Question

Imagine this is your first day as Senior Chief Information Security Officer (CISO) of Company A. The Chief Financial Officer (CFO) calls you wondering what should have been done differently during a recent incident involving your predecessor. The following incidents recently occurred and were closed out without any alert to senior staff or the CFO.

The Chief Financial Officer’s admin reported that their laptops were performing erratically and many popup screens kept appearing while browsing the Internet. Upon inspection, it was found that the laptops were infected with malware and computer viruses. As the users were the CFO’s direct subordinates, the service desk decided to respond quickly. However, the service desk did not report the incident up the chain. As soon as the malware was removed, the service desk closed the ticket.

Based on the above information, respond to the following questions:

• What policies or procedures appear to be missing or are not being followed?
• What management style or styles should the CISO adopt in dealing with the service desk?
• How would you recommend the organization to respond to similar incidents in the future?

Answer 1

Sol:

When any malware or attack detected to the company system there need to be followed a certain procedure . several pop-ups appearing in to the desktop screen is a very clear sign of malware .presence .

The procesure that are not followed in this scenario are

* Sudden reporting of the severity of the attack to the higher authority

* The periodicall assessment not happened

* Not checked there are any backdoors are created in the system.

Management style

I will recoment to adapt Pace-setting management style to the CISO . Here in this approach the CISO should lead from the front-end and ensures what all are the preventive steps to be followed . He should give right instruction at the right time and the employees should follow that .

Future recommendation

There are no organisation or sytems safe from the attack . By keeping that in mind we should take preventive measures beforehand . That includes ,

* If any attack happen , address the issue as soon as possible

* Check the entire system to ensure there no back doors are created by the attacker .

* Secure the systems by encrypting the datas

* Should not close the malware checking early , there is a chance of hiding .Hence periodically scan all the systems in the organisation