Worm and Distributed Denial of Service (DDoS) Agent Infestation Study the following scenario and discuss and determine the incident response handling questions that should be asked at each stage of the incident response process. Consider the details of the organization
and the CSIRC.
This scenario is about a small, family-owned investment firm. The organization has only one location
and less than 100 employees. On a Tuesday morning, a new worm is released; it spreads itself through
removable media, and it can copy itself to open Windows shares. When the worm infects a host, it
installs a DDoS agent. It was several hours after the worm started to spread before antivirus signatures
became available. The organization had already incurred widespread infections.
The investment firm has hired a small team of security experts who often use the diamond model of
security incident handling.
Preparation:.
Detection and Analysis:.
Containment, Eradication, and Recovery:.Post-Incident Activity:.