Lockdown

profilebwilson
NewGroup4IntelligenceDebriefingpowerpoint..pptx
Home>Information Systems homework help>Lockdown

PROJECT 3

Intelligence Debriefing

Agenda

Current system Standings

Modifications to Mitigate Threat Until Patch Release

Reputation, Productivity, and Availability Problems

Root Causes

Technical Support Needed to Restore Systems

Compliance/Regulatory Failure Costs

Current System Standings

Contained

Attack limited to single workstation

backup storage systems

No ransom was paid

Investigation Started

Penetration testing and vulnerability assessments

Waiting on Human Resources and Forensic Reports

Modifications to Mitigate Threat Until Patch

Perform endpoint scans looking for malware entering network

ID embedded malware before it reaches users

Enhance security posture

Implement FVEY sharing report best practices

Block known malicious IP addresses

Deploy more robust antivirus software (cryptoguard)

Build Yara and Snort rules for hashes and signatures

Ensure proper OS patching

Implement backup schedule

Reputation, Productivity impact & Availability Problems

Minimal damage to brand or reputation sustained

Attack contained

1 host affected

Situation quickly resolved

Approx 30 minutes

News can be contained

No service disruption or loss of PII

No ransom paid

For consideration:

Some level of malicious success attained

Potential cybersecurity confidence impact

Investigation ongoing

Could be insider threat

Root causes

Potential insider threat

Ineffective endpoint & host-based security

Embedded Excel macro malware traversed network

Lack of solid antivirus or group policies

Insufficient user training

Technical support needed to restore systems

Single Workstation Affected

Imaging the workstation affected

Patching

Offline Backups found secure

Could Restore from Offline Backups

Communication to Employees for Awareness

Compliance and Regulatory failure costs

No violation of GDPR

SitRep 2 - Found no data exfiltration

PCI DSS

Data was encrypted, but not exfiltrated

If data was exfiltrated, would need to pay for credit monitoring and fines to credit companies.

Conclusion

The recent attacks against the FVEY nations at the Global Economic Summit have showcased the importance of securing the network from known and unknown threat vectors. Threat agents directly targeted the information system's confidentiality, integrity, and availability. This debrief has emphasized the system's status following the attacks. Furthermore, the team has reported the root causes of the attacks and what modifications could be made to mitigate the effects.

Questions

Video Link

https://www.youtube.com/watch?v=zp-lY-FKuec

References

.MsftOfcThm_Accent1_Fill_v2 { fill:#30ACEC; } .MsftOfcThm_Accent1_Stroke_v2 { stroke:#30ACEC; }