Home > Free Essays > Tech & Engineering > Computer Security >

Sifers-Grayson Firm’s Security Incident Analysis Report

Exclusively available on Available only on IvyPanda®
This academic paper example has been carefully picked, checked and refined by our editorial team.
You are free to use it for the following purposes:
  • To find inspiration for your paper and overcome writer’s block
  • As a source of information (ensure proper referencing)
  • As a template for you assignment
  1. Cause of the Incident
  2. Cost of the Incident
  3. Business Impact of the Incident
  4. General Comments
  5. References

Incident Details

-The Red Team forcefully penetrated the engineering center’s R&D servers, 10.10.135.0/24, on August 3rd, 2021, 0930 hours, Eastern Standard Time (EST). The team stole design documents and drone system source code from the servers at 1005 hours. At 1255 hours, Red Team stole employees’ logins using keylogging software and installed malware over the Sifers-Grayson network at 1325 hours. The Red Team also sent phishing emails to the workers after 30 minutes, exposing the company’s vulnerability. The penetration test ended 24 hours later after the target server was shut down.

  • The incident’s physical location is 1555 Pine Knob Trail, Pine Knob, KY 42721.
  • Red Team’s penetration test completed
  • Source or cause of the incident: Forced intrusion at R&D Center IP 10.10.135.0/24, infection of malware from AX10 Test Range IP10.10.145.0/24 to Corporate Headquarters IP10.10.100.0/24
  • Incidence description: The Red Team’s penetration test into Sifers-Grayson systems was efficiently and professionally executed, resulting in a hundred percent success and exposing the firm’s vulnerability to cyber-attacks. The team easily located a weakness due to Sifers-Grayson’s unsecured network connection, allowing them to intrude into the company’s databanks. The Red Team succeeded in stealing 100% of design documents and AX10 Drone System’s source code. Using one of its employees disguised as Sifers-Grayson’s staff, the Red Team found a USB key on a lunch table in the enterprise’s headquarters building staff lounge. They used keylogging software installed in the USBs to steal passwords for 20% of the workers.

Installation of malware through the network onto a workstation linked to the PROM burner located in the R&D DevOps lab followed. The move enabled the Red Team to access cellular connection and “phoned home” to the team. The Red Team effectively controlled the test vehicle, flying it from the test range to a safe landing. Lastly, the Red Team sent phishing emails to the Sifers-Grayson’s employees using the stolen logins, where a significant number of the recipients clicked on the video links.

  • Affected sources description: 100% of the R&D center’s server infrastructure intruded, 20% of workers’ passwords and login details were stolen, and PROM burner was attacked with malware, and drone system code was stolen. The compromised sources represent the Corporate Headquarters, R & R&D center, and Test Range with IPs 10.10.100.0/24, 10.10.135.0/24, and 10.10.145.0/24.
  • Vectors associated with the incident: Unsecured network connection, unattended USB drives, malicious insider (Red Team member), and phishing.
  • Prioritization factors: The attack negatively impacted network and system functionality by slowing them down.
  • Mitigation factors: No mitigation factors were in place.
  • Response actions performed: Shutting down of the target server.
  • Other organizations contacted: Sifers-Grayson never informed any outside organization about the penetration test or contacted them during the incidence.

Cause of the Incident

Unsecured connections, lack of network security, and improper handling of devices were the leading cause of incidence. The unsecured network connections and absence of defensive measures allowed the Red Team to instantly and silently access secured data. Employees lacked device discipline and failed to ensure physical security since they left unattended USBs and permitted unauthorized individuals (new hires) into RFID.

Cost of the Incident

The estimated cost of responding to an incident is $275 000. The IT staff would take 275 hours at the cost of $100 per hour to execute all the clean-up activities. Firewall and other security configurations would take 90 hours, digital forensics to analyze intrusion methods 60 hours, scanning of servers and AX10 drone system 55 hours, and security awareness training 70 hours.

Business Impact of the Incident

While the incident was a penetration test, it had significance to Sifers-Grayson’s business. The intrusion into the company’s network system, installation of malware, and phishing emails slowed operations. However, the incident prompted the business to its vulnerabilities to cyber-attacks, necessitating immediate measures to avert such occurrences in the future and ensure business security.

