Sifers-Grayson: Incidence Response Report | Homework Writers

Contact Details

  • [Insert Name]
  • Incidence response team leader.
  • Organizational unit: ICT Department, Sifers-Grayson Corporation
  • irt_leader@sifersgrayson.com
  • 602-212-9743
  • Location: 1555 Pine Knob Trail, Pine Knob, KY 42721

Incident Details

Status change (including time zone). Sifers-Grayson security defense system could not detect nor inform about the time the attack happened. However, the IT staff managed to detect the system attack due to the abnormally slow speed on the system attributed to high traffic. Additionally, malfunctioning of the company’s drones became a red flag for system attack. After tracing, the IT staff found that the IP address, 11.143.135.4, was unauthorized.

  • Location: Pine Knob, KY (42721)
  • Status: Attack already ended.
  • Cause or source of the incident: Attack originated from 11.143.135.4 and no hostname was associated with the address. The IT staff found that the attack was mainly intended to steal corporate information undetected.
  • Incidence details. The alarm was raised after realizing all system processes became too slow due to high latency usage from the malicious attack. The evidence on the logging information was sourced from the task manager.
  • Affected resources: The nature of the attack did not compromise the full functioning of the system. Nonetheless, the research and data (R&D) center servers (10.10.120.0) and the hacker managed to steal all corporate data, including codes. Additionally, the drone network has been compromised, decreasing the test range significantly. In this line, one of the company’s drone, AX10, has been stolen, and it remains untraceable.
  • Currently, the vectors of the attack and the indicators of the incidence remain unavailable.
  • Factors to prioritize: Network lagged during the attack. However, normal functionality resumed after the attack.
  • Mitigating factors: After the R&D servers were attacked, company’s blueprints and drone designs were compromised. Additionally, 20 percent of the employees’ passwords were stolen, and a malware installed into the system. The malware also affected the PROM that could help trace the stolen drone.
  • Actions performed by the IT staff: The team logged all the activities that happened during the attack as forensic evidence. In addition, the systems were all shutdown to provide room for proper security measures to be put in place.

Cause of the Incident

Cyberattacks are a common threat to many businesses. As Romanosky (2016) elucidates, there are different vulnerabilities, such as failure to update security systems that may increase the susceptibility to attacks, such as brute force attack and phishing. In Sifers-Grayson case, the attacks resulted from an overall lack of network security, improper device security, and unsecure access points. Lack of a proper systems security system created an avenue for attackers to gain access to the secure part of the system. Besides, the fact that the company has not put in place a bring your own device policy, which restricts the use of external devices in the corporate network, has increased the vulnerability for installation of malwares and viruses into the system. Furthermore, allowing unauthorized persons into secure areas within the company may have increased the possibility of physical hacking.

Cost of the Incident

Currently, the team has not managed to determine the total cost attributed to the security breach. However, Sifers-Grayson considers the documentation and coding for the AX10 as priceless. Moreover, the cost of any other damaged equipment is yet to be totaled. Other associated costs include the cleanup time and cost required by the IT staff to bring the security to a good security standing is 200 hours at $100 per hour. This makes cleanup cost approximately $20,000.

Impact of the Incidence on the Business

The attack incidence had some detrimental effect on the company’s overall reputation and its informational resources. Nonetheless, it is a necessary trigger for Sifers-Grayson to adopt best security practices to ensure any possible future threats are mitigated.

General Comments

The test made it possible to identify the system vulnerabilities at Sifers-Grayson. The section below details about the incident, key issues analysis, and the appropriate tools the company should utilize to secure the network system.

Background Overview

Analysis of software vulnerability is an integral element for ensuring companies maintain high security within their systems. At Sifers-Grayson, the company hired an external player to perform its network security test. As Barabanov et al. (2018) inform, this type of testing is performed to test the compliance with national and corporate standards of technical specifications. The test comprised of several network penetration tests and reporting of any vulnerabilities found. After extensive penetration tests, the Red Team managed to penetrate Sifers-Grayson network and revealed various security loopholes. For instance, the Red Team managed to steal information from the R&D data centers and the SCADA Lab. Notably, the two centers hold secret and classified information pertaining the company’s contract with different government agencies and private entities. With such information being held by a malicious party, the organization might suffer a big blow, such as termination of contract by the government entities. Moreover, the contract parameters hold that adequate protection of classified information. Additionally, Sifers-Grayson should store any non-classified information with a non-federal information security organization. However, violation of these terms may attract contract termination or heavy fines. The worst case scenario would be a termination of contract since it would be challenging for other companies to enter into contract with the Sifers-Grayson. Hence, the Blue Team will utilize the information provided by the Red Team to determine the best recommendations and best tools appropriate to safeguard the company’s data.

