Scribd
Upload
41 views4 pages

Incident Management - Rupesh

Just uploading things

Uploaded by

9550166404kk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
41 views4 pages

Incident Management - Rupesh

Just uploading things

Uploaded by

9550166404kk
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Sno.

INCIDENT SCENARIO

Employees in the finance department receive an


email that appears to be from the CEO, asking them
1 Pishing Attack
to wire money to an external account for a
confidential project.

An employee from the development team is caught


2 Insider Threat exporting proprietary code and algorithms to
his personal email.

A ransomware attack has encrypted critical files on


3 Ransomware Attack the network, and the attackers are demanding a
payment in crypto currency for the decryption keys.

A cloud storage bucket containing sensitive


4 Misconfigured Cloud Storage customer data was accidentally set to "public,"
exposing the data to anyone who has the link.

An unidentified individual was seen on security


Unauthorized Access to
5 cameras entering a server room
Restricted Area
without authorization.
CORRECTIONS RCA

Immediately inform to the the manager of finance Analyse how this mail came and analyse
and got clarify with the CEO and track the source what is the cause for getting this mail and
of the mail and block the IP from which the mail is check with our security team about why
sent. these mails are receiving.

Immediately suspend his access to the sensitive Investigate why the employee was
information and inform to the higher authorities committed to the incident. Check the
about the incident and immediately question the access rights given to the employee and
employee about the incident. investigate any unauthorized access.

Check the firewall patch updates and


analyse how the ransom attack is occurred.
The system which effected with ransomware
And check the access to the attacked
attack should be isolated. Immediately inform to
system and verify wheather there are any
the external law authorities about the incident.
critical information access to the
computer.

Analyse why this incident was happened


Immediately change the accrss from public to and investigate about the data which is
private. Also inform to the higher authorities. affected. And check wheather the data
theft was happened or not.

Security team should analyse the incident


Immediately vacate the person from the the
about why and how he entered to the
server room and informed to the security team
server room without any access. Check
about the incident.
wheaher any damage to the servers.
CORRECTIVE ACTIONS PREVENTIVE ACTIONS

Updating the security patches of the


firewall and Antivirus. Updating the strong Employee Awarness training about Pishing
password policies. Email filtering should mails.
make effective.

leagel actions to be taken on the employee


Employee Awarness training will be given to
and if needed external authorities or laws
all employees. Access controls will be given
will be involved on this. Security policies will
more strictly.
be reviewed and updated.

backup and recovery options should be


checked and retrive the effected
information if possible. Necwork security security policies should be re-checked and
patches should be updated for further updated. Employee Awarness training about
ransom attacks to be decreased. The IT security attacks.
secutity team should investigate the attack
and try to mitigate.

The data should be backed up for Review all the cloud storage buckets
maintaining the integrity. The information configurations. Maintain contunal
about the incident should be informed to monetoring of access controls. Employee
the relevant customers and stakeholders. awarness training about access control.

Investigate the person about the purpose of


unauthorized entry. This investigation Access control policies to be reviewed and
should be done with cctv footages, access updated. Awarness training to the
logs. If any damage to the servers or server employees should be given.
room should be fined to the person.
LESSONS LEARNT

Awarness about pishing mails


is important for every
employee. Importance of
patch updates.

Taking care while giving Access


controls. Every employee
should be aware of Data
security.

Importance of employee
awarness about malware and
ransomeare attacks.
Importance of security patch
updates.

Employee training and


awareness programs will be
enhanced. Regular monitoring
of access control for not
happening this kind of issues
in future.

Importance of physical
security and continual
monitoring. Importance of
Access control policies.

You might also like