Reference no: EM132153341

Security Operations - Group Project - Security Incident Project Summary:

ABC Company is a manufacturing company that produces new technology that sells online directly to customers and retailers.

The system they use is a core transactional Enterprise Resource Planning system called NEDS. NEDS is similar to many core systems that provide integrated applications on a common platform for financials, managing materials, sales distribution, and production planning (similar to Oracle or SAP). NEDS is located in the Netherlands, while ABC Company is located in Florence, Kentucky.

On June 15, 2016, Peter Hobbard (ABC's Global Security Director) was notified that NEDS was burglarized during business hours involving individuals stealing equipment including blackberries, iPhones, laptops and hard drives. Local police were notified and the incident was reported on that date.

A police report only included identification of specific hardware that was stolen and several bicycles. The burglary notification that was mailed was sent to a branch office of ABC Company in Mexico.

Peter Hobbard was notified by the Mexico office via email which included an attached electronic version of the burglary notification and police report on June 20, 2016. Peter Hobbard recognized that the incident actually occurred 5 days earlier. The letter contained the following information about the incident:

The letter contained the following information about the incident:

• The incident occurred in the application area that provides custom application development and reporting for the ABC Company.

• The area that was impacted involved "potential data" used for sales analysis. Data from the ABC Company had been placed on laptops while some diagnostics were being carried out.

• Compromised data could have included customer or retailer information from 2002-2014 consisting of names, address, bank account data or credit card numbers, SKU product numbers, descriptions, quantities, Purchase Order numbers, and purchase price. Project Deliverables:

You are Peter Hobbard and need to respond to this incident by taking action immediately. You will need to complete the following:

1. Develop an Incident Response Policy for ABC Company that will be used as your reference for your evaluation of this potential data incident (No second attachment, add your Incident Response Policy as an Appendix A to your paper and referenced in your presentation).

2. Upon developing ABC Company's Incident Response Policy, evaluate the incident described above:

a. Summarize the data incident and potential level of risk, include why?

b. Upon identifying the types of data that could potentially be impacted and what laws/regulations could be in violation of non-compliance if this data was breached

c. Develop your action plan to evaluate this data incident (include your rationale for why the steps were necessary)

d. Describe how the Incident Response Policy supported your actions

e. Identify any issues that made the evaluation more difficult

f. Identify areas of future risk mitigation actions should a similar incident occur (look at the gaps or issues with this scenario)

g. Close the incident (NOTE: The outcome of the incident did not surface any major risks or data breach to the company, but it took the evaluation to get to this conclusion) 3.

Please note the following criteria:

(A) Research Paper:

• Research Paper must be in APA Style

• Research Paper must have at least 5 works cited of which 2 must be peer reviewed works/articles (note your book can be included as a reference)

• Must be double-spaced of at least 15 - 20 pages

• The Policy will be an Appendix and does not count toward the 15-20 page requirement

• Graphs, illustrations and spreadsheets are allowed and must be reported according to APA guidelines