Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scenario Discussion.

Similar presentations


Presentation on theme: "Scenario Discussion."— Presentation transcript:

1 Scenario Discussion

2 Scenario 1 Company A holds contracts with DoD and Department of State. ItsHR Department begins to receive calls and s regarding an that was sent to Company employees notifying employees of a software upgrade to the Company’s HR application. Employees use the application to access their employment information such as pay stubs and benefits information. The advised employees that the software upgrade required them to click on a link contained in the in order to download the updated software. 

3 Scenario 1 (continued) Several employees reported to HR that, although they clicked on the link to upgrade the software per the ’s instructions, the upgrade did not run properly and the application appeared not to update. HR does not report this issue to IT or anyone else. Other employees reported to IT that they properly installed the upgrade, but that that their machines have been running slowly ever since.  IT initiates a service ticket inquiry, but does not advise anyone else in the company.

4 Scenario 1 (continued) One of the affected employees is an administrative user with privileged access to multiple servers including those containing CDI.  This user cut and pasted the link to his browser without reading the link and bypassing SOP. At this point in the investigation, IT confirmed malware on a database server known to contain CDI and has initiated the Incident Response Process. The Information Security Team has not detected any data exfiltration to date. IT now notifies Company A management. Company A spends 2 weeks determining the type of CDI potentially affected, and reviewing its contracts.

5 Scenario 1 (continued) Questions to consider
What is the first event that could have been a “cyber event”? How did internal company reporting system work? How well did users comply with NIST standards? Did Company have appropriate system monitoring? How prepared was Company A? How should Company A have conducted the investigation? When should it have notified DoD? What other regulatory notification obligations may be in play?

6 Scenario 1 (continued) Right before the Company notifies DoD, The FBI visits the company and delivers a victim notification letter. On that same day, an employee receives a voic from a cybersecurity blogger who stated that he has become aware of an apparent ongoing hack at the Company and would like to give the company an opportunity to comment before he posts his story on Tuesday. Blogger article published and picked up by media. Company contacted by Customers.  The Company hears through an employee that a sub-contractor working on creating CDI has also been experiencing system problems. Company contacts sub, who assures them that there’s nothing to worry about because they’re using the cloud.

7 Scenario 1 (continued) Questions to consider:
What role does law enforcement play? When should they be involved? How should a company react to outside players like the blogger? Does that contact need to be disclosed to DoD? How does Company deal with customers? How does Company deal with subcontractors? Did the subcontract have appropriate flow-down language? What issues does use of the cloud introduce?

8 Scenario 1 Complication
On Sunday evening, a Company Admin Employee receives an from an unknown address indicating that all files in the database that stores CDI are encrypted. The further advises that decryption is only possible with a privacy key and decrypt program, located on the sender’s secret server. To receive the private key, the sender demands the equivalent of $10,000, paid by Bitcoin, by Monday morning at 9 AM.   Now what happens?


Download ppt "Scenario Discussion."

Similar presentations


Ads by Google