To be completed in Week 10 (Project Submission)

Security Operations (SecOps) is gaining more prominence in the information security sphere mainly because of the increasing complexity and sophistication of cyber threats. This progress report summarizes the project that is conducting the assessment of Incident Response Plans (IRPs) for compliance with the NIST SP 800-61 norms, which is one of the core tasks of SecOps. The motivation for this particular project is the relevance of SecOps in addressing evolving cyber threats and the fact that it is in sync with the career aspirations of the project team, which is to develop the skills needed to deal with information security. As cyber threats are introduced and developed with every passing day, organizations are now accepting that it is necessary to incorporate security principles into their operational frameworks to be able to effectively mitigate the risks and respond to security incidents in due time. This project aims to answer the questions of why the traditional approaches to security do not always work in practice and how to enhance the existing mechanisms by conducting an IRP analysis for various sectors, companies, and models to find strengths, weaknesses, and gaps that need to be addressed. The review is going to deal with NIST SP 800-61 guidelines in its analysis and will focus on stages, for example, preparation, detection, analysis, containment, eradication, recovery, and post-incident activities of IRPs. The review will also evaluate the adaptability and the capacity of IRPs to handle risks that are not static in nature. Combining the intelligence from academia and grey literature, the project is designed to find and create the technique for an Incident Response Plan (IRP) that is strong and effective. In conclusion, the review of the incident response plan will also take into account the evaluation of the major techniques, tools, solutions, and services, including Splunk Enterprise Security, IBM Resilient Incident Response Platform, and open-source Threat Intelligence Platform, which have a direct impact on incident detection, response, and over security posture. Through this undergoing, the project, in its turn, hopes to let in the SecOps practices development and offer some new observations for those enterprises that are trying to make their cybersecurity stronger

On a scale of 0 to 5 (0 is not started yet & 5 is completed), how would you rate your progress in this section?

2

The purpose of the guide is to give a detailed review of the guide utilized for the project, which is the NIST SP 800-61 guide. The Federal government's National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61, titled "Computer Security Incident Handling Guide," acts as a primary resource for computer incident response and security operations. NIST SP 800–61 outlines a comprehensive incident handling process, which involves a set of different stages, namely, preparation, detection, analysis, containment, eradication, recovery, and post-incident activity. It serves as an organizational guideline for emergency response to cybersecurity incidents, which prevents injuries and helps to get back to normal quickly (Hengst, 2020). In his guide, proactivity, which includes writing IRPs, forming staff groups for response, and carrying out regular exercises and simulations, is advocated as a key factor for enhancing readiness. Furthermore, NIST SP 800-61 encourages both within the organization and among sectors collaboration and information sharing as a way of capitalizing on the collective efforts to create a coordinated response to cyber threats (Stine et al., 2020). Through compliance with the measures mentioned in this paper, organizations will strengthen their resilience against cyberattacks and the risks of damages will be decreased more effectively when they happen. This will address the vital elements of NIST SP 800-61, the relevance of this protocol to the project requirements, and the importance of this document in the process of developing effective incident response procedures.

On a scale of 0 to 5, (0 is not started yet & 5 is completed) how would you rate your progress in this section?

1

The project is set in the fast-paced environment of current-day information security, where cyber threats aimed at different businesses from different sectors are on the rise. The development of Information technology has brought a higher rate of connectivity and digitalization that gives a chance of both cybersecurity professionals and threats. Organizations confront dynamic threats, for example, malware, ransomware, phishing attacks, and insider threats, to enforce responsive, robust, and holistic security operations (Moller, 2023). The connectivity of the systems, cloud computing, IoT devices, and third-party involvements make the security landscape even more unpredictable and increase the chances of security events that may result in a bigger impact. On this note, the project is aimed at assessing the compliance of IRPs with NIST SP 800-61 framework guidelines, which is the basic requirement for creating a reliable and complete incident response framework that can reduce risks and minimize the negative effects of cyber incidents. The project aims to provide practical knowledge by comprehending many layers of the project environment and the gradually emerging threat landscape. This will help organizations strengthen their security status and become more resilient against cyber threats.

On a scale of 0 to 5 (0 is not started yet & 5 is completed), how would you rate your progress in this section?

