Preview

FXT2 Task2

Good Essays
Open Document
Open Document
825 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
FXT2 Task2
FXT2
Task 2

This is a post event evaluation. It is used to gather information about an incident.

1. Describe the nature of the incident.

The nature of this event describes an internal breach of security in order to access and manipulate sensitive data. This internal breach was caught by the auditor, but the communications from the auditor to those who’s data was breached was intercepted.

It was determined that authentication and encryption controls as well as a lack of PKI should have been implemented in order to prevent this breach of data.

2. Identify who needs to be notified based on the type and severity of the incident.

Notify
Reason
Severity of the incident
President of Company
Directly affected and upper management .
High
IT Department
Must act to close breach.
High
Employees
Directly affected by the breach
& intruder had access to their sensitive files.
High
Human Resource Depart
It was the HR system that accessed the files and they also need to make sure everything has been corrected.
High

3. Outline how the incident could be contained.

This incident could’ve been contained by implementing a multiauthentication system and data encryption. Permissions need to be set although because the attack was done accessing human resource files, that would not have been a direct help. The human resource department would have access to payroll and financial records. Email digital signatures would also have helped so the emails to the auditor would not have been able to be spoofed.
4. Discuss how the factor that caused the incident could be removed.

Implementing better network security standards and creating a communications plan that would include phone conversations would have not allowed the person to access the payroll, make changes, and spoof emails. Utilizing other communication methods would have helped since the attacker could not spoof the auditor.
The employee that caused the incident should be not only terminated but also



References: Peltier, T. (n.d.). Social Engineering: Concepts and Solutions. Retrieved January 27, 2014, from http://www.infosectoday.com/Norwich/GI532/Social_Engineering.htm

You May Also Find These Documents Helpful

  • Satisfactory Essays

    Recognise hazards associated with the workplace that have not been previously controlled and report them in accordance with organisational procedures.…

    • 475 Words
    • 3 Pages
    Satisfactory Essays
  • Powerful Essays

    Jft2 Task2

    • 1878 Words
    • 6 Pages

    Financial strengths of the opera are positive cash flow, cash reserves and assets as well as fund raising.…

    • 1878 Words
    • 6 Pages
    Powerful Essays
  • Better Essays

    Jft2 Task 2

    • 1445 Words
    • 4 Pages

    In analyzing the Utah Symphony and Utah Opera merger case study, it was obvious that many factors, finances, personalities, and even the community would be involved. The wide reaching affects of a merger between these two types of organizations was eye opening. At the time of the proposed merger, the Utah Opera had a stronger financial footing and was not in danger of closing. The Utah Symphony however, was sliding down a dangerous financial slope. The organizations were structured differently in their number of employees and financial compensation packages. These differences would prove challenging in a merger and could be the basis Bill Bailey would use to oppose such a merger.…

    • 1445 Words
    • 4 Pages
    Better Essays
  • Powerful Essays

    MGT2 Task3

    • 5037 Words
    • 21 Pages

    Negative publicity of the company and loss of credibility in the eyes of existing and potential customers impacting overall business…

    • 5037 Words
    • 21 Pages
    Powerful Essays
  • Good Essays

    FXT2 Task 2 Follow Up

    • 799 Words
    • 3 Pages

    Successfully eliminate evidence of the attack, indicated by two paycheck cycles going by before audit caught the error…

    • 799 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    Nt1310 Unit 1 Assignment

    • 533 Words
    • 3 Pages

    Organizations are under increased pressure to audit every action that a user performs within a database. This is due to increased focus on security, risk, accountability and avoidance of fraud and corruption. While security prevention measures (logins, firewalls, tokens etc.) are important to prevent unauthorized access to the data in the first place, as this survey shows, most breaches occur by users who are authorized but are either negligent or malicious.…

    • 533 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    According to Mathew, “It is very important for companies to consider the smartest ways to first detect, block, and subsequently investigate employees with malicious motives”; joined to a vigorous external process that outlines preventative mechanisms that are designed and implemented around an ERP that is based on a review of hundreds of attacks. Hence the best way to identify, then possibly prevent an internal or external attack is to start with a security audit specifically created as a countermeasure; simply an attack prevention program.…

    • 639 Words
    • 3 Pages
    Good Essays
  • Good Essays

    accurate information is collected to investigate trends in incident types and offer suggestions and recommendations with the aim of controlling hazards.…

    • 9650 Words
    • 39 Pages
    Good Essays
  • Satisfactory Essays

    Electronic File – The information can be easily shared between personnel in the company if required and any changes amendments can be easily changed, these files can also be password protected or read only if required so other personnel can’t make any changes.…

    • 802 Words
    • 4 Pages
    Satisfactory Essays
  • Good Essays

    Threat identification. That is, give a detailed description of the incident and how it is an HS concern.…

    • 715 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    If you notice any breaches of confidentiality always report the matter to an appropriate member of…

    • 296 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    Handle Information Level2

    • 748 Words
    • 3 Pages

    Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.…

    • 748 Words
    • 3 Pages
    Good Essays
  • Satisfactory Essays

    Ambitious Payroll Manager

    • 610 Words
    • 3 Pages

    The suspicion came when Klaus Dieter, the treasurer, of IAS; when he noticed a difference of $700,000 for the company’s payroll that is processed every two weeks. This created Klaus to contact Dena to find out why the large difference and Dena could not give a definite answer, only that it was a bank error. This was not acceptable to Klaus, which caused him to do his own investigation as to why there was a bank error. After finding out the information through other channels it was found out the error was not really a bank error, but that Dena was having payroll deposited into her personal bank account.…

    • 610 Words
    • 3 Pages
    Satisfactory Essays
  • Powerful Essays

    Marks Spencer

    • 9814 Words
    • 38 Pages

    For managers at Marks & Spencer the year 2000 was turning out to be a less than auspicious…

    • 9814 Words
    • 38 Pages
    Powerful Essays
  • Good Essays

    Fraudulent Reporting Memo

    • 448 Words
    • 2 Pages

    Suggested solutions to the problem are to first investigate internally to find the employees involved in the fraud. Then disclose the information to our clients to avoid extra damage both legally and with our company’s reputation. Finally, strengthen the internal controls to protect against future opportunities for fraud, specifically under financial reporting.…

    • 448 Words
    • 2 Pages
    Good Essays

Related Topics