incident response plan to prepare an organization (Sony Pictures Entertainment) in the event of an attack

Propose an incident response plan to prepare an organization (Sony Pictures Entertainment) in the event of an attack

If you are completing your ongoing project on Sony Pictures Entertainment, you are required to create an incident response plan that the organization should have followed in light of the 2014 hack. For example, detail the detection, analysis, and containment strategies it should have employed, the crisis communications plan it should have adhered to, and recommendations for successful eradication and recovery. 

Introduction 

It is important for your incident response strategy to meet the requirements of Sony Pictures context. Write a short introduction summarizing your type of organization Sony Pictures Entertainment), and an overview of the business-critical assets Sony Pictures Entertainment relies on.  What are Sony’s Critical infrastructure / Assets?

(Approx. 150 words) 

Step 1: Prevention

Describe the measures Sony Picture Entertainment will take to protect against a cyberattack from both a technical and non-technical perspective. 

(Approx. 150 words)

Start writing here: 

Step 2: Planning 

List the individuals involved in your incident response team and their roles (SPE). Ensure that the roles, responsibilities, and structure of your team meets the requirements of your organizational context. 

A cyber crisis communication plan is compiled in this phase, but in this incident response plan, include your plan under Step 7: Communication.  

(Approx. 200 words) 

 Start writing here: 

Step 3: Preparation 

You are required to detail one training exercise the incident response team will undergo. Include specific examples of scenarios or questions, and explain why you have chosen it. 

(Approx. 150 words) 

Start writing here: 

Step 4: Detection

List the tools Sony Pictures Entertainment would use to detect a breach. 

(Approx. 150 words) 

Start writing here: 

Step 5: Analysis 

Explain how Sony Pictures Entertainment would analyze whether an incident is a cyberattack. Also describe how you would categorize and prioritize cyberattacks in Sony Pictures Entertainment.

(Approx. 200 words) 

Start writing here: 

Step 6: Containment 

Describe how your SPE would prevent a cyberattack from spreading further.

(Approx. 200 words) 

Start writing here:

Step 7: Communication 

As per Section 4 of the Unit 2 notes, compile a cyber crisis communication plan detailing the internal and external stakeholders SPE would need to communicate to in the event of a breach. Describe what communication channels would be used to communicate with these stakeholders. 

(Approx. 250 words) 

Start writing here: 

Step 8: Eradication 

Provide insight into the approaches and decisions the team will take to remove the threat from Sony’s internal system.

(Approx. 150 words)  

Start writing here: 

Step 9: Recovery

Describe what steps SPE will take to return to its normal operations. 

(Approx. 150 words) 

Start writing here: 

Step 10: Post-event analysis 

List the processes that would need to be followed to ensure that lessons learned are implemented. 

(Approx. 150 words) 

Start writing here: 

Note: 

The word counts for each question serve as a guide; your submission should not exceed 2,000 words in its entirety.  

Note: 

The incident response plan is a central part of an Sony’s cyber risk mitigation strategy. Please consult the grading breakdown in the Orientation Module course handbook for more information.  

Your ongoing project submission will be graded according to the following rubric:

Very poor Poor Satisfactory Very good Exceptional

Adherence to brief 

All sections in the template are completed. 

Answer falls within the prescribed word count (2,000 words). 

No submission.

OR

Student fails to address any element of the brief. (0)

Some key elements are not addressed. Most information provided is irrelevant.  

OR 

Answer does not fall within the prescribed word count (100 words over the word count). (5.5) Student adheres to most of the brief. Sufficient information is provided and is mostly relevant. (7) Student adheres to almost all elements of the brief. Almost all information is provided and is relevant. (8.5) Student fully adheres to the brief. All information provided is comprehensive and relevant. (10)

Organizational context and preventative measures 

Student clearly outlines the context of their chosen organization, and the business-critical assets this organization relies on.

Student accurately describes the measures the chosen organization will take to prevent a cyberattack from both a technical and non-technical perspective. 

Student thinks critically and incorporates learnings from the content. No submission.

OR 

Student fails to clearly outline the context of their chosen organization and the measures it will take to prevent a cyberattack from occurring. 

