – as well as  identifying the potential vectors that delivered the payload that may  allow for attribution. The trend in malware is toward memory  resident payloads, often with little or no footprint beyond active  memory.  This can create a complex situation where a minor slip up can  ruin any chance at proper analysis. Obtaining malware artifacts from the  wild can be an elite skill that very few people possess, particularly  when it is memory based.

Deliverables:

Your malware analysis procedures  should include who is responsible for responding to an incident, how a  sample of the malware will be maintained for analysis, and how to  determine scope. The malware analysis environment and tools needs to be  able to handle a wide range of analysis capabilities including examining  mobile malware infections.  In addition to procedures and tools, the  knowledge of the analyst is perhaps the most important factor in  thorough and accurate analysis.  Describe the critical skills that a  proficient analyst should possess.  Proper research and support of your  arguments is an important aspect of this assignment.

Grading Rubric/Criteria:

This assignment is worth 10 percent of your total grade.

Criteria

Excellent A (90+)

Satisfactory B (80-89)

Needs Improvement (below 80)

Policies and procedures to respond to malware incidents and perform analysis.

(20%)

Policies and procedures for malware incident response and analysis are fully developed and logically presented.

Policies and procedures for malware incident response and analysis are sufficiently developed and logically presented.

Policies and procedures for malware incident response and analysis are not sufficiently developed and/or logically presented.

Description of malware analysis environment and tools.
(25%)

Description  of malware analysis environment and tools to address static and dynamic  techniques for computer, mobile, and memory response are fully  developed and logically presented.

Description  of malware analysis environment and tools to address static and dynamic  techniques for computer, mobile, and memory response are sufficiently  developed and logically presented.

Description  of malware analysis environment and tools to address static and dynamic  techniques for computer, mobile, and memory response are not  sufficiently developed and/or logically presented.

Description of knowledge and skill set for proper malware analysis.
(15%)

Description of knowledge and skill set for proper malware analysis is fully developed and logically presented.

Description of knowledge and skill set for proper malware analysis is sufficiently developed and logically presented.

Description of knowledge and skill set for proper malware analysis is not sufficiently developed and/or logically presented.

Quality of documented support (10%)

Assignment thoroughly incorporates the appropriate references in the literature. Correct APA format.

Assignment applies the appropriate references in the literature. Correct APA format.

The scope of the research presented in the assignment is inadequate. Errors in APA format.

Organization (5%)

The content is well organized with clear transitions among major subtopics.

The content is generally well organized with some improvement possible in transitioning among subtopics.

The organization of the content is confusing without clear transitions among subtopics.

Writing style (10%)

Graduate level writing is reflected throughout the paper, including accurate spelling, punctuation, grammar and sentence structure.

Writing is acceptable, a few errors in spelling, punctuation, grammar, and/or sentence structure.

Writing  does not meet graduate standards. Unacceptable number of errors in  spelling, punctuation, grammar, sentence structure, and/or citation  format.

Overall Quality (15%)

Above average relative to rest of class.

Approximately class average.

Below class average.

find the cost of your paper