7-2 Final Project Milestone

.docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

549

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

Uploaded by CountWildcatMaster7

7-2 FINAL PROJECT MILESTONE FOUR Statements of Policy Hanah Deering IT-549 Foundation in Information Assurance

Incident Response Protocols Targets incident response protocols are critically important in the event of any type of cybercrime, data loss, and loss of availability that threatens daily business functions. These protocols identify a structured process that Target follows to identify and respond to already identified vulnerabilities or security emergencies. Essentially, how does Target handle identified vulnerabilities that exist within the organization, and what is the process that is followed in the event of a data breach? Following sufficient incident response protocols provides Target with a course of action in the event of significant incidents. Incidents can lead to massive data breaches, as Target has already experienced, that not only affect the organization directly, but also its customers. These impacts can be felt for days or even months. This is why thorough, detailed incident response protocols need to be followed to help Target stop, contain, and control the incident at hand. Some of the vulnerabilities and threats of Target that has been affecting information assurance and best practices are:  Unsegmented Network – Network segmentation is when an organization breaks a larger network, into smaller parts to improve network performance and the security of the overall network. Target’s use of an unsegmented network presents attackers with a greater attack surface. This allows attackers to move laterally through a network, and potentially accessing critical information easily. After an attacker can gain access to Targets internal network, attackers are able to easily install malware/ransomware due to the lack of separation throughout the internal network, maximizing the number of hosts that the attacker can exploit. Creating segmented networks makes the overall management of the

network easier and ensures critical parts of the network are isolated in the event of a security breach.  Social Engineering Un awareness of Employees/Phishing Emails – Social Engineering attacks rely on the weaknesses within humans (employees) for attackers to gain unauthorized access to internal Target systems. Attackers will use manipulation methods such as phishing emails to get credentials (username and password) that will allow attackers to exploit data. It is important that Target employees and vendors know their importance of protecting the front line against attackers and are aware of how to properly identify phishing attempts and the repercussions that come from falling for social engineering.  Improper configuration of Intrusion Detection Systems – Intrusion Detection System’s (IDSs) “ use heuristics and complex machine learning algorithms based on behavioral modelling to make intelligent guesses. ” (Proud, 2018) Target had a deployed IDS Fire Eye that was improperly acknowledged when throwing alarms to let the security department know that there was an attacker within the network. Had the security staff followed the proper incident response protocols, the attacker would have never made it to the Point-of-Sale (POS) systems to install malware. It is important that baselines of behavior be created on all alarm systems, and security personal are properly training on how to handle incident response.  Third-Party Vendor Assessments – Target works with third party vendors daily, and some of these third-party vendors have access to Targets internal systems. We saw this in the 2013 Target data breach when a HVAC company was remotely accessing Targets HVAC systems. Granting third party vendors access to internal networks can affect the security

of the organization without proper vendor management. Properly evaluating the security posture of third-party vendors mitigates this persistent threat to Target. Ensuring that third parties have strong security practices and are compliant with appropriate compliance certifications, addresses the security posture of who Target allows to access their system. As these are just some of the threats and vulnerabilities that are present to Target, it is important that the company responses to any incident that may occur because of the security threats. Following incident response protocols guides the entire organization through an incident to ensure that the business can return to normal operations in a timely manner and reduce the risk of data exploitation. Incident response protocols are often initiated as soon as an IDS alarms, in which at that point the incident response team oversees following incident response protocols to resolve the incident. These guides against the different type of threats/vulnerabilities are usually outlined in organization playbooks. Referring to the identified threats/vulnerabilities above, lets identify the incident response protocols:  Unsegmented Network – After an attacker can breach the perimeter of a network, it is critical to isolate any devices or systems that have been identified. This can mean closing any identified asset (whether it’s an account, device, or system) to prevent attackers from exposing anything further. After the effected asset is isolated, incident response protocols must be extended to examining the damage. This involved assessing what systems/data has been access so then the organization is better equipped to deal with the breach.  Social Engineering – It is important for Target to bring social engineering awareness to its employees. Employees are the first line of defense against attackers, and being aware of what phishing attempts look like are critical in the success of the organization’s security posture. Incident response protocols against this threat include raising social engineering

awareness measures by annual phishing trainings and monthly phishing simulations for employees. If an attacker is successful at a phishing attempt, it is vitally important that the employee knows how to properly report the successful attempt. Once management is notified of compromise credentials, the employees compromised account needs to be shut down to mitigate the exposure of information through their access. New firewall rules will also be a part of Targets incident response protocol, given that these firewall rules will control who can access what, from where.  Intrusion Detection System – One of the reasons that the 2013 Target breach was successful was because the alarms that the IDS went unnoticed and not responded to. If an IDS triggers an alarm, it indicates that there is or has been an attack. The Incident Response team first needs to acknowledgement of the alarms, even if it was a false- positive. Once the team can determine if the attack was legitimate or not, the attack needs to be investigated, this also entails gathering indicators on compromise. At this point, Target personal will determine the extent of exposure (what data was exploited). Following the correct incident response protocols will ensure that alarms by security tools are taken seriously before they seriously affect the data/information within Targets systems.  Third-Party Vendor Assessment – It is unavoidable that organizations like Target will engage in multiple third-party vendor relationships. This is why it is vitally important for Target to have a solid vendor management program to properly address and vet vendors cybersecurity posture and security practices to ensure that the vendor themselves are not risks to the organization. If a third-party vendor experiences a breach, it is important for Target to ensure that their information/access has not been compromised as well. Incident

Your preview ends here

Eager to read complete document? Join bartleby learn and gain access to the full version

Access to all documents
Unlimited textbook solutions
24/7 expert homework help