- Discuss what steps you would take to immediately reduce the impact of the attack on the business.
After analysing the case scenario, it is identified that in the nominated infrastructure there are several threats present which will majorly impact the security of the user data. Followed by this identification it is observed that most of the threats are related to the network traffic overloading as well as the accessibility of the data. Considering these concerns, it is identified that in the organizational infrastructure it is very essential to adopt such mitigation strategies that will help to reduce the impact of the identified threats. Followed by this identification it is observed that there is a huge necessity to develop an incident plan that will help to immediately mitigate the issues which may significantly impact the business. Considering these aspects, a detail elaboration of the steps that would be taken for reducing the impact of risk are listed below:
Accumulate an internal team-
In order to reduce the impact of the incidents that have been discussed it is very essential, to develop a team consisting of the experts of security and services. The team will then proceed with further operations. Developing a better team with maximum expertise will help to get a detailed understanding of the threat and its impact. The team will consist of the members like security responsible manager of the organization, internal and external legal counsel, IT manager, operation manager as well as the corporate communicator.
Determine the external security resources-
After completion of the above step the external security resources will be identified which will the company get help from experts in order to address the requirement of the company. Making allowance to this concern it can be stated that for the nominated case scenario it is essential to get help from the security forensic expert, PR professionals as well as insurance broker.
Characterize the threats-
It is very essential to develop a response plan which is flexible for any dynamic situation. Hence, to quickly mitigate the threat it is very essential to categorize the threat which will help to get a detailed idea about the threat and its impacts. This steps it very essential while reducing the impact of any threat.
Develop a checklist for actions-
Followed by the above-mentioned activities it is now essential to develop a checklist for the actions which will be taken in order to reduce the impact of the identified threats. Following the developed checklist it will then work according to that checklist which will help to proceed in a structured way.
Apply the actions-
Followed by the completion of the above-mentioned steps in this step it will focus on the implementation of the mitigation approaches. In this process, the problematic area will be targeted and then the approached strategies will be applied with the purpose to mitigate the identified problems.
Track the impact of the actions-
Followed by the application of the approached strategy to reduce the impact of the identified threat it will then focus on the monitoring process as this will help the organization to track the effectiveness of the applied strategies. This will help to check whether the taken actions are effective or not.
- Discuss the further steps you would take to completely stop the incident and get the network back to a stable operating state.
After completion of the above discussion, it is identified that immediate response plans are not the permanent solution for the identified network threats. Making allowance to this concern it is determined that there is a huge necessity to adopt such a strategy that will significantly restrict the incidents and protect the network. As it is identified from the above discussion that into the infrastructure of the nominated organization there is a huge threat of increasing the rate of network traffic which has primarily impacted the operations of the organization. Considering these aspects in the below section lists of steps are mentioned which will help to protect the network server of the organization-
Step 1- Develop a network security audit practice with the purpose to examine the network of the organization which will perform several significant tasks to analyze the organizational threat. This practice will include the analysis of firewall configuration, identification of the organizational assets, investigation on the current security policies and the risk assessment.
Step 2- Followed by the above step it is also very essential to spread awareness of the threats that could impact the operations of the organization. Making allowance to this concern it is suggested to conduct an awareness training which will help the employees of the organization to be more careful about the identified threats and the impact of those threats. This is one of the essential steps that help the organization to be prepared for the mitigation approaches.
Step 3- Along with the adoption of the above steps it will then focus on the restriction of network access as well as the privilege of the user access. This is one of the most effective steps to eliminate the possibilities of threats that can impact the network. Considering this aspect it can be stated that this approach will help the organization to restrict the data uses of the employ of the organization which is a great initiative towards eliminating the possible threats into the nominated organization’s infrastructure.
Step 4- Along with the above steps it is also very essential to protect the systems of the organization by using effective strategies as followed by the analysis it is identified that this is one of the best ways to protect the network of the organization. And avoid the threat as well.
Step 5- Apart from the above-mentioned steps it is very essential to significantly monitor and track the operations of the security mitigation strategy as this will help the organization to protect its network server from external threats.
- Discuss a communication strategy that would ensure communication to everyone in the organisation about the nature of the problem, how it will be fixed and the time it will take to fix it.
- The stakeholders or teams that you think need to be contacted and why you have included them.
Followed by a thorough investigation of the nominated case scenario it is identified that to fix the identified problems into the nominated scenario it is very essential to adopt an effective communication strategy that will enhance the communication within the stakeholders of the organization that will impact the effectiveness of the incident mitigation approach. Considering this identification it is observed that the incident response plan should include the team members from all of the departments. Especially with the network team, mid-level team as well as with the tracking and monitoring team. There is a huge reason behind this selection as it is discussed initially that with the purpose to reduce the threat of the nominated scenario. Along with this identification, it is also observed that the adoption of an effective communication strategy with the purpose to communicate with each other about the activities as well as about the action plan.
