Company A Cybersecurity Breach Investigation

scenario discussion l.w
1 / 8
Embed
Share

"Explore the cybersecurity breach at Company A involving a malicious email, software upgrade issues, and potential compromise of Controlled Unclassified Information (CDI). Follow the incident response process, regulatory obligations, and media involvement in this detailed scenario."

  • Cybersecurity
  • Breach
  • Investigation
  • Incident Response
  • CDI
rayaanacharya
sam_pa Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Scenario Discussion

  2. Scenario 1 Company A holds contracts with DoD and Department of State. ItsHR Department begins to receive calls and emails regarding an email that was sent to Company employees notifying employees of a software upgrade to the Company s HR application. Employees use the application to access their employment information such as pay stubs and benefits information. The email advised employees that the software upgrade required them to click on a link contained in the email in order to download the updated software.

  3. Scenario 1 (continued) Several employees reported to HR that, although they clicked on the link to upgrade the software per the email s instructions, the upgrade did not run properly and the application appeared not to update. HR does not report this issue to IT or anyone else. Other employees reported to IT that they properly installed the upgrade, but that that their machines have been running slowly ever since. IT initiates a service ticket inquiry, but does not advise anyone else in the company.

  4. Scenario 1 (continued) One of the affected employees is an administrative user with privileged access to multiple servers including those containing CDI. This user cut and pasted the link to his browser without reading the link and bypassing SOP. At this point in the investigation, IT confirmed malware on a database server known to contain CDI and has initiated the Incident Response Process. The Information Security Team has not detected any data exfiltration to date. IT now notifies Company A management. Company A spends 2 weeks determining the type of CDI potentially affected, and reviewing its contracts.

  5. Scenario 1 (continued) Questions to consider What is the first event that could have been a cyber event ? How did internal company reporting system work? How well did users comply with NIST standards? Did Company have appropriate system monitoring? How prepared was Company A? How should Company A have conducted the investigation? When should it have notified DoD? What other regulatory notification obligations may be in play?

  6. Scenario 1 (continued) Right before the Company notifies DoD, The FBI visits the company and delivers a victim notification letter. On that same day, an employee receives a voicemail from a cybersecurity blogger who stated that he has become aware of an apparent ongoing hack at the Company and would like to give the company an opportunity to comment before he posts his story on Tuesday. Blogger article published and picked up by media. Company contacted by Customers. The Company hears through an employee that a sub-contractor working on creating CDI has also been experiencing system problems. Company contacts sub, who assures them that there s nothing to worry about because they re using the cloud.

  7. Scenario 1 (continued) Questions to consider: What role does law enforcement play? When should they be involved? How should a company react to outside players like the blogger? Does that contact need to be disclosed to DoD? How does Company deal with customers? How does Company deal with subcontractors? Did the subcontract have appropriate flow-down language? What issues does use of the cloud introduce?

  8. Scenario 1 Complication On Sunday evening, a Company Admin Employee receives an email from an unknown address indicating that all files in the database that stores CDI are encrypted. The email further advises that decryption is only possible with a privacy key and decrypt program, located on the sender s secret server. To receive the private key, the sender demands the equivalent of $10,000, paid by Bitcoin, by Monday morning at 9 AM. Now what happens?

Related


Establishment of Electoral Reform Consultation Panel Request

Establishment of Electoral Reform Consultation Panel Request

isa
Updating ERC Panel Structure for 2024 Calls: Rationale and Main Changes

Updating ERC Panel Structure for 2024 Calls: Rationale and Main Changes

neveah
Resident Panel Meeting Highlights and Progress Update

Resident Panel Meeting Highlights and Progress Update

havilah
The Value of Distribution Panel Board Proper Grounding

The Value of Distribution Panel Board Proper Grounding

Makpower
Solar Panel Company Coimbatore | Best Solar panels Manufacturers Coimbatore | So

Solar Panel Company Coimbatore | Best Solar panels Manufacturers Coimbatore | So

kondaas
Best Solar Panel Cleaning in Fruitdale

Best Solar Panel Cleaning in Fruitdale

Parker1
Social Media Marketing Panel | Primesmm.com

Social Media Marketing Panel | Primesmm.com

Prime2
Panel Discussions: A Comprehensive Overview

Panel Discussions: A Comprehensive Overview

orin
One of the Best Solar Panel Cleaning in Burpengary East

One of the Best Solar Panel Cleaning in Burpengary East

Parker1
Efficient Program Accreditation Panel Chair Guidelines

Efficient Program Accreditation Panel Chair Guidelines

marisol
Panel-to-Panel Transitions in Comics with Examples from

Panel-to-Panel Transitions in Comics with Examples from "The Magic Fish

edmund
Planning Your Flow Cytometry Experiment: Building a Staining Panel

Planning Your Flow Cytometry Experiment: Building a Staining Panel

olivia
Update on Ship Warfare Systems Integration Panel

Update on Ship Warfare Systems Integration Panel

charis
Panel Stochastic Frontier Models with Endogeneity in Stata

Panel Stochastic Frontier Models with Endogeneity in Stata

anneliese
Role and Responsibility of Legal Aid Panel Lawyers Presentation

Role and Responsibility of Legal Aid Panel Lawyers Presentation

amaury
High-Level Panel of Experts Review on Elephant, Lion, Leopard, and Rhinoceros Management

High-Level Panel of Experts Review on Elephant, Lion, Leopard, and Rhinoceros Management

adoff
Evolution of the ICFA Neutrino Panel: A Journey Towards International Collaboration

Evolution of the ICFA Neutrino Panel: A Journey Towards International Collaboration

jiya
Get SMM social panel at Socialmediamarketplace.com. SMM Social Panel

Get SMM social panel at Socialmediamarketplace.com. SMM Social Panel

Social3
Review of SEARCH Observing Change Panel Activities and Future Directions

Review of SEARCH Observing Change Panel Activities and Future Directions

shen944
Encouraging a Household Panel to Transition Online: Insights and Strategies

Encouraging a Household Panel to Transition Online: Insights and Strategies

hag_eve
Internet Panel Surveys for Disability Data Collection

Internet Panel Surveys for Disability Data Collection

raer864
Senco Network Summer Term 2018 Panel Review

Senco Network Summer Term 2018 Panel Review

rei_s

More Related Content