Incident Analysis

Sifers-Grayson case study reveals that the company’s network topology incorporated two wired connections, copper cabling and fiber optic connection, both of which are connected to the R&D department and a wireless connection protected through a Wireless Access Point. These connections have a protective firewall to prevent external threats. However, the test performed by the Red Team indicated vulnerabilities in both the external and internal environment security since they managed to hack the enterprise network, steal all employees’ passwords through USB devices, and took confidential files from the company’s servers.

 

A noteworthy factor worth considering is that Sifers-Grayson contracts entails government agencies that place utmost security as a prime factor. In this case, Sifers-Grayson needs to embrace WPA2 encryption for its wireless network combined with an encryption protection, such as AES. According to Abishu et al. (2017), adopting these options ensures that its wireless connection is reinforced with a strong security system. Furthermore, Abishu et al. (2017) informs that AES and WPA2 offer strong protection and are hard for hackers to bypass.

A company should consider precursors and indicators as elemental factors when handling an incidence. Importantly, precursors show the probability of an incidence occurring in the future. Indicators, on the other hand, provide details about incidences in progress or those that have already happened. The precursors to the Sifers-Grayson scenario could be the log files from the server pointing to the system vulnerability. While precursors are elemental in incidence prevention, a major challenge is understanding which precursors should fit certain incidences.

An important security measure to help boost Sifers-Grayson security system is an active directory. Sifers-Grayson can take advantages of installing Windows Active Directory, which plays a vital role in assigning of system resources based on user level. For instance, an administrator can set different groups and assign them different access privileges (Sharad et al., 2019). That way, it becomes impossible for employees to access resources they are not authorized to access in the system.

Another benefit of using an active directory in Sifers-Grayson is an active directory management services. An ADRMS operates both as a security checker for both organizational employees and intruders (Microsoft, 2016). The ADRMS limits access to company’s documents, emails, files, and webpages, using an encryption system. If a user does not have the right code, it becomes impossible to access those files.

During the post attack conducted by the Red Team, the employees were found to be a weak link in the systems security. For instance, their use of unrecognized devices and plugging them into the corporate system allowed the test team to access all employees’ login details. However, the company can solve this issue through various approaches. First, the company can perform an extensive company-wide training about system security and the importance of the employees taking their role responsibly. The training would enlighten on the dangers of using unrecognized devices in the company’s network. Moreover, the training would also detail the dangers of downloading any suspicious files, as well as enlightening them on how to detect malicious activities, such as phishing schemes. By conducting an intensive training on the employees, it would ensure that employees are at par with the company security needs.

Containment, Eradication, and Recovery (C.E.R)

There are different alternatives that Sifers-Grayson can utilize to acquire, preserve, secure, and document the evidence from the incidence. Upon handling the incidence, the company should also use a backup system to reinforce its informational system, as well as to avoid any loss or modification of data. In this case, Sifers-Grayson should rely both on offline and online backup system. Considerably, Sifers-Grayson had encountered two ransomware attacks. These would have prompted the company on the need to take appropriate precautionary measures.

Another additional approach to prevent future attacks is by implementing an intrusion prevention system (IPS) and an intrusion detection system (IDS). Accordion to Bhaksh et al. (2019), an IDS is essential in determining whether there are any looming threats within the corporate network by continuously monitoring the network traffic. The continuous surveillance of the system helps to report any event of an anomaly in the network system. Sifers-Grayson should adopt a hybrid IDS to help monitor both its network and its host systems. The threats identified by an IDS include denial of service, viruses, equipment failure, and distributed denial-of-service attacks (Bakhsh et al., 2019). Upon detection, an IDS-IPS system prevents an attack and highlights the system administrator of the malicious activity for appropriate action. In our case, if Sifers-Grayson had installed an IDS-IPS system, the IT Staff would have received an early warning about the intrusion attempt. Additionally, they would also receive the attempts by the Red Team to hack into the system during the test phase. As Granjal and Pedroso (2018) elucidates, the IDS-IPS would have logged all the activities and also blocked installation of malware into the system.

Post-Incident Activity

Follow-Up Activity

The company needs to perform thorough and regular checks on its information system to ensure it is fully functional. Appropriate actions that the IT department needs to take include regular updates on the servers, backups, and logging of system data. By taking these measures, the company will have consolidated its security to ensure that malicious activities do not reach the company’s servers.

Additionally, the firm needs to keep updated about emerging security threats so as to understand how to identify and manage them. One way to ensure that it remains ahead in this arena is by dedicating ample resources to the network security and investing heavily in any network security applications. Moreover, it needs to regularly train its IT staff and other employees regarding information systems security. Some of the activities that the IT staff need to become fully conversant with include: monitoring systems for malicious activities, reviewing documentations to ensure its consistent with appropriate incidence handling standards, regular system updates and attending to server notifications, and performing post-mortem on any affected systems in case of an incidence. An important lesson to learn from Sifers-Grayson in the corporate world is the reality of cyber-attacks. Unless an organization takes appropriate precautionary measures, there is a high risk of sustaining huge losses and terminating important relations with other companies.

