RESP 2

   RESPOND TO THESE DISCUSSION POST BASED ON THE TOPIC “1. Identify and research a recent incident using the Internet. o  Were you able to identify the root cause of the incident?  o  Were you able to identify any indicators of compromise? 2. Did the organization have an incident response program?” When responding to your peers identify key points of their discussion that present significant benefits or challenges to an incident reponse program. (TWO (2) PARAGRAPHS EACH WITH REFERENCES ON EACH OF THEM SEPARATELY, NOT TOGETHER) 1KnnTH P chicagoVRE One of the breaches I found occurred in the Summer of 2017 and involved the loss of 1.8 million Chicago voter records that were available to be accessed.  The company whom was responsible for the maintenance of the servers that exposed the records was a Nebraskan company that apologized for the issue.  The root cause was identified as a server misconfiguration that took the server from a private server to a publicly exposed one (Larson, 2017). Hosted at Amazon’s private offering, the company was handed a server environment that properly configured and then made adjustments that broke the company’s security policy. In this case, there was no confirmation that the break of PII was exposed, but most companies, unless they are publicly-traded, make too much of an immediate effort to publish their wrong-doings. The companies will but seems to take a long period of time before the reason is known. A quote from the CNN article said, “It’s really kind of an epidemic that people don’t have any idea about,” Vickery said. “System administrators leaving things open and exposed to the public internet is like a cancer on security.” There was no mention of any indictors or any immediate reference of an Incident Response Plan. It can be assumed that if they had one, there was an Ad Hoc desire to admit their mistake and they quickly admitted to it as the breach took place on August 11, 2017 (Sullivan, 2017). 2.JuLE PH winter OA The cyber incident that I was able to research was a cyber shutdown during the Pyeongchang Olympics opening ceremony. The internal internet and Wi-Fi systems were shut down during the opening ceremony of the Winter Olympics in Pyeongchang, Korea (dw.com, 2018). There was a list of cybersecurity teams that investigated what happened. There were several warnings that the organizations at the Olympics could be targeted by malware phishing attacks (dw.com, 2018). The malware that was used was dubbed, “Olympic Destroyer” (Spangler, 2018). The cyberteams that were involved in the cleanup of this attack are not letting anyone know how they went about fixing the situation. Although, Cisco Systems Talos Security Intelligence and Research Group discovered that the malware payload  had 44 usernames and passwords of the Olympic Staff Memebers (Spangler, 2018). The planning of this attack reaches back as far as December 27, 2017, so this was a clearly planned attack (Spangler, 2018). If the Olympic committee would have taken the warnings seriously and had an incident response plan, this would have been cleared up before it could have been written in the news, although, with the tightlipped teams, they might have had an IRP in place and that is how the malware was not able to create extensive damage. 3.RchD CH:Discc2,1 In 2013, Target Corporation suffered a major data breach. Cyber-criminals managed to steal 70 million personal information including 40 million credit card numbers (McCoy, 2017). Hackers infiltrated Target’s network using stolen network credentials from a third-party vendor that provided heating and air conditioning services for Target. The unauthorized access allowed the hackers to upload and run malware programs on Target’s Point of Sale (POS) systems (Krebs, 2014). Target ignored two security warnings from its own installed security system called FireEye. FireEye is a security system created by the CIA and it cost  Target about $1.6 to install it. It sits between Target’s network and the internet. FireEye detected the malware and the cyber-attack as soon as it begun (Riley, Elgin, Lawrence, & Matlack, 2014). FireEye system sent two e-mails alerts that were ignored by Target’s security team.  The company had an incident response program, but its Computer Security Incident Response Team (CSIRT) lacked the proper training to handle security events and prevent them from becoming security incidents. It is important for a company’s incident response program to include training and continuing education for IT staff. For instance, CSIRT ignored the warning alerts generated by FireEye since they were not familiar or trained on the system. Furthermore, CSIRT turned off a feature of FireEye that could have detected and eradicated the malware automatically (Riley, Elgin, Lawrence, & Matlack, 2014) PLEASE READ THIS.IT IS VERY IMPORTANT Allow your discussion posts to be detailed and capable of sharing knowledge, ideas and points.  You must discuss the topic using your own words first.  Using your own words indicate you understand the topic of discussions.  Secondly, you must cite your sources in-text.  This is necessary to justify your points. Sources from several sources showed good research abilities.  Lastly, you must provide references at the bottom of your post.  A discussion post without justification with sources does not show proper research abilities. A terse and not detailed discussions represent post that would not provide enough sharing of knowledge or proper understanding of the topic. DO NOT just copy and paste a sentence from online with citation at the end as your own discussion. I have not asked for definitions, I asked for discussions and will not buy this.  You must show understanding of the discussion topic by using your own words to describe the topic and then justify that with sources. www.citationmachine.net to format references into the APA style if necessary. Extremely important. Intext citations is very essential and highly needed as well. use double spacing, 12-point Times New Roman font, and one-inch margins. Sources should be cited according to APA citation method (citation should be relevant and current). Page-length requirements:2 PAPARAGRAPHS FOR EACH PROMPT ANSWER. Make sure you cite if you take a piece of someone’s work, very important and your reference should relate to your writing (don’t cite a reference because it relates to the course and not this very paper) at least 2 current and relevant academic references. No heavy paraphrasing of others work.