4

In my project, using the NIST SP 800-61 guide was the basis of my approach to analyzing Incident Response Plans (IRPs) for compliance and effectiveness. First, I focused on the procedure represented in the guide and studied each stage: preparation, detection, research, containment, elimination, recovery, and post-incident activities. It provided me with the opportunity to get a feel for how according to NIST and gave the analysis direction. To begin with, I made a data collection trip, including IRPs from varying organizations of different sizes and working in different ways. Furthermore, my research data set was not limited to this handful of recommendations. I was able to track the NIST's recommendations and compare it to my research data to find out if there was any deviation.

When I got to the analytical stage, I reviewed the IRPs by the criteria as indicated in NIST SP 800-61. My emphasis was on different aspects, such as accident classification, efficient escalation process, effective communication protocols, and strong coordination with external parties. The process of rigorous evaluation that I went through was not focused only on the level of compliance but also on the practicality and effectiveness of implementation in real-life situations. Besides, I also took my review to the next level to grasp the adaptability and scalability of IRPs, which takes place in tandem with the dynamic changes in the threat environment and the operational dynamics. By assessing how each plan fully incorporated threat intelligence, kept continuous tracking, and went through periodic assessments and modifications, this was done. Following the guidance in NIST SP 800-61, I utilized the knowledge to build a framework that will provide the necessary actionable insights and recommendations to enhance the organizational incident response capabilities and ultimately make them more resilient against cyber threats

On a scale of 0 to 5 (0 is not started yet & 5 is completed), how would you rate your progress in this section?

4

I have not progressed here yet. However, I plan to explain in the Application Details section why the intelligence derived from Incident Response Plans (IRPs) following the NIST SP 800-61 guidelines is useful. The task will be focused on the description of the particular conclusions, highlighting the strengths, weaknesses, and ways to improve the IRP vulnerabilities and the recommendations for the improvement of response capabilities. Moreover, I would like to address the emergence of new trends or patterns in case such patterns appear in the course of the analysis. That would help to reveal the new security practices adopted by incident response practitioners. Through this integration, the Application Details section provides practical information to organizations attempting to harden their cyber defense posture and to have their incident response processes aligned with the industry's best practices.

On a scale of 0 to 5, (0 is not started yet & 5 is completed) how would you rate your progress in this section?

0

So far, I have gained a few insights on various aspects, although I have yet to complete the project. As I have been analyzing the Incident Response Plans (IRPs) with the NIST SP 800-61 standards in mind, I have acquired an understanding of the complexities inherent in the security operations and incident response procedures used in different industry sectors. The key learning experience point here is how important a structured and comprehensive approach to incident management is, that covers not only the technical aspects but also all the aspects of communication, coordination, and constant improvement.

On a scale of 0 to 5, (0 is not started yet & 5 is completed) how would you rate your progress in this section?

1

Although I have yet to complete the project, the expected benefits of the project for my enterprise include more awareness of the strong and weak points of its present IRPs against the NIST SP 800-61 Risk Management Framework recommendations. For example, this can be applied by defining better methods of incident recording, improving communication protocols, or streamlining the workflow of response teams. This strategy will immensely strengthen the incident response capacity of the employer. Being able to detect security incidents in a shorter time can guarantee a faster response. This in turn reduces the downtime and damage. Furthermore, the result can be utilized as an element that is responsible for the establishment of a proactive security culture in the company as well as for the assessment of the cyber threats' development in time. Ultimately, these developments lead to reduced risk exposure and an enhanced ability to withstand cyberattacks, as well as increased confidence in the organization's capabilities to safeguard its assets and operations.

On a scale of 0 to 5, (0 is not started yet & 5 is completed) how would you rate your progress in this section?

1

To be completed in Week 10 (Project Submission)

On a scale of 0 to 5, (0 is not started yet & 5 is completed) how would you rate your progress in this section?

0

Hengst, K. (2020). Best practices in cloud incident handling (Master's thesis, University of Twente).

Möller, D. P. (2023). Cybersecurity in digital transformation. In Guide to Cybersecurity in Digital Transformation: Trends, Methods, Technologies, Applications and Best Practices (pp. 1-70). Cham: Springer Nature Switzerland.

Stine, K., Quinn, S., Witte, G., & Gardner, R. (2020). Integrating cybersecurity and enterprise risk management (ERM). National Institute of Standards and Technology, 10.

To be completed in Week 10 (Project Submission)

If you have something to share, please provide it.

To be finalized in Week 10 (Project Submission)

On a scale of 0 to 5, (0 is not started yet & 5 is completed) how would you rate your overall progress in the review paper assignment?

0

1