96%(138)132 out of 138 people found this document helpful
This preview shows page 1 - 4 out of 15 pages.
Incident Response1Incident ResponseITM 630
Incident Response2Executive SummaryThere have been a few incidents that have come to our attention since we’re rolled out our Bring Your Own Device (BYOD) policy to the company. With the increase of different devices on the network, the risk of security vulnerabilities increases exponentially. We’re currently supporting Android, Apple, and PC devices in our policy. We’re using management software called MobileIron, that receives its account information from our active directory user information. Jailbroken devices aren’t allowed, all update to operating systems will be pushed through MobileIron.An employee was flagged for excessive usage outside of normal working hours. Logs were retrieved from mobile iron that showed the user logged in several times outside of normal hours. The employee denied the findings and as we furthered our investigation we found the employee to be a victim of identity theft. He was a victim of Media Access Control (MAC) Spoofing. Over the years, we’ve continued to work on advancing our network and its security. When we first launched our company’s wireless internet it was secured with Wired Equivalency Privacy (WEP). This became the industry standard and was soon moved to Wi-Fi Protected Access (WPA) because of multiple vulnerabilities that were exposed using WEP. Currently we’reusing WPA2 to secure out network with an increased level of security and is the industry standard for wireless security.Having the ability to remotely connect to a secured network is important for managementof our systems. We’re currently doing this by using Cisco VPN management software. An
Incident Response3incident was reported of an undocumented user on the network. Whitelisting of all approved users to our network was executed. All users not verified through the VPN software were kicked off the network. The network will continue to be monitored with the management software and Wireshark. Employees were found connecting to Ad-hoc network and making the system vulnerable to attacks from hackers. All employees found guilty of this offense will be terminated from the company. To help prevent this from happening in the future, signal hiding and not allowing a broadcast of the SSID will be stopped by enforcing it in the policy of the wireless access point. Human resource and the cyber security team will work together to find and terminate the users inquestion.Wireless and Bring Your Own Device (BYOD) Policy It isn’t uncommon in this new age of business for companies to adopt a more user friendly work environment. Allowing employees to use personal computers and mobile devices to complete their work. This save the company money and gives the employee the freedom to use a device for work or personal use. Even though this brings some very welcomed benefits it also brings added security risks. The personally owned device can now have access to sensitive and organizational information, which makes the propensity of data loss higher. There are several