NETWORK SECURITY
oguzhansaglik
Assignment2.docxIntroduction:
In 2015, the Office of Personnel Management (OPM) was breached and millions of records with sensitive information about US personnel was stolen.
The hackers stole fingerprints as well as data from SF-86 forms. These forms contained personal and potentially compromising information about people who went through background investigations for a security clearance. This means that the theft included information about alcohol consumption, affairs, financial issues, and other sensitive data that could be exploited by a bad actor or nation state out to recruit insiders for espionage. Not only were applicants’ information stolen, but so was information about family members and friends including addresses, telephone numbers and Social Security numbers.
Reports after the attack indicated that the OPM had many security gaps and if they had responded to the initial incident correctly, perhaps the attack could have been significantly minimized. For this exercise, students will examine the reports about the breach and will assess the organizations incident response.
· Conduct an incident response assessment. (CO5)
· Critique a ‘real world’ Incident Response and offer recommendations for improvement. (CO5, CO8)
· Identify challenges related to incident response and the consequences of poor incident response management. (CO5)
Instructions:
Read the following documents.
· Cichonsk, P., Miller, T., Grance, T., Scarfone, K. (2012). Computer Security Incident Handling Guide Recommendations of the National Institute of Standards and Technology (Links to an external site.) . [PDF file size 1446KB] Retrieved from http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
· The OPM Data Breach: How the Government Jeopardized Our National Security for More than a Generation (Links to an external site.) , (2016, Sep. 7). Committee on Oversight and Government Reform U.S. House of Representatives, 114th Congress. [PDF file size 4.25MB] Retrieved from http://www.fdsys.gov
· (2017, Feb. 2). United States Office of Personnel Management. [PDF file size 299KB] Retrieved from https://www.opm.gov/news/testimony/115th-congress/opm-testimony-before-house-oversight-and-government-reform-improving-security-and-efficie Section Five: Assurance and Security Considerationsncy-at-opms-national-background-investigations-bureau.pdf
Review the NIST Incident Response Document then review the OPM breach reports. You may also review outside reference material. Think about the six stages of the incident handling process: preparation, identification, containment, eradication, recovery, and lessons learned. Assess the OPM breach during each of the incident response stages. Select one stage and discuss what went well and what was not handle properly during each part of the process. Briefly assess the communication following the breach.
