Question

Consolidated Electronics Group, Inc. is a manufacturer and supplier of avionics equipment to various airlines across the continental United States. Recently, the company has laid off several employees, which left many in the company in a disgruntled state. Now, the information technology (IT) staff has reported to management a significant spike in network attacks numbering in the thousands. Reports from the intrusion detection system (IDS) indicate that two of these potential attacks may have compromised highly classified plans for a new prototype avionics switchboard, which is expected to revolutionize the market. The IT staff suspects that the attacks and potential security breach may have something to do with the recently laid off staff. Assignment Instructions: The U.S. National Institute of Standards and Technology (NIST) is a recognized authority for providing security standards, guidelines and procedures. NIST provides a large array of other security related documents, which are of great value to information security professionals.

For this assignment, you are asked to use NIST SP 800-61 Rev. 2

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

While this document is quite large, you will find Section 3 starting on page 21 helpful for this assignment. Using the guidance from this NIST document, craft an incident response plan that includes:

A description of the specific measures that would be taken to investigate a security breach.

An explanation of steps taken to prevent future attacks and to secure the company’s information systems

A communication plan to disseminate the results and findings of this event to the organization

Your plan should be two to three pages.

Answer 1

Measures taken to investigate the security breach:

1. Check for physical loss of assets like hard drives, printed materials, CD/DVDs.

2. Flaws in the access control facilities and gather details on how the attack was performed.

3. Contact information and background check of laid-off employees.

4. Ports and other hardware are used for the security breach.

5. A detailed analysis of IDS reports, audit trails, log monitoring etc.

6. Monitor the whole network for undiscovered vulnerabilites which may exists.

To prevent future security breaches, specific measures to be taken are:

1. Identify loopholes in security and close them.

2. Secure assets like CDs, DVDs, hard disks,etc.

3. Minimize online access to critical hardware like database servers that are not necessary.

4. Use stronger encryption and authorization techniques for access to critical data.

5. Use of proper malware detection and antivirus software’s across all systems.

6. Use access to critical data on business need to know basis. Two-step authentication and verification mechanism should be used.

The communication plan should be:

1. The steering committee - CIO, CISO, CFO and other heads of departments should be briefed in person about the incident.

2. Employee awareness programs should be conducted to make employees aware of basics of security and how to protect them against security attacks.

3. Immediately the security operation center should be contacted and the backup plan and procedures to be performed in such scenarios should be carried out.