“Dealing with Breaches” Please respond to the following:
- Once a breach has occurred, it’s very important to know about it. Not only does a company need to know that it occurred, but it also needs to know the scope of the damage. Was data stolen? Were files damaged? Was a back door installed that will facilitate future breaches? This is the forensic part of information security. Describe one of the topics from this week that you think would make a good episode of a crime drama like CSI. How would the main character go about solving the crime and identifying the perpetrator using the tools you’ve learned about? Have fun throwing in plot twists on your classmates’ posts.
Dealing with Breaches
One of the topics that would a good episode of a crime drama series is “Dealing with Breaches”. The main character would apply several steps in solving the security breach incident. First, the main character would have to visit the affected business and conduct the investigations from there. The first step would involve identifying the nature of the attack. In this, the main character would seek to identify the system, services, or devices that were compromised by the breach. According to Harris (2017), it is important to investigate a number of aspects concerning the breach, such as a thorough examination of the logs. The main character would start by examining the logs in search for unusual or malicious patterns. This would give clues about how the system was hacked, when the attack occurred, the data exposed, and the employees at risk of having their identity stolen.
The main character would then aim at determining the source of the attacks. In this case, the main character would evaluate whether the attack comes from a host within the network or from outside the information system perimeter. The main character would also gather the information relating to the command towers as well as the control servers used to launch the attacks. This would involve collecting information such as domain names, IP addresses, host, and other vital information. After collecting all the information, the main character can accurately verify the nature of the attack. For instance, the attack may be DDoS, data theft, remote access, or other type of attack. It is important to notify the law enforcement agencies about the data breach (Harris, 2017). The law enforcement agencies may also help in analyzing the nature of the attack to determine whether it fits a larger pattern or whether it is unique to the company.
Another critical step is determine whether the breach is specific to the company or whether it has affected the entire industry. If the breach is company-specific, the main character should determine the agenda of the attack (Fowler, 2016). A wide number of reasons including political, social, and economic reasons could have motivated the perpetrators. The main character would then seek ways to quarantine the damage and prevent further attacks from happening. The main character should identify the affected servers, computers, and other devices. These should be quarantined to prevent further attacks. Failure to quarantine may lead to the spread of the virus to other parts of the system. On the other hand, taking the entire network offline may negatively affect the business and may not solve the issue at hand.
The main character would then engage in measures to disinfect the servers, computers, and affected servers (Fowler, 2016). During this process, the main character may try to compare the backup data before infection and post infection. This would allow the main character to gain insight into the possible damage caused by the data breach. The main character should also make copies of the illegal content found in the system. The illegal content is important since it may serve as evidence in legal proceedings. Lastly, the main character should develop a communication plan on how to inform the relevant stakeholders of the data breach. The stakeholders include the customers, the investors, owners, and the public.
Fowler, K. (2016). Data breach preparation and response: Breaches are certain, impact is not.
Cambridge, MA : Syngress is an imprint of Elsevier
Harris, J. P. (2017). Dealing with a data breach: Steps commonly undertaken when employee or customer information is stolen. New Hampshire Business Review, 39(9), 12.