You work as a security administrator of a large department store chain or choose another large corporation of your choosing

Instruction Details

You work as a security administrator of a large department store chain or choose another large corporation of your choosing. You believe that there has been a breach in the VPN where an employee has stolen data using a personal laptop along with using the company assignment computer. You review the logs from the IDS, remote access systems, and, file servers and confirm this belief. Your employer wishes to gain access to the personal laptop used for the breach to determine the full extent of the data stolen. The guilty employee’s lawyer claims that the laptop is not identifiable.

  • formal document to the CEO of the company to account for your findings, tools used to solve the breach and what steps will be taken to prevent this type of breach from happening again. You will also need to a press release to the Public regarding this breach.
  • disaster recovery plan for the employees and vendors in case of a breach.
  • Things to consider: What would best be used to identify the specific laptop used for the theft? How would you acquire the identifying information? List some items that would NOT be useful to identify the specific computer used by the insider.
  • Post your press release to the discussion board so that your classmates can ask questions (they are your news reporters). You should respond to your classmates as appropriate.
  • All documents will be turned in to the instructor as a part of the Final Project.

Sample Answer (Order for an Original Paper)

Security Breach Investigation Report and Prevention Measures

Date: [Date]

To: [CEO’s Name]

CC: [Other Relevant Parties]

From: [Your Name]

Position: Security Administrator

Dear [CEO’s Name],

I am writing to provide a detailed account of the recent security breach that occurred within our organization, the investigative tools employed to ascertain the breach, the steps taken to mitigate its impact, and the measures we plan to implement to prevent similar incidents in the future.

Summary of Breach Investigation: After conducting a thorough review of the logs from our Intrusion Detection System (IDS), remote access systems, and file servers, I can confirm that a security breach occurred within our Virtual Private Network (VPN). It was discovered that an employee misused company resources to steal sensitive data, employing both their personal laptop and the assigned company computer.

Identifying the Breach Source: Through comprehensive analysis of the log data, it was determined that the breach was carried out using two distinct devices: the employee’s personal laptop and the company-assigned computer. To ascertain the identity of the personal laptop, I employed various digital forensic tools to analyze the data trail left by the device during the breach. This process involved examining IP addresses, MAC addresses, authentication logs, and other digital signatures that would uniquely identify the laptop.

Acquiring Identifying Information: Through the deployment of advanced digital forensics tools and techniques, I was able to extract identifying information from the logs, which allowed me to pinpoint the specific personal laptop used by the employee during the breach. This information was crucial in substantiating our findings and building a solid case.

Items Not Useful for Identification: Certain items are not useful for positively identifying the specific computer used by the insider, such as:

  • Device names: Device names can be changed, and they might not be unique identifiers.
  • IP addresses: IP addresses can change, and multiple devices might share the same IP address within a network.

Preventive Measures: To prevent such breaches from occurring in the future, we are implementing the following measures:

  1. Enhanced Access Controls: Strengthening authentication mechanisms and enforcing least privilege access.
  2. Data Loss Prevention (DLP) Systems: Implementing DLP systems to monitor and prevent unauthorized data transfers.
  3. User Behavior Analytics: Employing user behavior analytics to detect anomalous activities and potential insider threats.
  4. Regular Security Training: Conducting mandatory security awareness training for all employees to educate them about security best practices and risks.

Disaster Recovery Plan: In the event of a security breach, we have devised a comprehensive disaster recovery plan that outlines clear steps for employees and vendors to follow. This plan includes:

  • Immediate containment and isolation of affected systems.
  • Notification of relevant parties, including legal authorities, if required.
  • Communication protocols for internal and external stakeholders.
  • Post-breach analysis to understand the extent of the compromise and potential data loss.

Press Release to the Public:

[Your press release text here]

I am confident that by implementing these measures and fostering a culture of cybersecurity awareness, we can significantly reduce the risk of such breaches and ensure the protection of our sensitive data and assets.

Thank you for your attention to this matter. Please feel free to contact me if you require any further information or clarification.

Sincerely, [Your Name] Security Administrator

Related Questions

Question 1

Review the following scenario:

An aircraft manufacturing company located in California, with contacts in the U.S. government, had a data breach. Data stolen included employee records containing employee names, addresses, social security numbers, and bank account numbers. It also included current aircraft blueprints. It was determined that the breach occurred due to an open remote access computer an employee set up with a simple password, for ease of working from home.

After reviewing the scenario, list the laws that impact this data breach. Describe the steps the company has to take in order to comply with the identified laws. Also, describe the IT controls the company needs to set up for information security in order to prevent a similar breach in the future.

You must cite examples from state breach notification laws and FISMA.

Question 2

Scenario

The senior network architect at Corporation Techs has informed you that the existing border firewall is old and needs to be replaced. He recommends designing a demilitarized zone (DMZ) to increase network perimeter security. He also wants to increase the security of network authentication, replacing the current username and password approach.

Tasks

For this part of the project, perform the following tasks:

  1. Research and select firewalls for the Corporation Techs network.
    1. Describe each firewall, why you selected it, and where it should be placed for maximum    effectiveness.
    2. Address network, server, and workstation firewalls.
  2. Describe a plan for creating a DMZ and explain how it makes the network more secure.
  3. Research network authentication and create a high-level plan for secure authentication to internal network resources.
  4. Create an APA 7 style report detailing all information as supportive documentation.
  5. Cite your sources both in-text and in the references section of the report.
  6. Modify the enhanced network topology from project part 1 to show your DMZ design.(below)
  7. Make sure your topology is well-documented.
  8. Use proper network appliance icons – no flow chart symbols.

Complete Answer:

Get Instant Help in Homework Asap
Get Instant Help in Homework Asap
Calculate your paper price
Pages (550 words)
Approximate price: -