General Comments

Companies in contract with the Departments of Defense and Homeland Security must comply with security requirements provided in NIST Special Publication 800-171 and DFARS section 252-204-7012. Conforming to these requirements is necessary to guarantee safety and security against any attack on sensitive data provided by the government and stored in the Sifers-Grayson R&D DevOps and SCADA labs. The contract further requires the company to report any security incident to the federal government.

The NIST Special Publication 800-171 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations guides companies such as Sifers-Grayson on handling data that is not under federal government control. There are various things that the firm needs to do to meet provided standards. They include access control, media protection, awareness and training, personnel security, audit and accountability, configuration management, risk assessment, identification and authentication, and incident response among others (Ross et al., 2020). The requirements will guarantee the security of the information that the company stores in its systems.

DFARS guides Sifers-Grayson on procedures it must follow when reporting security incidents. The document provides detailed information regarding different types of incidents and how they should be reported. Contractors must immediately notify the department of defense in case of a security incident or data compromise (“252.204-7000 Disclosure of Information”, 2021). DFARS guidelines will allow Sifers-Grayson to fulfill all contract obligations and maintain proper handling of stored data and its information system.

References

252.204-7000 Disclosure of Information. (2021). Acq.osd.mil. Web.

Ross, R., Pillitteri, V., Dempsey, K., Riddle, M., & Guissanie, G. (2020). Protecting controlled unclassified information in nonfederal systems and organizations, 1-101. Web.

Rate
More related papers Related Essay Examples
Cite This paper
You're welcome to use this sample in your assignment. Be sure to cite it correctly

Reference

IvyPanda. (2022, October 30). Sifers-Grayson Firm's Security Incident Analysis. https://ivypanda.com/essays/sifers-grayson-firms-security-incident-analysis/

Work Cited

"Sifers-Grayson Firm's Security Incident Analysis." IvyPanda, 30 Oct. 2022, ivypanda.com/essays/sifers-grayson-firms-security-incident-analysis/.

References

IvyPanda. (2022) 'Sifers-Grayson Firm's Security Incident Analysis'. 30 October.

References

IvyPanda. 2022. "Sifers-Grayson Firm's Security Incident Analysis." October 30, 2022. https://ivypanda.com/essays/sifers-grayson-firms-security-incident-analysis/.

1. IvyPanda. "Sifers-Grayson Firm's Security Incident Analysis." October 30, 2022. https://ivypanda.com/essays/sifers-grayson-firms-security-incident-analysis/.


Bibliography


IvyPanda. "Sifers-Grayson Firm's Security Incident Analysis." October 30, 2022. https://ivypanda.com/essays/sifers-grayson-firms-security-incident-analysis/.

If, for any reason, you believe that this content should not be published on our website, please request its removal.
Updated:
Privacy Settings

IvyPanda uses cookies and similar technologies to enhance your experience, enabling functionalities such as:

  • Basic site functions
  • Ensuring secure, safe transactions
  • Secure account login
  • Remembering account, browser, and regional preferences
  • Remembering privacy and security settings
  • Analyzing site traffic and usage
  • Personalized search, content, and recommendations
  • Displaying relevant, targeted ads on and off IvyPanda

Please refer to IvyPanda's Cookies Policy and Privacy Policy for detailed information.

Required Cookies & Technologies
Always active

Certain technologies we use are essential for critical functions such as security and site integrity, account authentication, security and privacy preferences, internal site usage and maintenance data, and ensuring the site operates correctly for browsing and transactions.

Site Customization

Cookies and similar technologies are used to enhance your experience by:

  • Remembering general and regional preferences
  • Personalizing content, search, recommendations, and offers

Some functions, such as personalized recommendations, account preferences, or localization, may not work correctly without these technologies. For more details, please refer to IvyPanda's Cookies Policy.

Personalized Advertising

To enable personalized advertising (such as interest-based ads), we may share your data with our marketing and advertising partners using cookies and other technologies. These partners may have their own information collected about you. Turning off the personalized advertising setting won't stop you from seeing IvyPanda ads, but it may make the ads you see less relevant or more repetitive.

Personalized advertising may be considered a "sale" or "sharing" of the information under California and other state privacy laws, and you may have the right to opt out. Turning off personalized advertising allows you to exercise your right to opt out. Learn more in IvyPanda's Cookies Policy and Privacy Policy.

1 / 1