Followed by the above discussion it is identified that in the past scenario it was clearly stated that there was a huge necessity to support the mitigation approaches which will help to enhance the operations of the nominated organization. Thus, it can be stated that the scenario has remained the same as currently, it is very essential to communicate with the mentioned stakeholders with the purpose to reduce the possibilities of the incident in the nominated case scenario.
- What form the communication would take?
Followed by the above identification it is observed that in order to communicate with each other it is very essential to adopt effective strategies and forms of communication which will help to enhance the communication process within the organizational infrastructure. As it is discussed earlier that in order to communicate with the stakeholders it is essential to effectively incorporate the face to face discussion process, along with this the adoption of effective strategies such as email communication process will also help to communicate with each other. Considering this aspect it is identified that in this scenario the closed-door communication strategy will be very effective as these types of methods are very effective while discussing any confidential aspect.
Along with this benefit, it is also determined that this approach allows the employee to share their opinions, as well as the problems they are facing as in this type of communication methods, are more safe and private. Followed by this identification it is observed that by utilizing this method of communication the selected team will be engaged where we will discuss the concerned topic. Making allowance to this concern it is observed that along with the adoption of closed-door meetings, an email will also help to effectively communicate among the stakeholders as by using this method important information can be shared with the stakeholders.
- The purpose of the communication i.e. what will you communicate?
After completion of the above-mentioned strategies, it is also very essential to determine the primary purpose behind the communication strategy as well as how this communication process will take place into the infrastructure of the organization. Making allowance to this concern it is observed that by using the selected communication method the identified issues can be discussed and followed by which the mitigation strategies can be determined that will help to enhance the operations of the network of the operations. Followed by this consideration it is observed that in order to communicate with the stakeholders it is first essential to develop a checklist of the issues that will be discussed in the meeting. As it will be a closed-door meeting the listed will be discussed with all of the stakeholders and following this procedure it will also gather information and opinions which will help to mitigate the threat.
Followed by this identification it is observed that initially the identified key issues will be discussed then it will further process with the discussion of mitigation strategies that will enhance the network services of the nominated organization.
- When the communication would occur?
Followed by the above discussion it is identified that in order to discuss the identified issues it is very essential to develop a schedule of the communication process. Following the schedule, the closed-door meetings will be conducted with the purpose to discuss the progress report of the applied strategies as well as about eth threats caused by significant incidents. Making allowance it can be finalized that the closed-door meetings will be conducted in alternative months. Along with these emails will be used to communicate with the stakeholders in the case to share any information related to this scenario.
ASSESSMENT 3: CASE STUDY 3B
- What technical design changes, administrative controls and documentation do you suggest in order to limit, or eliminate, the impact of such an attack in the future?
After completion of the above discussion, it is identified that there is a huge necessity to modify the technical design of the organization which will help to restrict the impact of the nominated attacks. Followed by a detail investigation of the nominated case scenario it is observed that the primary concern of the organization is the network overloading threat which may impact the user access. Along with this concern, it is also observed that the physical fault of the router, as well as configuration fault, may significantly cause huge blunder into the network infrastructure of the nominated organization. Hence, it is very essential to effectively structure the organization in such a way that the identified issues could be mitigated.
In order to eliminate and reduce the impact of the identified attacks, within the organization a security testing team will be developed which will test the systems of the organization and notify the administrator about any issues that could impact the services of the organization. Along with this, it will then proceed for effective firewall configuration as it is determined initially that within the organizational infrastructure due to the less effective configuration of firewall a huge blunder has taken place. Thus, it is now very essential to effectively configure the firewall into the organizational infrastructure. Along with this adoption, the incorporation of effective intrusion detection and prevention system will significantly help the organization to protect its network server from external threats.
Along with the above-mentioned strategies, it is also very essential to incorporate effective administrative controls that will help to enhance the workplace practices like supervision, schedule, safety policy as well as other practices that will help to enhance the working process of the nominated organization. Followed by these considerations, in order to enhance address the requirement of the organization several initiatives will be taken which will include the conduction of training on organizational safety and awareness. Along with this, a schedule will be developed and the schedule will be strictly followed by the employee of the organization which will help them to work in a structured way that will majorly impact the performance of the organization. Followed by the above-mentioned consideration it is noticed that in this work environment it is also very essential to enhance the awareness of the employ thus, the adoption of effective training will be very effective which will provide knowledge about the same. Along with this above-mentioned practices the organizational documentation is also very essential in this case scenario as this will help to keep the track for every change as well as the elements of the organization that holds a significant impact on the organizational working capabilities and security of the organizational network server. Thus, it is suggested to the organization to keep the record of every organizational data as well as the progress update which will help to provide a piece of detail information about the adopted strategies and its effectiveness. After completion of this strategy, it can be concluded that the above-suggested practices are very effective in order to eliminate, reduce and limit the impact of the identified attack that may influence the organizational network server.
