Description
For this assignment, you will evaluate the current incident response processes that were initiated in response to the breach, as well as create a flowchart for a new incident response process.
Specifically, you must address the following critical elements:
Incident Response: In this section, you will evaluate the incident response processes that were initiated in response to the breach.
Purpose: Define the purpose of the incident response plan.
Examples: Define an incident with at least five examples of that incident (e.g., unauthorized access).
Roles and Responsibilities: Define roles and responsibilities of the stakeholders involved in the incident.
Current Incident Response Process: Discuss the current incident response process within Limetree Inc., including current shortcomings.
Actions: Describe the incident response actions that were initiated to minimize the impact of the breach.
Business Continuity: Evaluate these incident response actions for their effectiveness in allowing the business to resume normal system operations after the breach.
New Incident Response Process: Create a flowchart for a new incident response process.
Unformatted Attachment Preview
ISE 510 Milestone Two Guidelines and Rubric
Incident Response
Overview
You have been hired as a cybersecurity professional to conduct a security assessment on Limetree Inc.’s systems and processes to identify the root cause of the security breach and discover additional
vulnerabilities that could impact Limetree’s operation in the future. Your assessment of Limetree Inc.’s environment will be conducted by reviewing the Final Project Scenario document (located in
Module Five of your course). For part of this assessment, you will incorporate into your analysis the results of the interview with Jack Sterling (security manager) found in the scenario, and you will be
able to identify vulnerabilities related to systems security, personnel and administrative security, and physical security, relating these to the breach from your physical vulnerabilities short paper from
Module Three.
Prompt
For this assignment, you will evaluate the current incident response processes that were initiated in response to the breach, as well as create a flowchart for a new incident response process.
Specifically, you must address the following critical elements:
III. Incident Response: In this section, you will evaluate the incident response processes that were initiated in response to the breach.
A. Purpose: Define the purpose of the incident response plan.
B. Examples: Define an incident with at least five examples of that incident (e.g., unauthorized access).
C. Roles and Responsibilities: Define roles and responsibilities of the stakeholders involved in the incident.
D. Current Incident Response Process: Discuss the current incident response process within Limetree Inc., including current shortcomings.
E. Actions: Describe the incident response actions that were initiated to minimize the impact of the breach.
F. Business Continuity: Evaluate these incident response actions for their effectiveness in allowing the business to resume normal system operations after the breach.
G. New Incident Response Process: Create a flowchart for a new incident response process.
What to Submit
Your incident response evaluation should be 2 to 3 pages in length and should be submitted as a Microsoft Word document (or equivalent) using 12-point Times New Roman font, double spacing, oneinch margins, and at least three sources cited in APA format.
Milestone Two Rubric
Criteria
Incident Response: Purpose
Exemplary (100%)
Exceeds proficiency in an
exceptionally clear, insightful,
sophisticated or creative
Proficient (90%)
Defines the purpose of the
incident response plan
Needs Improvement (70%)
Not Evident (0%)
Value
Shows progress toward
proficiency, but with errors or
omissions
Does not attempt critical
element
13
sophisticated, or creative
manner
Incident Response: Examples
Exceeds proficiency in an
exceptionally clear, insightful,
omissions
Defines an incident with at least
five examples of that incident
sophisticated, or creative
manner
Shows progress toward
proficiency, but with errors or
Does not attempt critical
element
13
omissions
Incident Response: Roles and
Responsibilities
Exceeds proficiency in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Defines roles and responsibilities
of the stakeholders involved in
the incident
Shows progress toward
proficiency, but with errors or
omissions
Does not attempt critical
element
13
Incident Response: Current
Exceeds proficiency in an
Discusses the current incident
Shows progress toward
Does not attempt critical
13
Incident Response Process
exceptionally clear, insightful,
sophisticated, or creative
manner
response process within
Limetree Inc., including current
shortcomings
proficiency, but with errors or
omissions
element
Incident Response: Actions
Exceeds proficiency in an
exceptionally clear, insightful,
sophisticated, or creative
Describes the incident response
actions that were initiated to
minimize the impact of the
Shows progress toward
proficiency, but with errors or
omissions
Does not attempt critical
element
13
manner
breach
Incident Response: Business
Continuity
Exceeds proficiency in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Evaluates incident response
actions for their effectiveness in
allowing the business to resume
normal system operations after
the breach
Shows progress toward
proficiency, but with errors or
omissions
Does not attempt critical
element
13
Incident Response: New
Incident Response Process
Exceeds proficiency in an
exceptionally clear, insightful,
sophisticated, or creative
manner
Creates a flowchart for a new
incident response process
Shows progress toward
proficiency, but with errors or
omissions
Does not attempt critical
element
13
Articulation of Response
Submission is free of errors
related to citations, grammar,
Submission has no major errors
related to citations, grammar,
Submission has major errors
related to citations, grammar,
Submission has critical errors
related to citations, grammar,
5
spelling, syntax, and organization
and is presented in a professional
and easy to read format
spelling, syntax, or organization
spelling, syntax, or organization
that negatively impact
readability and articulation of
main ideas
spelling, syntax, or organization
that prevent understanding of
ideas
Uses citations for ideas requiring
attribution, with few or no minor
Uses citations for ideas requiring
attribution, with consistent
Uses citations for ideas requiring
attribution, with major errors
Does not use citations for ideas
requiring attribution
errors
minor errors
Citations and Attributions
Total:
4
100%
1
Unveiling the Vulnerabilities and Crafting a Resilient Data Security Strategy at
Securing Limetree Inc.
