FXT2 Task2
FXT2
Task 2
This is a post event evaluation. It is used to gather information about an incident.
1. Describe the nature of the incident.
The nature of this event describes an internal breach of security in order to access and manipulate sensitive data. This internal breach was caught by the auditor, but the communications from the auditor to those who’s data was breached was intercepted.
It was determined that authentication and encryption controls as well as a lack of PKI should have been implemented in order to prevent this breach of data.
2. Identify who needs to be notified based on the type and severity of the incident.
Notify
Reason
Severity of the incident
President of Company
Directly affected and upper management .
High
IT Department
Must act to close breach.
High
Employees
Directly affected by the breach
& intruder had access to their sensitive files.
High
Human Resource Depart
It was the HR system that accessed the files and they also need to make sure everything has been corrected.
High
3. Outline how the incident could be contained.
This incident could’ve been contained by implementing a multiauthentication system and data encryption. Permissions need to be set although because the attack was done accessing human resource files, that would not have been a direct help. The human resource department would have access to payroll and financial records. Email digital signatures would also have helped so the emails to the auditor would not have been able to be spoofed.
4. Discuss how the factor that caused the incident could be removed.
Implementing better network security standards and creating a communications plan that would include phone conversations would have not allowed the person to access the payroll, make changes, and spoof emails. Utilizing other communication methods would have helped since the attacker could not spoof the auditor.
The employee that caused the incident should be not only terminated but also
Task 2
This is a post event evaluation. It is used to gather information about an incident.
1. Describe the nature of the incident.
The nature of this event describes an internal breach of security in order to access and manipulate sensitive data. This internal breach was caught by the auditor, but the communications from the auditor to those who’s data was breached was intercepted.
It was determined that authentication and encryption controls as well as a lack of PKI should have been implemented in order to prevent this breach of data.
2. Identify who needs to be notified based on the type and severity of the incident.
Notify
Reason
Severity of the incident
President of Company
Directly affected and upper management .
High
IT Department
Must act to close breach.
High
Employees
Directly affected by the breach
& intruder had access to their sensitive files.
High
Human Resource Depart
It was the HR system that accessed the files and they also need to make sure everything has been corrected.
High
3. Outline how the incident could be contained.
This incident could’ve been contained by implementing a multiauthentication system and data encryption. Permissions need to be set although because the attack was done accessing human resource files, that would not have been a direct help. The human resource department would have access to payroll and financial records. Email digital signatures would also have helped so the emails to the auditor would not have been able to be spoofed.
4. Discuss how the factor that caused the incident could be removed.
Implementing better network security standards and creating a communications plan that would include phone conversations would have not allowed the person to access the payroll, make changes, and spoof emails. Utilizing other communication methods would have helped since the attacker could not spoof the auditor.
The employee that caused the incident should be not only terminated but also
References: Peltier, T. (n.d.). Social Engineering: Concepts and Solutions. Retrieved January 27, 2014, from http://www.infosectoday.com/Norwich/GI532/Social_Engineering.htm