There is no evidence that the student has used the content covered in the course to inform their response. (0) Student shows an incomplete understanding of their chosen organization’s context and the measures taken to prevent a cyberattack from occurring. 

There is some evidence that the student has engaged with the content covered in the course, but this is not always accurately applied. (5.5) Student demonstrates satisfactory understanding of their chosen organization’s context and the measures taken to prevent a cyberattack from occurring.  

The student has clearly engaged with the content covered in the course, but a more nuanced answer is required. (7) Student demonstrates a strong understanding of their chosen organization’s context and the measures it will take to prevent a cyberattack from occurring. 

The answer shows a strong grasp of the content. (8.5)   Student demonstrates a thorough and an incisive understanding of their chosen organization’s context and the measures it will take to prevent a cyberattack from occurring. 

The student critically applies their learning from the course. (10)

Planning and preparation

Student lists the individuals that will be involved in their chosen organization’s response team, and their roles.

Student details one training exercise the incident response team will undergo to prepare them for a cyberattack, and provides reasoning for their choice.

Student thinks critically and incorporates learnings from the content. No submission.

OR 

Student fails to clearly identify the individuals who will be included in the incident response team, or the training that will be required to prepare this team for an attack.

There is no evidence that the student has used the content covered in the course to inform their response. (0) Student shows an incomplete understanding of the individuals who will be included in the incident response team, and the training that will be required to prepare this team for an attack.

There is some evidence that the student has engaged with the content covered in the course, but this is not always accurately applied. (5.5) Student demonstrates satisfactory understanding of the individuals who will be included in the incident response team, and the training that will be required to prepare this team for an attack.

The student has clearly engaged with the content covered in the course, but a more nuanced answer is required. (7) Student demonstrates a strong understanding of the individuals who will be included in the incident response team, and the training that will be required to prepare this team for an attack.

The answer shows a strong grasp of the content. (8.5)   Student demonstrates a thorough and an incisive understanding of the individuals who will be included in the incident response team, and the training that will be required to prepare this team for an attack.

The student critically applies their learning from the course. (10)

Detect, analyze, and contain

Student lists the tools their chosen organization would use to detect a breach.

Student explains how their chosen organization would analyze whether an incident is a cyberattack, and how they would categorize and prioritize cyberattacks. 

Student describes how their chosen organization would prevent a cyberattack from spreading further.

Student thinks critically and incorporates learnings from the content. No submission.

OR 

Student fails to clearly identify the tools their organization would use to detect a breach, how their organization would go about analyzing, categorizing, and prioritizing an attack, and how their organization would prevent a cyberattack from spreading further.

There is no evidence that the student has used the content covered in the course to inform their response. (0) Student shows an incomplete understanding of the tools their organization would use to detect a breach, how their organization would go about analyzing, categorizing, and prioritizing an attack, and how their organization would prevent a cyberattack from spreading further.

There is some evidence that the student has engaged with the content covered in the course, but this is not always accurately applied. (5.5) Student demonstrates satisfactory understanding of the tools their organization would use to detect a breach, how their organization would go about analyzing, categorizing, and prioritizing an attack, and how their organization would prevent a cyberattack from spreading further.

The student has clearly engaged with the content covered in the course, but a more nuanced answer is required. (7) Student demonstrates a strong understanding of the tools their organization would use to detect a breach, how their organization would go about analyzing, categorizing, and prioritizing an attack, and how their organization would prevent a cyberattack from spreading further.

The answer shows a strong grasp of the content. (8.5)   Student demonstrates a thorough and incisive understanding of the tools their organization would use to detect a breach, how their organization would go about analyzing, categorizing, and prioritizing an attack, and how their organization would prevent a cyberattack from spreading further.

The student critically applies their learning from the course. (10)

Communicate and eradicate

Student compiles a cyber crisis communication plan detailing the internal and external stakeholders their chosen organization would need to communicate to in the event of a breach, and describes what channels would be used to communicate with these stakeholders.

Student identifies the approaches and decisions the team will take to remove the threat from their chosen organization’s internal system.