Jacob Brumit
Southern New Hampshire University
ISE510
2
Unveiling the Vulnerabilities and Crafting a Resilient Data Security Strategy at Securing
Limetree Inc.
Limetree Inc. is a firm that deals with research and development. It collaborates its
activities with a host of private corporations and agencies of the federal government. The
company is now at a critical point where it is readying itself to become one of the pivotal
players within the fields of biotechnology and healthcare. The stakeholders hope to realize
this feat through unprecedented technological advancement. Over the recent past, the firm’s
growth has surged. Unfortunately, though, the success has made it a prime target of online
attacks. As a response to the escalating threat of being attacked, the stakeholders have
appreciated that there exists a pressing need for a reliable information security system that
would be geared towards the protection of its most valuable assets (that is, its data).
Security Breach
In this section, issues to do with attack location, attack type and method, as well as the
various vulnerabilities are discussed at length.
Attack Location
The security breach involved the infiltration of the of the most important aspects of
the operations of Limetree Inc. The attackers managed to compromise valuable pieces of
data. The most affected ones included the personal health information (or PHI). In essence,
therefore, this was a deliberate act of targeting the firm’s most critical resource (its data). It is
also worth noting that the hacking was sophisticated. The fact that it undermined operations
in a significant manner underscores the need to conduct in-depth studies in order to come-up
with reliable solutions to the challenge of security breaches and other related problems (Farid,
Warraich, & Iftikhar, 2023).
3
Attack Method and Type
The breach seems to be carefully orchestrated, and the attackers leveraged the
vulnerabilities which were already existing in the processes associated with the use of the
Limetree Inc.’s system. They exploited the weaknesses found in the MS Edge browser, and
they capitalized on the fact that its settings fail to facilitate an adequate level of security. The
manner in which the settings were implemented allowed for the installation of malevolent
applets from a remote location (Farid et al., 2023).
MS Edge browser is set in way that provided the perpetrators with a gateway to the
organization’s critical databases as well as applications. The attackers seem to possess a
remarkable level of ingenuity, and they must also have been thinking strategically. The breach
itself was a well-coordinated, meaning that they took time to plan. This was a serious security
breach where confidential and critical company data was being stolen. Those involved
exploited the vulnerabilities within the processes and the system at large (Tejay &
Mohammed, 2023).
Vulnerabilities
An analysis of the way in which the breach was orchestrated shows there is the
existence of a confluence of weaknesses. Each of them tends to play a particular role; and
together, they end up compromising the information fortress of Limetree Inc. in a significant
manner. Among the vulnerabilities include inadequate browser security settings, weak
segmentation of the network, unencrypted data, lack of incident response plan, as well as
absence of a reliable security policy (Alshaikh et al., 2023).
Inadequate Browser Security Setting
The stakeholders were utilizing MS Edge, and they had configured it in a manner that
offered minimal security. This was a major weakness in the organization’s cyber integrity.
The vulnerability was exploited through the installation of malicious applets. In essence, the
4
unauthorized parties managed to circumvent the standard restrictions available on the MS
Edge browser.
Weak Segmentation of the Network
The network lacks robust authentication and segmentation. There are no distinctions
between access through wireless and the wired LAN. Therefore, there is an unguarded
avenue via which the attackers can have an unauthorized access. Indeed, it is the weak link
within the network chain that happens to be an exploitable entry point into the system. Unless
this issue is addressed, it is possible that attackers will continue to have an unrestrained
access into the system.
Unencrypted Data
Sensitive pieces of information which are within the Limetree Inc.’s database are
unprotected. It is particularly noteworthy that the data in question is not encrypted. This is an
oversight that exposed the organization to the possibility of an unauthorized access and the
extraction of PHI (Lali & Chakor, 2023). Indeed, this is exactly what happened in this case.
The very fabric of information security at Limetree Inc. seems to be unravelling.
Lack of Incident Response Plan
The vulnerability that is being experienced at Limetree Inc. extends far beyond the
technical aspect. Indeed, it does also have a human component. There is an absence of critical
security-related policies. This includes the lack of a dedicated security awareness program.
As a consequence, many of the users are uninformed, and their practices are apparently
unregulated. The lack of a security policy has inadvertently contributed to the organization’s
susceptibility (Alshaikh et al., 2023).
Absence of a Reliable Security Policy
Another major challenge is the lack of an incident response plan. This security breach
has laid bare the fact that Limetree Inc. is unprepared. This is why it was unable to handle the
5
security incident in an appropriate manner. The organization does not maintain a documented
incident response plan. This is hindering the firm’s ability to counteract in a quick and
effective manner. The lack of an incident plan exacerbates the effect of the breach, and the
same is bound to happen in the future if an effective incident response plan is not put in place
(Farid et al., 2023).
