Cyber Incident Response Standard

Student Name:

Date:

 

Part 1: Cyber Incident Response Standard

 

Locate and read the Cyber Incident Response Standard in the NIST Cybersecurity Framework Policy Template Guide. Research online for a real-world implementation example of the standard/policy and compare it with the NIST policy template side by side.

 

Answer the following questions clearly and systemically in this Word document. Make sure to include a References section toward the end of the document.

 

  1. The Cyber Incident Response Standard is implemented for which NIST functions and sub-categories? [5 points]

 

Answer:

 

  1. Which organization is the implementation example you identified for? Which industry sector (e.g., education, government, etc.) is the organization in? [5 points]

 

Answer:

 

  1. What is the purpose of the example standard/policy? Which party (parties) does the standard/policy apply to? Who is/are responsible for implementing this standard/policy? [5 points]

 

Answer:

 

  1. As compared to the NIST policy template, how is the example standard/policy customized to fit the needs of the organization? Describe two occurrences of the customization (e.g., incident triggering sources or incident types) in detail. [10 points]

 

Answer:

 

  1. What criteria for forensic investigation are specified in the example standard/policy? [5 points]

 

Answer:

 

 

 

 

 

 

Part 2: Personnel Security Policy

 

Locate and read the Personnel Security Policy in the NIST Cybersecurity Framework Policy Template Guide. Research online for a real-world implementation example of the standard/policy and compare it with the NIST policy template side by side.

 

Answer the following questions clearly and systemically in this Word document. Make sure to include a References section toward the end of the document.

 

  1. The Personnel Security Policy is implemented for which NIST functions and sub-categories? [5 points]

 

Answer:

 

  1. Which organization is the implementation example you identified for? Which industry sector (e.g., education, government, etc.) is the organization in? [5 points]

 

Answer:

 

  1. What is the purpose of the example policy? Which party (parties) does the policy apply to? Who is/are responsible for implementing this policy? [5 points]

 

Answer:

 

  1. As compared to the NIST policy template, how is the example policy customized to fit the needs of the organization? Describe two occurrences of the customization in detail. [10 points]

 

Answer:

 

  1. If specified in the example policy, what criteria are defined to verify the organization’s compliance to the policy? If not specified in the example policy, what are your recommendations? [5 points]

 

Answer:

 

 

References

 

1.

2.