Cyb 320 Project 1 Blackstone

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

320

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

4

Uploaded by ABusch18

Report
I. During the Incident A. Managing the Incident i. Identify the potential  assets  (e.g., single assets, groups of assets, and/or systems of assets) affected by the incident. The most obvious asset affected by this incident would be the entirety of the financial department. This includes payroll, billing, and banking information. This can range from employee banking information to the company’s financial assets. Given that the network was not segregated as previously thought, it is wise to assume that all data is potentially compromised. This includes servers and any shared files across the network. Every device on the network should be considered at risk if not already infected. ii. Explain potential methods you would use to  contain  the incident. Containing the incident is of utmost importance. I would start by removing the known infected computers from the network. This can be done immediately by unplugging them. Or we could simply disconnect them individually from the network by turning off the connection. This will contain the ransomware until we can identify how badly the network is impacted. Observing the network for unusual activity is a necessary step to take as well. Filtering traffic and immediately segregating sections of the network that are not yet impacted should be a priority. Filtering will block communication from the devices that are known to be compromised and, hopefully, prevent the incident from spreading. Staff should also be informed of the incident and instructed as to how to proceed. Examples of instructions should include avoiding downloads and being cautious with unrecognized email as well as reporting anything unusual to the IT department. Until the range of the damage can be determined, all machines should be logged off of and shut down. While paying the ransom is an option, there is no guarantee that our data would be released once it was paid nor that the data would not be taken or otherwise compromised despite paying.
Paying should be a last resort if all other methods of protecting the network and retrieving the data fail. iii. Explain potential steps for  remediation  of the incident. There are many potential methods for remediation of the incident. Identifying the ransomware itself should be a goal, but the expectation of managing to do so should be low. But if we can determine the specifics of the infection, we can look for decryption tools or if anyone else has solved the problem without paying the ransom. As the nature of the malware is to encrypt our data, we should immediately begin looking into decrypting software. There are many types available, and the options can be narrowed down if the previous efforts to identify the malware have been successful. Checking the date of the most recent back-up should also be done as soon as possible. If the dates lined up to be close to the current date, simply reverting to the backed-up data would be the easiest route to take. However, given that the back-up only occurs monthly, this isn’t a likely solution but can be done if nothing else proves effective. iv. Recommend potential strategies to  minimize  the possibility of this type of incident reoccurring in the future. There are several possibilities to minimize the possibility of this incident repeating. Decreasing the amount of time between back ups to, at least, weekly if not daily should be the first step. Regular back-ups will allow us to simply revert to the most recent back-up instead of having to put the entire workday on hold to solve problems. Segmenting the network is also a priority as it was supposed to have already been done and would have saved time and energy during this incident. Keeping the finance department as separate from the rest of the network as much as possible should be a priority, not just to prevent this incident from repeating but also to provide extra security to sensitive data.
Reoccurring training for the employees should also be a priority. This should be regularly scheduled and should include basic safety such as phishing links and how to handle potential concerns. B. Business Continuity i. Recommend a potential strategy for maintaining  normal business operations  during the recovery process. Maintaining normal business operations during the recovery process is of utmost importance. Any operations that can be continued offline should be resumed as normal. All devices connected to the network must be cleared for use by verifying that they are not impacted by the incident. While this will take time, as they are cleared workstations can be released to resume work. If possible, those that can resume work from home on approved devices should be allowed to or utilize alternate workstations that are unimpacted. This will help minimize downtime and maintain business operations as normal. While this is ongoing, employees and clients should be made aware of what is occurring and the steps being taken to maintain the integrity and confidentiality of their data. This will assist in maintaining the trust of the clients in the company and provide clear lines of communication with the employees. II. Post Incident: Disaster Recovery A. Describe how  failover  could benefit the organization and explain how it would affect the people, process, and technology aspects of the disaster recovery plan. Failover is, according to the Oxford Dictionary, a “method of protecting computer systems from failure, in which standby equipment automatically takes over when the main system fails.” The cost upfront can be intimidating, but being able to avoid situations like this is priceless. It ensures that the data isn’t lost due to simple mistakes or disasters.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
By having failover in place, we can keep the business operating even in the event of a disaster and keep the downtime to a minimum. This would allow the people to return to work as quickly as possible and not lose as much data as with a monthly backup. This also means, in a grander scheme, that people get paid and clients aren’t left waiting. B. Propose an update to the  backup strategy  and explain how it would affect the people, process, and technology aspects of the disaster recovery plan. A recent and up to date backup would eliminate the need to acknowledge the ransomware. The current backup happens monthly. I would suggest weekly in the very least with nightly being ideal. This means that no data is lost, ensuring that the company can continue as usual and provide for their employees and clients. It also allows for the process of disaster recovery to become much simpler, as there is an easy accessible fallback for the data to be recovered. Replacing technology is easy enough, but replacing people and data is much more difficult. But having a reliable backup strategy, the company can continue as usual with minimal fear of disaster taking them completely offline. Resources: Decryption Tools | The No More Ransom Project . (2021). The No More Ransom Project. https://www.nomoreransom.org/en/decryption-tools.html

Related Documents

CYB400 Security Assessment Presentation Blackstone.pptx
SUS Project.docx
cyb320 Project1 Steppingstone 3 Blackstone.docx
Project Two Milesone 1 Blackstone.docx
Cyb320 Project 1 stepping stone 2 Blackstone.docx
Cyb320 Project 2 Blackstone.docx
cyb400 Mod 6 activity Blackstone.docx
Cyb 400 Project 1 Blackstone.docx
Mod 3 Activity Blackstone.docx
ALY6050 Discussion_4.docx
SAFMEDS Deck 2.docx
SAFMEDS Deck 3.docx