User Account

All Pages

Describe the series of malicious events that led up

Assignment Help Operation Management
Reference no: EM131852938

Enterprise Continuity Planning : Scenario:

An employee hacked into the human resource records system at the employee's place of business and changed the employee's base salary rate to obtain a pay raise.

The employee did this by spoofing an IP address in order to eavesdrop on the network. Once the employee identified where the data was stored and how to modify it, the employee made the changes and received two paychecks with the new amount. Fortunately, an auditor happened to discover the error.

The auditor sent an e-mail to several individuals within the organization to let them know there was a potential problem with the employee's paycheck

. However, the employee was able to intercept the message and craft fake responses from the individuals the original e-mail was sent to. The employee and the auditor exchanged e-mails back and forth until the employee was soon given access permissions for some other financial records.

With this new information, the employee was able to lower the salaries of the president of the company and several other employees and then to include the salary difference in the employee's own paycheck. The IT staff determined that the spoofing that occurred that allowed the employee to gain access to the human resources system was caused by a lack of authentication and encryption controls.

As such, a local root certificate authority was installed to implement a public key infrastructure (PKI) in which all communication to the human resource system required a certificate. This would encrypt network traffic to and from the human resources system and prevent eavesdropping. It would also properly authenticate the host to prevent spoofing.

Task:

A. Perform a postevent evaluation of how the organization's IT staff responded to the attack described in the scenario by doing the following:

1. Describe the series of malicious events that led up to the incident.

2. Identify who needs to be notified based on the type and severity of the incident.

3. Outline how the incident could be contained.

4. Discuss how the factor that caused the incident could be eradicated.

5. Discuss how the system could be recovered to return to normal business practice.

a. Explain how the system could be verified as operational.

b. Perform a follow-up of the postevent evaluation by doing the following:

1. Identify areas that were not addressed by the IT staff's response to the incident.

2. Identify the other attacks mentioned in the scenario that were not noticed by the organization.

a. Describe the type and severity of the attacks not noticed by the organization.

b. Describe how these additional attacks can be prevented in the future.

3. Recommend a recovery procedure to restore the computer systems back to a fully operational state.

C. When you use sources, include all in-text citations and references in APA format.

Note: When bulleted points are present in the task prompt, the level of detail or support called for in the rubric refers to those bulleted points.

Note: For definitions of terms commonly used in the rubric, see the Rubric Terms web link included in the Evaluation Procedures section.

Note: When using sources to support ideas and elements in a paper or project, the submission MUST include APA formatted in-text citations with a corresponding reference list for any direct quotes or paraphrasing.

It is not necessary to list sources that were consulted if they have not been quoted or paraphrased in the text of the paper or project.

Note: No more than a combined total of 30% of a submission can be directly quoted or closely paraphrased from sources, even if cited correctly. For tips on using APA style, please refer to the APA Handout web link included in the General Instructions section.

In FXT2 task 2, you need to consult NIST 800-61 on the issue of whom to notify in an incident based upon the type and severity.

For System Restoration, you need to explain which back-up tapes you will use and in what order.

And, for System Verification, you need to consider other steps to verify that the system has been fully restored, like user acceptance testing (specify by whom) and vulnerability assessment testing (specify how).

Reference no: EM131852938

Questions Cloud

Triangular distribution probability paper : Construct a probability paper for distributions with symmetrical triangular PDF's on the interval a to (b) A number of individuals measured
Prepare the journal entries for given transactions : During its first year of operations, Collin Raye Corporation had the following transactions pertaining to its common stock. Jan. 10 Issued 80,000 shares.
What is role of transfer pricing and tax-compliance risks : What is the Role of Transfer Pricing and Tax-compliance risks in the Rubber Industry:
Assumption that the occurrences of earthquakes : Is the following set of data from Southern California consistent with the assumption that the occurrences of earthquakes
Describe the series of malicious events that led up : Describe the series of malicious events that led up to the incident. Identify who needs to be notified based on the type and severity of the incident.
What is depreciation on the building : At the beginning of 2014, Robotics Inc. acquired a manufacturing facility for $12 million. $9 million of the purchase price was allocated to the building.
Numbers of accidents per driver : Among 29,531 drivers the following numbers of accidents per driver were observed (in Connecticut, 1931-1936):
What are franks prospects of obtaining bail in relation : What are Franks prospects of obtaining bail in relation to the terrorism offence? You should refer to the provisions of the Bail Act in your answer
What is the marginal tax rate on the income : Chuck, a single taxpayer, earns $70,000 in taxable income and $10,000 in interest from an investment in City of Heflin bonds.

Reviews

Write a Review

Operation Management Questions & Answers

  Discuss the pros and cons of doing business with government

Discuss the pros and cons of doing business with the government, as well as how conducting business with the federal government is different from conducitng business with commercial companies

  What is known as absolute referencing

If feedback relationship exists between two separate variables, then in spreadsheet terms, relationship is indicated by what is known as absolute referencing.

  Explain why the weights might still be valid

expresses concern which ease of transport to the hotel was acknowledged as being the most important attribute, yet it has not been given the largest weight. Explain why the weights might still be valid.

  The staffing shortage impacts other business constraints

Describe in detail how the staffing shortage impacts other business constraints

  Boardrooms and conference centers of the corporate world

There's a scourge upon the boardrooms and conference centers of the corporate world.

  How to improve his service to his customers

A drive-in bank can accommodate up to 7 cars on the driveway plus one car in service. how to improve his/her service to his/her customers.

  Analyze that company and its products

Choose a large organization that sells a product or multiple products. In a 2-3 paper, provide an overview of the company. Next, analyze that company and its products in terms of product and service quality, costs of quality, total quality managem..

  What is the indifference point for the two options

What are the two capacity options that Robbie needs to consider? What are their fixed and variable costs? What is the indifference point for the two options?

  Global strategy yields competitive advantage

Referring to Being 's global strategy yields competitive advantage for its 787 Dreamliner case study

  Calculate expected value at every node

Draw a decision tree. Calculate expected value at every node. What should they do?

  Describe a specific experience with hr issues you have

discuss a specific experience with hr issues you have experienced as an employee. what was the issue and how was it

  Standard deviation of demand for the sheets is three per day

Dunstreet's Department Store would like to develop an inventory ordering policy of a 90 percent probability of not stocking out. To illustrate your recommended procedure, use as an example the ordering policy for white percale sheets. Standard deviat..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd