Microsoft Word - National College of Ireland.docx Incident Response and Analytics Terminal Assignment-based Assessment (60%) Instructions & Rules: • Answer all questions in a Word document (use single...

Question 1:
Part 1:
The organized approach which is being taken to address and manage the impact made by breach of security or a cyber-attack is known as incident response (Whitman & Mattord, 2021). The other names used for such scenario are computer incident, IT incident or security incident. the main aim of such incident is to manage the situation well so that minimum damage is being caused from the breach of security and the data can be recovered within a limited time and by making a limited expense. Every organization maintained a computer security incident response team, which initiate the responses toward such incidents. 
Malware can be defined as any software which has been intentionally designed so that it caused damage to a particular computer or server or client or even a computer network (Sikorski & Honig, 2012). it is different from software bug as that causes harm in a computer system unintentionally but the intention of the malware software is to cause harm. It is kind of an intrusive software. Malware software scan attack private computer systems like which are used in home and also called for IT system that is a computer system of a particular business enterprise. Most of the times, it becomes extremely difficult to identify a malware software. 
Malware poses significant risks to the computer system of a business enterprise and for that incident response are being required. If a I'm pretty system offer business enterprise get infected by malware, the main risk that exists is the loss of vital and sensitive data elected and preserved by the organization regarding its customers, vendors, account receivables or about other stakeholders. Mainly, it poses risk two companies operating in the E commerce sector as those companies tend to record the credit card information of their customers, which are being stolen by the hackers through malware software and then the information is being used for their own benefit. The hackers can have control access to the computer system infected with malware software. The actual users fail to gain access in the computer system and networks. There might even also be hardware failures. Often the communication traffics also increased due to malware. 
But as incident response, the organization can take prior actions to avoid risk from malware software rather than taking aftermath actions (Infosec Insights, 2019). Reliable antivirus and antimalware software should always be installed in the computer system and network, which will automatically prevent a large number of malware software. Firewalls need to be used which will filter the incoming networks. Intrusion detection system and intrusion prevention system need to be used, which will help in detecting existing malware on the system along with preventing the entry of malware in future. Regular scans need to be conducted in order to identify any existing vulnerabilities in the system. filters also need to be implemented in emails to identify spam and phishing. Employees also play a very important role in mitigating the risk from malware, they need to be trained about the ways in which the hackers can attack the system so that the employees take necessary step to reduce those. Further, a team needs to be maintained to handle if such situation arises. 
In 2020, Kaseya, a software providing company was hit by ransomware attack, which is a kind of malware (De Vynck et al, 2021). The whole system was shut down within one hour of noticing the attack. Still, the hackers were successful in stealing the data of some of the client companies. ask whether pools, the number of companies can range between 800 to 1500. 
Part 2:
Ransomware is a type of malware which is constantly in use and can be considered to be a current ongoing trend. It is a type of malware which uses encryption to contain the information about the victim as a ransom. The data of a particular user or organization is encrypted so that the owner will not be able to have access to the files, database or any other applications. In exchange to provide access, ransoms are being demanded (O'Gorman & McDonald, 2012). Ransomware is designed in such a way so that it quickly spread across the computer system, network, database and file servers so that the entire IT infrastructure of an organization is disrupted. It is an increasing threat for business enterprises as well As for government organizations as billions of dollars are spent as expenses to pay the cybercriminals in order to avoiding any significant damage if the information will be leaked. 
Even during COVID-19, ransomware continued to be an increasing threat. The ongoing pandemic, concern for the safety of the loved ones, high anxiety level of individuals, etc. are used to exploit the consumers and employees of various organizations in order to complete data phishing (Ferbrache). During the pandemic, people were mostly locked out within their homes to stop the spread of the virus and the organizational culture shifted to remote working or working from homes. This even further increased the ransomware attack. The control that an organization implement within its office IT infrastructure cannot be provided to the home ID setup of individual employees. This increases the chance of employees and consumers clicking on ransomware emails meant to lure them. Some email examples that has been used during COVID-19 as a means to lure the users and start phishing are: information about mass, vaccination; news about short supply of commodities like hand sanitizers; financial scams like offering bribes to government officials amidst economic shutdown; free download link for famous technological solutions, which became in great demand during the pandemic; providing links to social media applications of the consumers; providing free update to enterprise software. Day by day, the hackers are becoming more creative and using new methods and ways to lure users in ransomware. The main issue amid this which are being faced by business enterprises are that the prevention and detection controls were design by keeping in mind the computer system operating within the office of the enterprise, but with changing scenario it has become very difficult to cope up. 
Part 3:
An organization should always maintain a skilled and knowledge group of employees, who can take proper action as incident response towards malware. Some of the required skills has been listed below (Thompson, 2019): 
· The professional should have a clear knowledge of the lifecycle of incident response. Not only attacks are to be prevented, but also necessary plans are being required in case the attack happens and the procedures which can be adopted to retrieve the data. 
· Whenever anyone access to a network or computer system, small bread crumbs are left behind as a means of digital trace, which are also known as foreign artifacts. it is very important for professional who will take incident response to have proper knowledge about the foreign artifacts. There are a wide variety of systems and artifacts are unique to each variety of system. Therefore, before formulating plan about incident response. 
· There are certification courses which are provided to item professional in order to ensure that they have adequate qualification and knowledge to formulate plan for incident response. Any of such certification courses need to be availed and to be completed in order to become a professional. 
· It is important to study the patterns used by the hackers and the tactics that they use to install the malware in the system so that proper plans can be made prior about the response that will...