Assignment 9

Materials requirements planning (MRP) is a software-based production planning and inventory system. MRP tracks the availability of inventory while maintaining the lowest possible level of inventory and tracks manufacturing activities, deliveries, and purchasing activities. MRP’s primary objective is to make sure that materials and components are available when needed during production and that manufacturing takes place on schedule. MRP depends on master production scheduling (MPS), which schedules items and quantities for AM, to calculate requirements for every item and to create a plan for covering material requirements.

American Manufacturing has set up its MRP to represent the needs of facilities in different countries so as to be able to understand geographical differences. MRP information is important to other corporate areas as well, such as production, distribution and finance. Losing its capabilities may cause shortage of product to customers or overage costing money in either waste or storage; a system breach could lead to mayhem of inventory misrepresentation and ordering.

The distribution system (DS) plans and controls the distribution of AM’s finished goods, based on demand. DS involves customer service, shipping, warehousing, inventory control, delivery method, packaging, receiving, plant, warehouse and other details, and the integration of all this information. It provides centralized control of distribution inventories and creates a coordinated replenishment plan. It gathers and shares information that can be used to identify opportunities for growth and competition by obtaining market intelligence.

The finance system is essential to understanding revenue, expenses, forecasting, product cost, manufacturing accounting and purchasing. MRP and DS are inputs to finance. Finance acts on this information but has fallbacks in place, such as predictive expenses based on history to assure that accounts are funded and purchases can be made and expenses covered if some manufacturing systems cannot communicate information.

The intellectual property / document management system …

? The breaches in the other components can lead to exposure of intellectual property by exposing components ???

A breach in any one of these departmental system can have a chain reaction across these other systems or across the enterprise.

Xxx …

The Digital Forensic Response and Investigation Plan (DFRIP) outlines guidance and structure for corporate response to computer / digital related incidents. The DFRIP is a stand-alone plan for computer related incidents but is a component of a larger corporate Business Continuity Plan (BCP) which outlines all corporate response needs to restore and continue business regardless of related business or infrastructure specifics.

AM’s DFRIP is based on the National Institute of Standards and Technology’s (NIST) Computer Security Incident Handling Guide (Chiconski, 2012). The plan areas are as follows:

· Preparation – preparation involves training for incident response and team-building; it does not happen during incident response but helps prepare for response

· Detection and Analysis – detection and analysis involves monitoring the corporate systems and determining if an incident has occurred

· Containment – once an incident is detected, the problem must be contained for the specific system(s) and the corporation

· Eradication – eradication is the removal of the problem

· Recovery – system recovery/restoration involves bringing systems and functions back online, functioning as intended without breach damage

· Post-Incident Activity – after incident review of the incident, lessons learned, and integration of discoveries and recommendations into procedures, process and plans

AM has distributed digital incident teams all reporting to Enterprise Security Operations (ESO). The Digital Incident Team (DIT) monitors corporate computing and handles computing incidents. The DIT consists of the following sub-teams which concentrate on specific areas: Security Operations Center (SOC), Network Operations Center (NOC), and Incident Response (IR). SOC and NOC oversee security information and event management (SIEM). AM uses SIEM to aggregate data from multiple sources, identify deviations from their defined baseline and take action such as stopping an activity’s progress. AM’s SIEM uses multiple collection agents in a hierarchical manner and gathers events from end-user devices, servers, network devices and security items such as firewalls, antivirus and intrusion systems. Given AM’s various geographical locations, it uses edge collectors to pre-process information and only passes certain information to the centralized management node. IR responds once an incident is discovered.

Distributed incident response teams following one corporate response plan

Investigate per system component or some other subset?

Network logs

System access logs

SIEM edge collector logs and what was forwarded to centralized management

??

After detection and analysis, DIT believes that hacking and intrusion have affected the following system areas: materials requirements planning, distribution, finance, and intellectual property/document management. As a result, ESO contained these systems from interacting with other systems but did not shut down the system(s) so that individual system teams could better investigate their system(s). Response specifics based on system areas are outlined along with key forensic artifacts and recovery/restoration considerations.

xxx

AM has established the following priorities regarding a security breach and bringing systems back online.

Eradicate

Bring MRP up within 24 hours using a replicate system if need be

Bring Distribution up within 24 hours after MRP

Bring Finance up within 72 hours of eradication of breach

Bring intellectual property / document management up within xxx of xxx

AM has chosen to measure the following regarding digital incidence response …

Discovery time

Notification time

Response time

Eradication time and effectiveness

Recovery

Estimated damage / cost ?

[Heading 2]1

[To add a table of contents (TOC), apply the appropriate heading style to just the heading text at the start of a paragraph and it will show up in your TOC. To do this, select the text for your heading. Then, on the Home tab, in the Styles gallery, click the style you need.]

Xxx

Review forensic artifacts for information and adjustments

[Heading 2]1

[To add a table of contents (TOC), apply the appropriate heading style to just the heading text at the start of a paragraph and it will show up in your TOC. To do this, select the text for your heading. Then, on the Home tab, in the Styles gallery, click the style you need.]

References Chiconski, P. M. (2012, August). Computer Security Incident Handling Guide. National Institute of Standards and Technology. Retrieved from https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf Oracle. (2013, April). JD Edward World Manufacturing and Distribution Planning Guide. Retrieved from Oracle: https://docs.oracle.com/cd/E26228_01/doc.93/e21770/title.htm