Student thinks critically and incorporates learnings from the content. No submission.

OR 

Student fails to clearly compile a cyber crisis communication plan, or to describe what channels would be used to communicate with stakeholders during a cyberattack.

Student fails to identify the approaches and decisions the team will take to remove the threat from their chosen organization’s internal system.

There is no evidence that the student has used the content covered in the course to inform their response. (0) Student shows an incomplete understanding of a cyber crisis communication plan and the channels that would be used to communicate with stakeholders during a cyberattack.

Student shows an incomplete understanding of the approaches and decisions the team will take to remove the threat from their chosen organization’s internal system.

There is some evidence that the student has engaged with the content covered in the course, but this is not always accurately applied. (5.5) Student demonstrates satisfactory understanding of a cyber crisis communication plan, and the channels that would be used to communicate with stakeholders during a cyberattack.

Student demonstrates a satisfactory understanding of the approaches and decisions the team will take to remove the threat from their chosen organization’s internal system. 

The student has clearly engaged with the content covered in the course, but a more nuanced answer is required. (7) Student demonstrates a strong understanding of a cyber crisis communication plan, and the channels that would be used to communicate with stakeholders during a cyberattack.

Student demonstrates a strong understanding of the approaches and decisions the team will take to remove the threat from their chosen organization’s internal system.

The answer shows a strong grasp of the content. (8.5)   Student demonstrates a thorough and an incisive understanding of a cyber crisis communication plan, and the channels that would be used to communicate with stakeholders during a cyberattack.

Student demonstrates a thorough and incisive understanding of the approaches and decisions the team will take to remove the threat from their chosen organization’s internal system.

The student critically applies their learning from the course. (10)

Recovery and post-event analysis

Student describes what steps their chosen organization will take to return to its normal operations after a cyberattack. 

Student lists the processes that would need to be followed to ensure that lessons learned are implemented. 

Student thinks critically and incorporates learnings from the content. No submission.

OR 

Student fails to clearly describe the steps their organization will take to recover from a cyberattack, or the processes that will be followed to ensure that lessons learned are implemented. 

There is no evidence that the student has used the content covered in the course to inform their response. (0) Student shows an incomplete understanding of the steps their organization will take to recover from a cyberattack, and the processes that will be followed to ensure that lessons learned are implemented. 

There is some evidence that the student has engaged with the content covered in the course, but this is not always accurately applied. (5.5) Student demonstrates satisfactory understanding of the steps their organization will take to recover from a cyberattack, and the processes that will be followed to ensure that lessons learned are implemented. 

The student has clearly engaged with the content covered in the course, but a more nuanced answer is required. (7) Student demonstrates a strong understanding of the steps their organization will take to recover from a cyberattack, and the processes that will be followed to ensure that lessons learned are implemented. 

The answer shows a strong grasp of the content. (8.5)   Student demonstrates a thorough and an incisive understanding of the steps their organization will take to recover from a cyberattack, or the processes that will be followed to ensure that lessons learned are implemented. 

The student critically applies their learning from the course. (10)

Application of course content to organizational context

Student accurately applies the learnings from the course content to their own organization or Sony’s unique context. No submission.

OR

The student has not made use of their organization’s unique organizational context and constraints to inform their response. (0) Student demonstrates a limited understanding of their organization’s unique context and constraints and context. (5.5) Student demonstrates a satisfactory understanding of their organization’s context and constraints; however, a there is room for deeper engagement with its nuances. (7) There is clear evidence that the student has thought about their organization’s unique context and constraints, and catered for this in their strategy accordingly. (8.5) There is strong evidence that the student understands and thinks carefully about their organization’s unique context and constraints, and has provided recommendations in their strategy accordingly. (10) 

Organization of writing

Answers are structured clearly and logically.

No submission or complete lack of logical structure. (0)

Answer has some logical structure, but not enough to justify a passing grade. (5.5) Answer is structured fairly well in terms of logic and clarity. (7) Answer is structured very well in terms of logic and clarity. (8.5) Answer is structured exceptionally well in terms of logic and clarity. (10)

find the cost of your paper