CYB 200 6-2 Project 2 KOCH

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

200

Subject

Information Systems

Date

Jun 22, 2024

Type

docx

Pages

4

Uploaded by CorporalGoldfish2212

Report
6-2 Project Two: Incident Analysis Brief James Koch February 11, 2023 CYB 200 Cybersecurity Foundations Instructor: Jillian Seabrook Incident Analysis Brief
A payroll administrator returned from a break and witnessed someone leaving through an emergency exit, wearing a full backpack and carrying a small “weird-looking” electronic device. The payroll administrator immediately noticed that the office’s file cabinet drawers were ajar, her workstation was turned sideways, and her USB headset was unplugged. It should also be noted that: Half a drawer of manila folders (contents unknown) were missing from the file cabinet. Remote access logs indicate that several foreign connections were made to the corporate network using the payroll administrator’s account on the very same day she reported the incident. Payroll reports generated the day after the incident contained “inaccuracies” that are being investigated by the human resources office. The organization’s payroll application is suffering from unexplained outages that last anywhere from a few minutes to several hours. Scenario Analysis For this incident, I believe that confidentiality reflects the greatest overall negative impact on the organization. “Confidentiality is the protection of information from unauthorized access. This goal of the CIA triad emphasizes the need for information protection. Confidentiality requires measures to ensure that only authorized people are allowed to access the information.” (Henderson) To address the situation at hand with the known information: 1. There is a filing cabinet missing half of its contents of unknown importance. The company needs to lock down all outgoing information for the time being and then restrict access once the damage is known and fixed. 2. There were several foreign connections made to the company’s payroll account the same day of the incident. The connections were made using the payroll administrators account information. This is also a confidentiality breach due to the fact that the access was made by an unauthorized individual. 3. There were payroll reports generated the day after the incident contained “inaccuracies”. These inaccuracies display a breach into the payroll application. This would indicate that some Personally Identifiable Information (PII) could be at risk. Payroll reports would contain most demographic information and an individual’s social security number, bank account information and even information about the individuals’ families could be at risk. 4. The unexplained outages are also a breach of confidentiality due to an unauthorized person or entity has gained access to the payroll application and is trying to gather
more information from outside the company’s network. These networks need to shut down to all outside sources until this problem is resolved. Recommendations For this incident, I believe that a layered security approach would be the best practice. A common misconception among those outside the cybersecurity sector is that a single technology – a single action or software or strategy – can make an organization “secure”. By using multiple layers of security, it makes an attack much more difficult to be successful. “The first step is to understand your current environment. Businesses today have complex environments. Remote work, globalization, and cloud computing have dramatically improved efficiencies and productivity in the workplace – but these changes have also added new vectors for attackers.” (What are the 7 layers of security). Once this is achieved, you can tactically secure your network and its contents from attackers. Another invaluable step that should be implemented at the company should be the separation of duties. “Separation of Duties (SoD, sometimes referred to as "Segregation of Duties") is an attempt to ensure that no single individual has the capability of executing a particular task/set of tasks.” (Separation of Duties Policy) By not giving any one individual access to this amount of pertinent information about the company and its employees, you can limit the amount of damage that is done when an incident like this occurs. By implementing the SOD model and a layered security approach, I believe that the company will be setting itself up for success and not be as susceptible to attacks in the future and if/when an attack happens again, the fallout will not be so great as not as much information will be accessible by attacking one person. References Snook, A. (2020, July 22). How to Conduct an Effective Incident Analysis . i-Sight. https://www.i-sight.com/resources/how-to-conduct-an-effective-incident-analysis/ Henderson, A. (2019, December 24). The CIA Triad: Confidentiality, Integrity, Availability. Panmore Institute. https://panmore.com/the-cia-triad-confidentiality-integrity-availability What Are The 7 Layers Of Security? A Cybersecurity Report. (2020, July 14). Mindsight. https://gomindsight.com/insights/blog/what-are-the-7-layers-of-security/ Separation of Duties Policy | Cyber Security | ITD. (n.d.). https://www.bnl.gov/cybersecurity/policies/separation-of-duties.php
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

student-assessment-bsbxcs302-1177017-student-49169-dennis-browne.pdf
Assignment Lab 1 - Sec 02 (1).pdf
Week 7 chapter 5.docx
CYB 240 7-2 Project Two Recommendations Report KOCH.docx
CYB 230 Module Three Lab Worksheet KOCH.docx
CYB 200 Module 1-3 Activity.docx
CYB 240 Project One Milestone Template KOCH.docx
CYB 200 7-1 Project 3 KOCH.docx
Continuing Case Study Chapter 8.docx
IDS 105 Project Template (1) (1) (1) (1) (2).docx
CYB 200 Module Three Case Study Template_KOCH.docx
e5 ntervención organizacional.docx