By clicking “Check Writers’ Offers”, you agree to our terms of service and privacy policy. We’ll occasionally send you promo and account related email
No need to pay just yet!
About this sample
About this sample
Words: 1042 |
Pages: 2|
6 min read
Published: Jun 17, 2020
Words: 1042|Pages: 2|6 min read
Published: Jun 17, 2020
In today’s world, the number of attacks and cyber threats are on the increase. With more and more technologies evolving, vulnerabilities are on the rise that attackers can exploit. One of the key points to note is that human factor is one of the top sources of cyber threat and cyber-attacks. Hence, it is extremely important to note that employees are aware if their responsibility in an organization’s security culture. Training programs and simulations are a great way of explaining to the employee’s implications of not following cyber security best practices and policies.
An incident response team is the point of contact when a breach occurs. They are responsible for ensuring preparedness for any type of an incident and make sure they are appropriately addressed by analyzing the issue and providing with solutions or recommendations. When a scenario like an unauthorized individual is accused of stealing information from an authorized individual’s machine without his/her consent or knowledge there are several points that needs to be addressed when this case is brought to notice of the incident response team.
The first thing the team can check is the system logs namely operating system, applications and other services logs for that time and identify if there is was any activity that took place when the authorized personnel was not on desk and the system was logged on. These logs help in identifying what activities were performed by the intruder and if any specific account was accessed and data was stolen. The IR team can also check surveillance cameras to identify the individual and his actions during that incident. If the payroll administrator had identified the intruder to be a former payroll employee, the administrator could have given more details to the response team about the identity of the person. With information like identity, the response team can find out more information related to the intention of data theft like he may be a disgruntled employee, or data theft for selling information to the competitors for monetary advantage. With analysis of such scenarios, the response team can then make sure that necessary actions be taken to avoid data being leaked outside of company’s network and that it does not reach the competitor. Moreover, the organization can involve the local and state authorities to arrest him.
The IR team is responsible for recommending protective actions to avoid such situations. They can enforce stronger Identity and Access Management policies to ensure that former employees cannot enter the campus premises without an escort by an authorized individual. Also, IR team should enforce policies like screen lock after 30 seconds or one minute and dual authentication policies for login to highly secure websites. If the incident response team believed that the intruder was a current employee, the team would have handled the case pretty similarly to identify the intention behind the data theft and intrusion activity. They would monitor the current employee’s activity on systems, networks and campus to watch out for any malicious signs and symbols in the past. IR team can use user behavioral analysis model to analyze the user’s behavior and activities over a specified time range. This data can be useful for finding the reason for intrusion and data theft. Based upon the logs and activity analysis of the intruder who is a current employee, IR team can recommend solutions like dual authentication, stronger IAM policies. Also, employees should be made aware of implications like termination of employment and huge penalties if such malicious activities are performed. The payroll administrator should also be made aware of implications of not following policies and best practices in security. Social engineering techniques are a great way for an intruder to access systems and enter restricted areas. If the intruder would have used social engineering practices, then the IR team can find that out from the surveillance cameras.
Also, IR team must recommend training sessions and simulation programs explaining the importance of following security practices and creating a culture in the organization where giving access to non-employees should be restricted unless they have an authorized visitor card or are escorted by the organization’s employees. Also, mantraps and turnstiles are a good way of making sure that only authorized employees enter office premises and restricted premises. If the logs from the previous weeks showed an unusually large number of failed remote login attempts using the payroll administrator’s user ID, then it is a good time for IR team to analyze the reason as to why the spike didn’t create an alert in their monitoring systems and locked the user’s account.
IR Team would need to analyze their account lock unlock rules and rectify those. Also, they would need to check their monitoring systems and create rules to trigger emails and notifications to security team if there are unusual activities and spikes in abnormal behavior. Also, IR team would not recommend implementation of notification system to the employee every time there is a failed login so that the employee is aware of those unlike in this case where the administrator wasn’t aware of login attempts to his machine. If the IR team discovered that a key stroke logger was installed on the computer two weeks earlier then they would need to identify how and who had done it through logs of the system and surveillance camera.
IR team would need to change their monitoring system to add a rule to monitor, block and notify the user and the security team that a keystroke logger was installed or is trying to be installed. Moreover, an intruder can install the logger only if her gets access to the victim’s system. To avoid such illegal access, dual authentication should be enforced organization wide and must come from the C-Suite. All these recommendations based on different scenarios should be documented and must be clearly specified along with necessary steps and procedures. These documents can then be used later if there is a breach in the future. The recommendations and the documentation should be approved from higher authorities and must be enforced immediately. Thus, IR team are a team of very responsible professionals who analyze the incident and study various scenarios and provide remediation measures and effective recommendations to avoid such implications due to an incident.
Browse our vast selection of original essay samples, each expertly formatted and styled