• Home

Select an existing organization, or identify a hypothetical organization that fits these requirements, and submit your proposal to your instructor before proceeding further with the assignments in the course. Approval should be sought within the first few



Project Proposal for Microsoft

Shirish Bhatnagar

Colorado Technical University

Digital Forensics

Project Proposal for Microsoft

Digital forensic and incident response plan (DFIR) is a significant component of an IT business. The philosophy is supported by technological advancements to provide comprehensive solutions for the security profession in IT. The team seeks to offer secure coverage of the internal systems of a corporation. The following is a DFIR plan for Microsoft Corporation.

1. Preparation

This is the first phase of the plan and the most significant in protecting the business. It will entail training the employees on incident response roles and responsibilities. The training will be adjusted in response to the data breach, where drills situations will be developed (Watts, 2020). This process ensures that the team will be are prepared adequately to minimize eras. Regular mocks data breaches are critical in evaluating the response plan. This phase will also examine the funding of the plan in advance. The management of Microsoft is brought on board to ensure full support and teamwork. Another significant factor that is considered in this stage is the identification of the possible areas of the breach.

Microsoft has crucial information that is protected and, therefore, its plan will extend beyond the question of the breach to establish an evaluation response. The internal response team will guide the company in adhering to the violation of classified information. It will include risks such as loss of devices, wrongly sent emails, and information disclosure to a few employees only. Among the internal team leaders will be the wireless internet service provider manager, ICT manager, human resource personnel, a legal officer, and a corporate communication officer.

2. Containment

The second phase of the plan is containing the spread of a breach when it occurs. It involves mitigating further damage to the business. The step will include a procedure for disconnecting all the affected devices from the internet. The infected components may be deleted securely, although that will likely damage the business in the long run. Valuable evidence may be destroyed, which requires determining the source of the breach and prevent its occurrence (Lord, 2018). Microsoft team will have a redundant back-up system to curb this problem and ensure business operations are restored at the shortest time possible in case of a breach. The containment measure will entail a review of remote access protocols, hardening all the passwords, and changing administrative and user access. The effort will include quarantine of all malware from the rest of the environment, multi-factor authentication, and security patches.

3. Action Item Checklist

Microsoft is a multinational corporation with a broad scope of operations. Its checklist will, therefore, prioritize the spontaneous response to the slightest data breach. Some of the components that will be included include:

· The time and date of the incident

· Activation and finalization of both the internal and external response team towards the breach

· Identification of secure perimeter around the systems and equipment are suspected to be breach targets

· Drawing the focus of the forensic team to secure the affected systems

· Initiating the repair efforts while monitoring for incidents of compromising

4. Eradication

This phase will entail eliminating the root cause of the breach. All malware will be removed securely, and the system will be patched and hardened (Lord, 2018). A complete update will then follow. Valuable data may be lost, and the company’s liability increases if any trace of the malware remains in the system. Therefore, all the efforts will be directed to re-image the system and strengthen it than before the breach.

5. Recovery

This phase will be directed towards restoring and returning the system to normalcy. All the affected devices will be returned to the business environment of Microsoft after intensive cleaning. This process will be initiated after establishing that the system is secure and ready to be operational again.


Lord. N. (2018). Cybersecurity incident response planning: Expert tips, steps, testing & more. Data Insider. Retrieved from https://digitalguardian.com/blog/incident-response-plan

Watts, S. (2020). Digital forensics and incident response (DFIR): An introduction. Retrieved from https://www.bmc.com/blogs/dfir-digital-forensics-incident-response/