- Construct an incident response plan that will specifically address the incident you have identified in this case study.
INCIDENT RESPONSE PLAN
Introduction:
Purpose-
The primary objective of this document is to develop a plan with the purpose to respond to the security incident that is impacting the security of the network server of the organization.
Scope-
This will help to protect the network server of the organization from external threat.
Maintenance-
The security team of the organization will take the responsibility to revise and monitor the effectiveness of these defined rules.
Authority-
The department head of security team of the organization is in charge to apply and maintain its effectiveness.
Definition:
Event-
Into the organizational infrastructure an event is just action or operation that has taken place while performing any task but not every event is an incident that is present in the organizational infrastructure.
Incident-
An incident is nothing but a procedure that has violated the security regulation or the security policies of the organization. Or else the occurrence of external threats can be considered as the incident into the nominated organizational network. In this organizational infrastructure there is a huge significance of network overloading and low intrusion detection process which has majorly impacted the network server security.
Roles and Responsibilities:
Coordinator-
The team member of the security department will be the coordinator of this document and they will be entirely responsible for the application of the plans. Along with this the coordinator will take care of the communication process as well.
Response handler-
The staffs of the organization will collect the data against an incident with the purpose immediately mitigate the incident. This process will help to enhance the effectiveness of the incident response plan.
Insider threat-
In this organizational infrastructure the insider threats are the actions of employ as well as the less effective network protection technologies of the organization which significantly increases the insider threat of the organization.
Methodology:
Closed door meeting-
In order to mitigate the identified issues the closed door meeting process will be applied with the purpose to identify and discuss about the possible threats. This method will help to provide a detail understanding of the network threats and its impact.
Training-
Followed by the utilization of training it will be very easy to deliver the concept of the identified mitigation approaches to the staffs of the organization in order to effectively implement the policies and address the organizational requirement.
Incident Response Phases:
Preparation-
This step consists of the identification process that will help to determine effective response plan, communication plan as well as the effective government plan that may help to mitigate the identified issues.
Detection-
In this step the incident will be identified as well as it will be classified based on its characteristics which will help them to get a detailed idea about the threat and its impact.
Investigation-
In this phase the priority is to mitigate the identified incident which will help the security team to take action according to the result of investigation.
Remediation-
The process is to repair the targeted system of the organization with the purpose to recover the operations of the organization.
Recovery-
This is a process that will be developed to prevent the organization from further attacks as well as provide backup in case of any loss that happens.
Guideline for incidence response phases:
Insider Threat-
In this case the identified incident will be forwarded to a specific person who can handle the incident and take necessary action to mitigate the threat with the purpose to enhance the operational service of the organization.
Communication Plan-
In order to get detailed information about the identified threat an investigation will be conducted with all the staffs of the organization. From the investigation detail information about the incident will be collected which will help to mitigate the issues of the identified threat.
Privacy-
The organization will maintain effective privacy policy with the purpose to sustain the privacy of the organizational data as well as the user data.
Documentation:
All of the activities of the incident response plan will be documented. Followed by this process the security team will further track and report effectiveness of the response plan. This process will help get an idea about whether the incident response plan is working effectively or not.
Revision:
| Version | Date | Author | Description |
| 1.0 | 06/03/2020 | CEO | Initial Document |
- Discuss possible problems you may face in improving the overall security posture of the bank and how you would deal appropriately with them.
Followed by the completion of the above discussion it is identified that there are several limitations present which will impact the implementation process of the above-identified strategy. Followed by a thorough investigation of the nominated case scenario it is determined that while structuring the security posture of the organization according to the approached plan it is very significant that the network server of the bank may get disrupted during the update process. Making allowance to this concern it is also identified that while conducting the awareness program into the organization the employee may not get the actual idea about the incidents. Along with this concern, it is observed that since the selected organization is a bank and a database server of the bank consist of several important data of user it is very essential to protect that information with higher priority.
Followed by the above identification it is very essential to deal with this scenario with effective strategies. Considering this aspect it is determined that before initiating the update process of the banking network it is essential to keep the backup of the organizational data which will reduce the threat of data loss. Hence, it can be stated that before initiating the security posture update process the above-mentioned steps should be followed.
