Reference no: EM132260335

Summary:

ABC Company is a manufacturing company that produces new technology that sells online directly to customers and retailers. The system they use is a core transactional Enterprise Resource Planning system called NEDS. NEDS is similar to many core systems that provide integrated applications on a common platform for financials, managing materials, sales distribution, and production planning (similar to Oracle or SAP).

NEDS is located in the Netherlands, while ABC Company is located in Florence, Kentucky.On June 15, 2018, James Hurd (ABC's Global Security Director) was notified that NEDSwas burglarized during business hours involving individuals stealing equipment including blackberries, iPhones, laptops and hard drives.Local police were notified and the incident was reported on that date. A police report only included identification of specific hardware that was stolen and several bicycles.

The burglary notification that was mailed was sent to a branch office of ABC Company in Mexico. James Hurd was notified by the Mexico office via email which included an attached electronic version of the burglary notification and police report on June 20, 2018. James Hurd recognized that the incident actually occurred 5 days earlier.

The letter contained the following information about the incident:

• The incident occurred in the application area that provides customapplication development and reporting for the ABC Company.

• The area that was impacted involved "potential data" used for sales analysis. Data from the ABC Company had been placed on laptops while some diagnostics were being carried out.

• Compromised data could have included customer or retailer information from 2002-2014 consisting of names, address, bank account data or credit card numbers, SKU product numbers, descriptions, quantities, Purchase Order numbers, and purchase price.

You are part of an incident response team. You will be acting with James Hurd and you need to respond to this incident. Please complete the following:

I. Prepare an IRT charter for on-site response. Typically, organizations require a charter before an IRT can be formed. A charter is an organizational document that outlines the mission, goals, and authority of a team or committee. The charter must include the typical elements such as Executive Summary, Mission Statement, Incident Declaration, Organizational Structure, Roles and Responsibilities, Information flow, Methods, Authority and reporting.

II. Using the following template, create a Security Incident Response Policy granting team members full access and authority to perform forensics and to maintain a chain of custody for physical evidence containment. Develop a SecurityIncident Response Policy for ABC Company that will be used as your reference for your evaluation of this potential data incident.

SecurityIncident Response Team-Access and Authorization Policy Template:

Policy Statement (insert policy verbiage here)

Purpose/Objectives (Insert the policy's purpose as well as its objective;use bulleted list of the policy definition. Define the security incident response team members and the authorizations and authority granted to them during a crisis or securing incident situation.)

Scope (Define the policy scope and whom it covers. Which of the seven domains of a typical IT infrastructure are impacted? What elements, IT assets, or organization-owned assets are within the scope of this policy? What access and authority are grantedto the incident response team members that may be outside standard protocol?)

Standards (Does this policy point to any hardware, software, or configuration standards? List the hardware, software, or configuration standards here and explain the relationship of these policy to these standards)

Procedures (Explain how you intend to implement this policy across the organization. Also, define and incorporate the six-step incident approach here along with how the chain of custody must be maintained throughout any evidence collection process.)

Guidelines (Explain any roadblocks or implementation issues that you must address in this section and how you will overcome them per defined policy guidelines.)

III. Upon creatingthe ABC Company'sSecurityIncident Response Policy, develop your action plan to evaluate this data incident.Capture this action plan in a PPT presentation. Include the following:(50 pts) PPT Part 1

Summarize the data incident and potential level of risk, include why?

Describe an action plan to evaluate and close the incident

Describe how the Incident Response Team Charter supported your actions

Describe how the Incident Response Policy supported your actions

Identify any issues that made the evaluation more difficult

Identify areas of future risk mitigation actions should a similar incident occur (look at the gaps or issues with this scenario)

Close the incident (NOTE: The outcome of the incident did not surface any major risks or data breach to the company, but it took the evaluation to get to this conclusion)

IV. Upon creating the ABC Company'sSecurityIncident Response Policy, evaluate the security incident described above and add the following content to the PPT created above. Please addresses the following:(50 pts) PPT Part 2

Discuss the benefits of a security incident response team

Discuss the benefits (if any) of the IRT Charter

Identify the major elements of a security incident response methodology

Align the roles and responsibilities to elements of aSecurity Incident Response team

Identify critical management human resources, legal, IT, and information systems

Identify the types of data that could potentially be impacted and what laws/regulations could be in violation of non-compliance if this data was breached

V. The four parts listed above are worth a total of 200 points and will based on the following:

• Meets Standard Criteria

• Completeness/content

• Logic of Processes and Actions (Thoroughness)

• Alignment of the Security Incident Policy components in completing and supporting the evaluation

• Completeness of the Topic (Are all the requirements met?)

• Presentation Delivery