 

 

References

Bakhsh, S. T., Alghamdi, S., Alsemmeari, R. A., & Hassan, S. R. (2019). An adaptive intrusion detection and prevention system for Internet of Things. International Journal of Distributed Sensor Networks. https://doi.org/10.1177/1550147719888109

Barabanov, A. V., Markov, A. S., & Tsirlov, V. L. (2018). Statistics of software vulnerability detection in certification testing. Journal of Physics: Conference Series, 1015. https://doi.org/10.1088/1742-6596/1015/4/042033

Granjal, J. & Pedroso, A. (2018). An intrusion detection and prevention framework for internet-integrated CoAP WSN. Security and Communications Network, 2018, Article ID 1753897. https://doi.org/10.1155/2018/1753897

Microsoft. (2016, August 31). Active directory rights management services overview. Retrieved from https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831364(v=ws.11)

Romanosky, S. (2016). Examining the costs and causes of cyber incidents. Journal of Cybersecurity, 2(2), 121-135. https://doi.org/10.1093/cybsec/tyw001

Sharad, S., Singh, A., Divyanshu, & Rai, A. (2019). Research paper on active directory. International Research of Engineering and Technology, 6(4), 3579-3582. https://www.irjet.net/archives/V6/i4/IRJET-V6I4761.pdf

Do My paper price
Pages (550 words)
Approximate price: -

Why Essay-writing.com

Quality Research Papers

If you’re looking for an Essay writing service to help turn all of your hard work into a product that readers can appreciate, then look no further than our essay writing website. With a team of writers who go the extra mile, and customer support representative’s around-the-clock eager to assist you, we are ready to ace any exam or provide any posterity with what they need.

Top Assignment Writers

Our essay writers are experienced professionals who have the knowledge to write an essay about any subject matter in an interesting way while maintaining academic integrity. Our professional essay writers work day and night to ensure that you receive quality essays on time without any delay or interruption. Looking to "pay someone to do my assignment"? With many years of experience behind us, our essay writing website is now led by professionals with extensive knowledge in various fields of study.

Zero Plagiarism

For any write my essay for me request, you will never need to worry about plagiarism or getting caught up in the stress of completing assignments when you use our professional services! Get started today by ordering your first paper from us and we'll give you 10% off!

24/7 Customer Support

We are available 24/7, 365 days a year to help you out with your academic needs! if you have any "do my paper" questions or technical concerns, simply chat with one of our essay writing customer service representatives via the Chat Window on the bottom right corner of this screen

Prompt Delivery and 100% Money Back Guarantee

These academic experts are distinct from most other essay writing websites because they have doctoral degrees and decades of professional experience in academia. And because they know how overwhelming college life can be, we waive all minimum deadlines so you can focus on studying without worrying about your assignment always hanging over your head.

Free Revisions

Our Academic writers are confident and highly capable to take on any challenge ranging from a simple high school essay, question and answer assignment help, PowerPoint Presentation, research paper, dissertation, among others . However, we do not allow customers who abuse the free revisions privilege.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

Place your "pay for essay" order

Fill in the homework order form and provide all details of your assignment.

Proceed with the payment

Choose the payment system that suits your "do my homework" request

Receive the final file

Once your paper is ready, we will email it to you.

Our Services

When the world rushes and deadlines increase, it's hard to put your best foot forward. The Homework help website is here to help you with top quality essays on all topics, from history papers and engineering design descriptions to sociology case studies. For any write my essay for me request, you can count on a professional team of essay writers who are well experienced and researched in their field as they develop an original paper for you with 24/7 customer support.

Essays

Homework Help Service

The assignment help website is an excellent solution for all your problems regarding writing an outstanding admission essay. You don't need to worry about anything anymore because we will provide you with high-quality papers written by expert writers who know how to write professionally!

Admissions

Paper Formats and Types

From time management skills to APA format citations; from MLA formatting rules for research papers; from college application essays where the stakes are high--all these aspects of academic life become clearer as we write it all down on paper! Essay-Writing.com is a professional essay writing service that provides students with well-researched, high quality essays on any topic and at any level of study.

Reviews

Editing & Proofreading

Some of our clients prefer to write their essays themselves and have a third-party like Essay-writing.com proofread it for errors after they are done writing. We have a skilled team of editors and assignment helpers assignment helpers who examine your paper closely, looking out for any mistakes that may lessen the appeal or effectiveness of the essay as well as make amends in order to better improve its overall quality before you submit it anywhere else! For all your editing needs, turn to Essay-writing.com

Reviews

Revision Support

You work hard at your academics, and you should be rewarded, with a revision or modification for free on any order from a discursive essay , assignment to dissertation papers.

AllEscort