We use cookies to give you the best experience possible. By continuing we’ll assume you’re on board with our cookie policy

Evaluation Case

essay
The whole doc is available only for registered users

A limited time offer! Get a custom sample essay written according to your requirements urgent 3h delivery guaranteed

Order Now

1. Describe the nature of the incident.

The nature of this event describes an internal breach of security in order to access and manipulate sensitive data. This internal breach was caught by the auditor, but the communications from the auditor to those who’s data was breached was intercepted.

It was determined that authentication and encryption controls as well as a lack of PKI should have been implemented in order to prevent this breach of data.

2. Identify who needs to be notified based on the type and severity of the incident.

Notify
Reason
Severity of the incident
President of Company
Directly affected and upper management .
High
IT Department
Must act to close breach.
High
Employees
Directly affected by the breach
& intruder had access to their sensitive files.
High
Human Resource Depart
It was the HR system that accessed the files and they also need to make sure everything has been corrected. High

3. Outline how the incident could be contained.

This incident could’ve been contained by implementing a multiauthentication system and data encryption. Permissions need to be set although because the attack was done accessing human resource files, that would not have been a direct help. The human resource department would have access to payroll and financial records. Email digital signatures would also have helped so the emails to the auditor would not have been able to be spoofed. 4. Discuss how the factor that caused the incident could be removed.

Implementing better network security standards and creating a communications plan that would include phone conversations would have not allowed the person to access the payroll, make changes, and spoof emails. Utilizing other communication methods would have helped since the attacker could not spoof the auditor. The employee that caused the incident should be not only terminated but also brought up on fraud charges through the local, state, and federal law. 5. Describe how the system could be restored to normal business practice.

The system can be restored to normal business practice by either using a backup that carried the correct data and restored the files that were affected. An incremental restore. The system could also be returned to its normal state with the human resource department going through the payroll and changing the files that were affected back to their normal pay scale. Without adding additional security though, the system is still vulnerable. 5a. Explain how the system could be verified as operational.

The system is verified as operational when all files have been restored to the normal state and the system is running smoothly. Management will need to review the affected files to ensure that the information in them is correct.

1. Identify areas that were not addressed by the IT staff’s response to the incident.

One of the areas that were not identified was how the network system allowed the spoofing and was not caught much earlier. Were permissions already in place? Do they have a network logging system that analyzes the logs? The lack of other system checks were not addressed in this scenario. 2. Outline the other attacks mentioned in the scenario that were not noticed by the organization.

An attack that was not mentioned in the scenario was social engineering. The employee that manipulated the system used social engineering as well to convince the auditor that not only did the emails get sent by the person to whom they were addressed, but that he or she was that person as well.

2a. Describe the nature of the attacks not noticed by the organization.

The nature of the attacks that was not noticed by the organization was human interaction (Peltier, n.d.). Using social engineering, the employee was able to monitor the situation from inside the office as well as spoof emails to the auditor. The auditor put trust in the emails instead of calling or talking to each person affected personally. This allowed for the social engineering attack to continue.

2b. Describe how these additional attacks can be prevented in the future.

These attacks can be prevented by offering employee training of different security awareness. Security policies should be updated to include additional actions to be taken to ensure that sensitive emails are indeed coming from the correct person by using a phone call or by talking to that person physically. 3. Recommend a recovery procedure to restore the computer systems back to their original state prior to such attacks.

Since the entire network was not affected, just certain files, I would recommend an incremental backup to restore the changed files back to their original form. Human Resources should verify to make sure that the information is correct. Once the system is restored, place in added security measures and backup the system again.

References

Peltier, T. (n.d.). Social Engineering: Concepts and Solutions. Retrieved January 27, 2014, from http://www.infosectoday.com/Norwich/GI532/Social_Engineering.htm

Related Topics

We can write a custom essay

According to Your Specific Requirements

Order an essay
icon
300+
Materials Daily
icon
100,000+ Subjects
2000+ Topics
icon
Free Plagiarism
Checker
icon
All Materials
are Cataloged Well

Sorry, but copying text is forbidden on this website. If you need this or any other sample, we can send it to you via email.

By clicking "SEND", you agree to our terms of service and privacy policy. We'll occasionally send you account related and promo emails.
Sorry, but only registered users have full access

How about getting this access
immediately?

Your Answer Is Very Helpful For Us
Thank You A Lot!

logo

Emma Taylor

online

Hi there!
Would you like to get such a paper?
How about getting a customized one?

Can't find What you were Looking for?

Get access to our huge, continuously updated knowledge base

The next update will be in:
14 : 59 : 59