Question

Saudi Aramco post cyber security attack. Make a plan that relates to statements of policy. Recommend protocols and mitigating factors to the organization. Justify how the disaster response protocols will mitigate the threats to and vulnerabilities of the organization. Focus on disaster and incident response protocols as well as access control. Then assess the proposed method on maintaining the success of the plan going forward. Justify how your method will ensure the ongoing effectiveness of the information assurance plan.

Answer 1

Saudi Aramco post cyber security attack.

This was one cyber war between Iran and Saudi, security experts considered this as retaliation by Iran to Saudi for "Stuxnet", which breached Iran cyber environment.

Actually the Aramco post has sequel too, first the attack was done on 2012 by a virus called "shamoon", which is not only capable of breaching also to destroy the data precisely.

The attack was continued on 2017 with the same virus. Cyber experts saying this was consider one of the first ever cyber attack against a kingdom as well as the oil and gas area.

Peoples from cyber security companies like Trust wave too commented on this attack.

Learning from the attack:

While looking into the attack deeply, Saudi hasn't take enough security measures post this attack, because in 2017 the same "shamoon" has been involved in the sequel attack.

They have not studied the first attack to avoid it later. Every organization should study from the past experience and need to update then and there to get hurt from same attack twice.

Below are some of the response protocols need to be followed during disasters.

1. The predominant option is to study the existing attack and get ready to face it in any format.

This step will helpful in preventing the organization's security in later time.

2. Once we know that we got attacked, need to safeguard the rest data by closing all the access as well as moving all to temp secondary storage location (may be cloud) to mitigate the scale of risk.

This step is not to prevent, but to reduce the scale of damage.

3. Only security related and top hierarchy people has to take charge of sensitive data,until recovering from the attack.

This will ensure that rest of sensitive data are in our control.

4. There should be ready to go external security team available, round the clock to scrub the incidents and to research more about it during the instances of attack.

The live interrogation during the attack will allow the security personals to come with more information and proper ideas to avoid this kind of case happening in future.

5. Mainly when the organization sense the attack, immediately we need to stop all the external communication from companies Network, which can be a shield as well as our client system too will be safe.

This step not only help us, but also the clients relied on our network.