Conclusion
The breach has made it apparent that Limetree Inc. is at a critical point in its
operations. The fact that the attackers realized their mission laid bare the need for a
comprehensive reassessment of the firm’s data security posture. Together with the loopholes
introduced by the lack of the network segmentation, the absence of reliable security policies
is making it far easier for the attackers to succeed in their missions (Tejay & Mohammed,
2023).
The stakeholders need to unveil the roadmap for improvement. The commitment to
the fortification of its defenses ought to be more than a response to just a single isolated
incident. It ought to be strategic in nature, such that it can help avert a range of challenges in
the future. In essence, it is imperative to be proactive in the effort to safeguard Limetree Inc.’s
operations. This would enable the company to maintain its reputation while also fueling its
research and development endeavors (Lali & Chakor, 2023).
6
References
Alshaikh, M., Chang, S., Ahmad, A., Maynard, S. B., & Alammary, A. (2023, August 07).
Embedding information security management in organisations: improving
participation and engagement through intra-organisational Liaison. Security Journal,
36, 530–557. https://doi.org/10.1057/s41284-022-00352-3.
Farid, G., Warraich, N. F., & Iftikhar, S. (2023). Digital information security management
policy in academic libraries: A systematic review (2010–2022). Journal of
Information Science, 0(0). https://doi.org/10.1177/01655515231160026.
Lali, K., & Chakor, A. (2023, May 8). Improving the security and reliability of a quality
marketing information system: A priority prerequisite for good strategic management
of a successful entrepreneurial project. Data and Metadata, 2, 40.
https://dm.saludcyt.ar/index.php/dm/article/view/40.
Tejay, G. P. S., & Mohammed, Z. A. (2023). Cultivating security culture for information
security success: A mixed-methods study based on anthropological perspective.
Information & Management, 60(3), 103751.
https://doi.org/10.1016/j.im.2022.103751.
1
Kickoff Agenda
Jacob Brumit
Southern New Hampshire University
ISE510
2
Introduction: Limetree Inc. is a research and development firm that assists the federal
government and other private corporations in various areas such as healthcare and biotechnology.
Due to major growth with the company it has been targeted recently through online attacks.
The internal workspace environment consists of cubicles separated by glass with each
cubicle containing a locking cabinet for personal and business items. Management and executive
offices are located throughout the edges fo the work areas and have glass doors and walls made
with privacy glass.
Mr. Jack Sterling the security manager gave an interview where he outlined Limetree
Inc’s system and the processes. As the Chief Executive Office (CEO) ,Chief Information Officer
(CIO), Network Manges, IT manager, Senior Employees and investors are here for the meeting
Mr. Sterling gave an interview which is as follows:
Hardware/Software:
1.Applications such as MS edge and office, firefox, google chrome, adobe flash and
acrobat.
Applications/Databases:
1.Main browser is MS edge with minimal security settings and allows for remote
installation of apps with no standard browser
2. Virus Software: McAfee is on all machines and mandated monthly updates
3.SQL Database: User privilege can be escalated with and SQL Agent. Disk space
will overwrite date when full with new data. Sensitive data is not encrypted while at
rest within the server.
Network
1.Three web/applications servers
3
2. Three mail servers
3. Five file and printer servers
4. Two proxy servers
5. Seven Cisco Switches
6. Multiple Desktops
7. Three firewall devices
8. One router for internet with three wireless access points
Configuration
1.Wireless is available and visitors are given access codes but there isn’t
segmentation or authentication between wireless and wired local area network
(LAN).
2. No logging of network activities.
3. Firewall configuration is secure and logs will be reviewed when suspicion of a
security event is suspected.
4. Users determine their password and only other requirement is that it is changed
yearly.
5. IT manager determines changes to the network and notify user immediately after
changes.
Documentation
1. No security policy or computer use policy
2. No documented process for changes to the system
3. No contingency plan
System Backup
4
1. Conducted daily by network administrator, tapes are kept inside the computer
room.
Personnel/Physical Security
1. No security awareness training, email’s are sent monthly regarding emerging
threats.
2. Visitors must sign-in prior to seeing employees.
3. Virtual Private networks allow for remote connection however, the hard drives are
unencrypted just like company desktops.
4. Users are allowed to bring privately owned laptops to connect to the company
system.
Questions:
Why is there no security awareness training for all employees?
Why is browser security set to low?
Why is remote installation allowed?
Why are hard drives on both desktops and VPN capable laptops unencrypted?
Why are visitors allowed to connect to wireless network where there is no way to
track who has access and what they are doing the access?
Why is there no established Incident Response Plan for the company?
Conclusion
5
Many of the above questions cause great concern for the company as it shows that even
with the growth of the company that it is susceptible to attacks that at the end of the day can
cause harm to the company.
Purchase answer to see full
attachment
