Part I: Incident Analysis and Response
A. Determine why the attack on Azumer Water’s infrastructure was successful,
including the specific vulnerabilities that allowed the attack to occur. Provide
details from the case study to support your claims.
B. Explain how the confidentiality, integrity, and availability of Azumer Water’s operations
and PII (personally identifying information) data have been compromised, using NIST,
ISO 27002, or another industry-standard framework to support your claims.
C. Identify the federal regulations this NGO violated, providing specific examples from
the case study as evidence of Azumer Water’s noncompliance.
D. Recommend immediate steps to mitigate the impact of the incident, using specific
examples from the case study to justify how these steps would mitigate the impact.
E. Explain how having an incident response plan in place will benefit Azumer Water, using details from the case study to support your explanation.
Part II: Risk Assessment and Management
F. Recommend processes to increase information assurance levels within the
organization and bring Azumer Water into compliance with the violated federal
regulations.
G. Recommend technical solutions to counter the remaining efects of the attack in
the case study and to prevent future attacks.
H. Recommend an organizational structure for IT and security management, including a
logical delineation of roles and adequate coverage of responsibilities, to support the
efficient discovery and mitigation of future incidents.
I. Describe your risk management approach for Azumer Water based on the likelihood, severity, and impact of the risks in the case study.
J. Acknowledge sources, using APA in-text citations and references, for content that is
quoted, paraphrased, or summarized.
K. Demonstrate professional communication in the content and presentation of your
submission.
