Question

Consolidated Electronics Group, Inc. is a manufacturer and supplier of avionics equipment to various airlines across the continental United States. Recently, the company has laid off several employees, which left many in the company in a disgruntled state. Now, the information technology (IT) staff has reported to management a significant spike in network attacks numbering in the thousands. Reports from the intrusion detection system (IDS) indicate that two of these potential attacks may have compromised highly classified plans for a new prototype avionics switchboard, which is expected to revolutionize the market. The IT staff suspects that the attacks and potential security breach may have something to do with the recently laid off staff.

Assignment Instructions: The U.S. National Institute of Standards and Technology (NIST) is a recognized authority for providing security standards, guidelines and procedures. NIST provides a large array of other security related documents, which are of great value to information security professionals.

For this assignment, you are asked to use NIST SP 800-61 Rev. 2

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf

While this document is quite large, you will find Section 3 starting on page 21 helpful for this assignment. Using the guidance from this NIST document, craft an incident response plan that includes:

1. A description of the specific measures that would be taken to investigate a security breach.

2. An explanation of steps taken to prevent future attacks and to secure the company’s information systems.

3. A communication plan to disseminate the results and findings of this event to the organization.

Answer 1

Specific measures to investigate the security breach are:

1. Contact information and background check of the laid-off employees

2. Ports and other hardwares used for the security breach

3. Flaws in the access control facilities and gather details of how the attack was performed

4. Check for physical loss of assets like hard drives, printed materials, CD / DVDs.

To prevent future security breaches, specific measures to be taken are:

1. Identify loopholes in security systems and close them

2. Secure assets like CDs, DVDs, etc.

3. Minimize online access to critical hardware like database servers that are not necessary

4. Use stronger encryption and authorization techniques for access to critical data

5. Use of proper malware detection and antivirus softwares across all systems.

The communication plan should be:

1. The head of the organizations like CIO, head of information security, legal department should be briefed in person about the details of the incident

2. Employees of the organization should be made to undergo some trainings on how to mitigate and be aware of such security attacks.