Security Incident Report
Using the NIST Computer Security Incident Handling Guide, develop a security incident report for a recent information security incident involving a data breach in the organization that was discovered by you and your team. The assumed audience for the report is senior officials, CIO, CSO, and CTO of the organization.
Be sure the following sections are present:
- Detection
- Response
- Mitigation
- Reporting
- Recovery
- Remediation
- Debriefing (Lessons Learned)
Introduction
American Express Credit Card contracted the outsider contractor company, Datalink Information Security, Pen Testing InfoSec, because of its recent data breach into their critical server handling client sensitive identifiable data like names, social security numbers, address, and birth dates. American Express gave necessary permission to Datalink to conduct a penetration assessment on its network. The contractor effectively penetrated the American Express networks and acquired access to the firm’s critical server that it houses within the data center’s servers via an unsecure network connection. Further, the arbitrary location of the meterpreter exploit within the headquarters office provided the group the required access to the workers’ credential, including their logins that provided authentication to the firm’s sensitive information and restricted locations. Lastly, the workers hastily gave the ‘Red Team’ authentication to the critical servers via a controlled environment that led to them being capable of acquiring control of the servers and installing malware throughout the organization’s network.
Scenario overview
Datalink Information Security scored a contract with the American Express Credit Card Services, a firm that necessitated additional cyber security procedures to be adopted to its data center and the critical production services. In this case, they would have to comply with the NIST publications and the Privacy Act provisions, the novel regulations that are needed to guarantee that the private and sensitive data from the American Express would be promptly protected from unauthorized users. However, the application of unprotected network connections allowed third-party individuals to access the clients’ sensitive information, resulting in detrimental impacts to the company.
Detection
Presently, American Express entails both wired and wireless network connections. The wired connection has remained not entirely protected since merely a single access point possesses an effective firewall. A single installed firewall between the information center to the cyberspace source leaving the database and its offices that are prone to cyber threats. Further, the connection requires to be secured from every point of access to be able to safeguard the firm from any cyber adversaries (Sornsuwit & Jaiyen, 2019). The application of the unprotected network connected easily allowed the Red Team to acquire access to the data center; thus, any other third-part individual with minimal skills of hacking could access the unsecured network and gather all the private client data. This is an apparent violation of the novel regulation implemented by the Privacy Act and NIST needing the Datalink information security to guarantee that the private and sensitive data from the American Express Card clients’ services are effectively protected from unlicensed users.