> For the complete documentation index, see [llms.txt](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cybersecurity-cloud-and-it-notes.gitbook.io/kyles-cybersecurity-cloud-and-it-gitbook/google-cybersecurity-professional-cert/3.-connect-and-protect-networks-and-network-security/module-4/review-security-hardening/portfolio-activity-use-nist-for-incident-response.md).

# Portfolio Activity Use NIST for incident response

#### 🚨 Fun and ADHD-Friendly Assignment Overview 🚨

***

#### **Pass the Mission** 🏆

To pass this task, you need to hit at least **80%**—which means getting **4.8 out of 6 points**. Your goal? Analyze a **network incident** and create a **superb incident report** using the **NIST Cybersecurity Framework (CSF)**.

***

#### **Mission Overview: Save the Company!** 🛡️

You’re a **cybersecurity analyst** working for a cool **multimedia company** that just got hit by a **DDoS attack**. The company’s services, like web design and social media marketing, were down for two hours due to a flood of ICMP packets. Yikes!

The attack exposed a weak spot in your firewall, so it’s up to you to use your **NIST CSF** skills to:

1. **Analyze** what went wrong.
2. **Protect** the company from future attacks.
3. **Respond** with a killer action plan.

And guess what? This incident report can go straight into your **cybersecurity portfolio**—talk about leveling up! 🚀

***

#### **The Scenario: What Went Down**

A malicious attacker hit the company with a **DDoS attack** by flooding your network with ICMP pings, exploiting an unconfigured firewall. Your team quickly took action by:

* Blocking incoming ICMP packets
* Stopping non-critical services
* Restoring critical network services

They also tightened security by adding:

* A firewall rule to limit incoming ICMP traffic
* IP address verification to block spoofed addresses
* Network monitoring software
* An IDS/IPS system

Now, it’s your turn to dive deeper into the attack and **analyze** what happened using the **NIST CSF**!

***

#### **Step-by-Step: How to Crush It!**

**Step 1: Use the Incident Report Analysis Template 📝**

Click the link to access the **template** where you’ll log your findings. Don’t have a Google account? No problem! Download it directly from the attachment.

Template: \[Incident Report Analysis]

**Step 2: Summarize the Security Incident**

* Write down **what happened**, **why it happened**, and the **impact** of the DDoS attack.
* Include details like targeted systems, the attack source, and how it was resolved.

**Step 3: Identify the Type of Attack 🔍**

* Use your knowledge to define **what type of attack** this was (spoiler: it’s a **DDoS**), and list the affected systems.

**Step 4: Protect the Network 🔐**

* Create a **protection plan** to prevent future attacks.
* Ask yourself: “What do we need to update or change to secure our network better?”

**Step 5: Detect Future Threats 🔦**

* How can you and your team **monitor the network** to catch suspicious activity?
* Think about things like tracking **users**, checking for unauthorized logins, and using network monitoring software.

**Step 6: Respond to Future Attacks 💥**

* Plan how you’ll **contain and neutralize** threats in the future.
* Include steps on how to analyze and learn from future incidents.

**Step 7: Recover Systems 🔄**

* What’s the plan for **recovering** from attacks?
* Think about what systems, processes, and data need to be **restored** and how to **bring everything back to normal**.

**Step 8: Self-Assessment 🧐**

After completing the incident report, compare your work to the **example** provided in the course. Reflect on your progress and double-check if you covered all the steps!

***

#### **Pro Tips** 🧠

* **Save your work**! You’ll need this incident report later for your portfolio.
* Aim for **5 points** to ensure you’ve covered all bases and you’re on track to pass!

***

#### **What Should You Include?**

* A **summary** of the incident.
* Identification of the **attack type** and systems impacted.
* A **protection plan** for future incidents.
* **Detection methods** for spotting future threats.
* A **response plan** to handle future incidents.
* A **recovery plan** to bring systems back online.

***

You’ve got this! Follow the steps, use the NIST CSF framework, and show those attackers they messed with the wrong company. Time to be the hero of the day! 💪
