This activity will address module outcomes 1, 2, 3, and 4. Upon completion of this activity, you will be able to:
Identify why it is important to have a pre-established incident response plan. (CO 1, 2)
Analyze the importance of information sharing throughout the attack cycle. (CO 1, 4, 6)
Analyze how some breaches are detected. (CO 1, 2, 5)
Evaluate various response efforts (CO 1, 3)
Earlier in the module, we reviewed attack detection and response regulations, recommendations, policies, and plans. We also looked at the benefits of information sharing. When thinking about detection and response, it is important to also recognize that many breaches go undetected for long periods of time. Also, response efforts are not only limited to the internal parts of the organization. Response efforts may include communication to the public or steps that involve diplomatic or legal approaches, for example. For this assignment, we will look at a few case studies and examine how and when some breaches are discovered as well as various responses to attacks.
Please select one of the following attacks to review. You may also use outside reference material. Cite all reference material used.
Target:
Riley, M., Elgin, B., Lawrence, D., & Matlack, C. (2014). Missed alarms and 40 million stolen credit card numbers: How Target blew it. Retrieved from https://www.bloomberg.com/news/articles/2014-03-13/target-missed-warnings-in-epic-hack-of-credit-card-data
Yahoo:
Perlroth, N. (2016). Yahoo says hackers stole data on 500 million users in 2014. The New York Times. Retrieved from http://www.nytimes.com/2016/09/23/technology/yahoo-hackers.html?_r=0
Stuxnet:
Nakashima, E., & Warrick, J. (2012, June). Stuxnet was work of US and Israeli experts, officials say. Retrieved from https://www.washingtonpost.com/world/national-security/stuxnet-was-work-of-us-and-israeli-experts-officials-say/2012/06/01/gJQAlnEy6U_story.html?utm_term=.5836e8816a74
Card Systems Solutions, Inc:
Krim, J., & Barbaro, M. (2005, June). 40 Million credit card numbers hacked. Retrieved from http://www.washingtonpost.com/wp-dyn/content/article/2005/06/17/AR2005061701031.html
Select one of the documents above and discuss the following:
What breach did you select?
What is the background of the attack?
Was the breach detected right away?
How much time (approximately) went by before the breach was discovered and reported?
Did the victim organization determine the extent of the breach? If so, explain.
What was the response? (Think about the various types of response and comment Political/Diplomatic/Legal, Technical, Corporate).
Finally, when considering response and recovery, it can be important to understand how to address security flaws. Cryptography is important but can be difficult to implement. There are also ways to bypass authentication. Select two flaws from the article below and discuss how to avoid them. Do you have any recommendations regarding the attack you selected?
Arce, I. et al. (n.d.). Avoiding the top ten software security design flaws [PDF file size 1.9 MB]. Retrieved from: https://www.computer.org/cms/CYBSI/docs/Top-10-Flaws.pdf