CST_630_Project2_CIR_HERO.docx - Running Head INCIDENT...

This preview shows page 1 - 4 out of 15 pages.

Running Head: INCIDENT RESPONSE REPORT 1 Incident Response Report University of Maryland University College CST 630 Executive Summary
Running Head: INCIDENT RESPONSE REPORT 2 In the current age of the anywhere, anytime work environment, developing and establishing specific boundaries for your Bring Your Own Device (BYOD) policy can get complicated. Since we’ve rolled out our Bring Your Own Device (BYOD) policy to the company, there has been a few incidents that have come to our attention. At the current time, we support Android, Apple, and PC devices in our policy. Currently, we’re using mobile device management software called ManageEngine Mobile Device Manager Plus, that receives its account information from our active directory user information. ManageEngine Mobile Device Manager Plus is an Enterprise Mobility Manager; it gives the enterprises the power to harness the control of mobility. Devices that are jailbroken devices aren’t allowed, all updates to operating systems are administered through ManageEngine Mobile Device Manager Plus. An employee was cited for excessive usage outside of normal working hours. She was a victim of Media Access Control (MAC) Spoofing. We’ve continued to work on advancing our network and its security over the past several years. During the first launch our company’s wireless internet it was secured with Wired Equivalency Privacy (WEP). This became the industry norm and was moved to Wi-Fi Protected Access (WPA) because of multiple vulnerabilities that were exposed using WEP. We’re currently using WPA2 to secure our network with an increased level of security. An incident was reported of an undocumented user on the network. The execution of whitelisting all approved users to our network was performed. All users not verified through the VPN software were kicked off the system. To help prevent this from happening in the future, signal hiding and not allowing broadcast of the SSID will be stopped by enforcing it in the policy of the wireless access point. As a result, the user in question will be found and terminated by human resource and the cybersecurity team working together. Wireless and Bring Your Own Device (BYOD) Policy
Running Head: INCIDENT RESPONSE REPORT 3 In this new age of business, it is not uncommon for companies to embrace a more user- friendly work environment. A user-friendly environment allows employees to use personal computers and mobile devices to complete their work. Because employees use their own devices, saves the company money and gives the employee the freedom to use a device for work or personal use. This method brings some very welcome benefits and added security risks. Personally, an owned device can now have access to sensitive and organizational information, which makes the tendency of data loss higher. Several complications may occur that will put the company at risk like the following: systems patched incorrectly, inappropriate website access, unapproved applications, etc. To minimize our security risks and maximize the effectiveness of

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture