Application: Anomalous System Behavior In a smoothly running IT operation, system administrators…

Application: Anomalous System Behavior In a smoothly running IT operation, system administrators…

Application: Anomalous System Behavior

In a smoothly running IT operation, system administrators and other support personnel are capable of handling typical incidents. Incidents should escalate to the CIO only when they are extraordinary—for example, unanticipated events or ones that could severely affect other parts of the organization. In these cases, the CIO must analyze the situation and plan appropriate technical, communication, and compliance responses.

***

In your second week as CIO, one such incident report has reached your desk. The IT operations staff has been receiving a variety of complaints, requests from the users, and network monitoring alerts. They cannot confirm that something unusual is going on—but they cannot rule out the possibility, either. User errors and network intrusions often can lead to similar-looking results. This is known as false positives. Sometimes the legitimate network traffic/behavior is confused as a security threat and sometimes a hacker creates an illusion of normal traffic patterns so on the surface all looks well.

The administrators do not want to bother you with a lot of false alarms because they want to appear capable and in control. They do not want adverse events causing damage, without you being aware. They held on to this incident longer than you would have preferred, but they still do not know for sure that anything is wrong. You can let them continue to follow standard procedures or you can redirect them to investigate further by assigning specific tasks.

To prepare for this Assignment, review the report of possible anomalous system behavior you received in this week’s Week 2 Security Briefingdocument, located in this week’s resources. Search the Walden University Library and the web to find out as much as you can about this type of event.

Using your research and personal experience, hypothesize 5-7 different, reasonable explanations for the behavior. Perform a brief qualitative risk analysis for each hypothesis, to determine the likelihood (high, medium, or low) that it is the cause, and the consequence (high, medium, or low) if it is.

Based on your assessment, establish a priority sequence for investigating each possible explanation. Next, decide what reports you need from the IT operations staff so you can confirm or rule out each of the possibilities. Keep in mind that standard reports can usually be produced much faster than custom ones, and that historical information can be reported only if it was monitored and recorded.

By Day 7, submit the prioritized list of explanations, the informational reports you need, and explanations of your reasoning for possible causes of a security breach. Next week, you will receive available reports so that you can diagnose the cause of the observed behavior.

Attachments:

Application: Anomalous System Behavior In a smoothly running IT operation, system administrators…

TALK TO SUPPORT VIA LIVE CHAT TO SEE THIS ANSWER AT $ 10 ONLY