The letter contained the following information about the incident:
- The incident occurred in the application area that provides custom application development and reporting for the ABC Company.
- The area that was impacted involved “potential data” used for sales analysis. Data from the ABC Company had been placed on laptops while some diagnostics were being carried out.
- Compromised data could have included customer or retailer information from 2002-2014 consisting of names, address, bank account data or credit card numbers, SKU product numbers, descriptions, quantities, Purchase Order numbers, and purchase price.
You are James Hurd and need to respond to this incident by taking action immediately.
You will need to complete the following:
- Develop an Incident Response Policy for ABC Company that will be used as your reference for your evaluation of this potential data incident (this is an attachment that should be included in your paper and referenced in your presentation).
- Upon developing ABC Company’s Incident Response Policy, evaluate the incident described above:
- Summarize the data incident and potential level of risk, include why?
- Upon identifying the types of data that could potentially be impacted and what laws/regulations could be in violation of non-compliance if this data was breached
- Develop your action plan to evaluate this data incident (include your rationale for why the steps were necessary)
- Describe how the Incident Response Policy supported your actions
- Identify any issues that made the evaluation more difficult
- Identify areas of future risk mitigation actions should a similar incident occur (look at the gaps or issues with this scenario)
- Close the incident (NOTE: The outcome of the incident did not surface any major risks or data breach to the company but it took the evaluation to get to this conclusion)
This presentation must be support by the research paper.
Please note the following criteria:
- Research Paper must be in APA Style
- Research Paper must have at least 5 works cited of which 2 must be peer reviewed works/articles (note your book can be included as a reference)
- Must be at least 5 double-spaced pages
- The Policy will be an Attachment and not count toward the 5 Page requirement
- Graphs, illustrations and spreadsheets are allowed, but will not count toward the 5 Page requirement
Grading criteria will include the following as this represents 40% of your grade:
Presentation will be 100 points and based on the following:
Completeness of the Topic (Policy, Processes, Action, Conclusion)
Alignment of policy
Paper will be 100 points:
- Meets Standard Criteria
- Incident Risk Policy as Attachment
- Logic of Processes and Actions (Thoroughness)
Alignment of the Incident Risk Policy components in completing and supporting the evaluation