* Please Respond Anything Related to the Assignment in a Microsoft Word Document.*

Hello David,

For this assignment I have 2 discussions questions that need to be answered as well as two discussion responses that need to be responded to. Each Discussion question will need at least 2-3 references.

I will need this completed by Saturday, November 21, 2015 no later than 11pm EST.

*Please respond anything related to the assignment in a Microsoft word document.*

I am very paranoid and try to minimize anyone being able to trace this back to me considering these questions are open to the public and are searchable on the internet.

*Thank you in advance*

Question 1 Instructions:

First, watch the video vignette part 2 Vignette Part 2

Second, answer the forum questions for Topic 1:

Question 1:

Should this situation trigger contact with regulators? Elected officials? Why or why not?

How would you have responded to this type of a suspected cyber attack?

How would you assess the company's incident response handling of this situation?

How or when should the company communicate with its key stakeholders (e.g., clients, shareholders, employees, etc.) in the event of a cyber incident such as this?

Question 2 Instructions:

First, watch the video vignette part 3 Vignette Part 3

Second, answer the forum questions for Topic 2:

Question 2:

How can the company in this case repair its image to their internal and external audiences after a situation like this? How do they go about regaining their trust?

What in your opinion were the key mistakes made? How did they fall short?

What gaps can we identify from the occurrences that have happened in this scenario?

In your opinion what does Worldwide Global, Inc. need to change?

What should we take away from this scenario?

*Responses can be I agree…(explanation why) or I disagree… (explanation why) or Just your opinion on the response the student made pertaining to a real life experience you came across. You may reference any articles or sources you have used. Does not need to be long, a paragraph is fine.

Response 1:

When attack like this happen, it is important for the organization to contact the regulators, elected officials and member of the law enforcements. This will give the organization the benefit of understanding the consequence from regulation, compliance, policy, fine and penalties stand point. Also, having an elected official involved will bolster the confidence of the stake holder. This will put a calm in the situation. With regards to law enforcement, it is important to have their input in the investigation. The more different areas of the law enforcement collaborate, the better it is in sharing intelligence and sharing technical expertise, which can result in eliminating future similar attacks. According to Justice Department, organization should be encouraged to involve government as part of the solution, but also avoid the idea of fearing criminal investigation that might result business disruption, as well as damage reputation. Government Agencies encourage that organization should report such incidents for the following reasons: government agencies will work with victim organizations cooperatively and discreetly, “the agencies will use investigative measures that avoid computer downtime or displacement of a company’s employees, agencies will work with a victim company to avoid unwarranted disclosure of information and agencies will attempt to coordinate statements to the news media concerning the incident with a victim company to ensure that information harmful to a company’s interests is not needlessly disclosed” (U.S. Department of Justice, 2015).

Responding to hacktivist demand can be very difficult. In terms of the Void, they are proposing an extortion threat, which the World Wide Global, Inc. CEO refuse to comply with the demand. I believe the CEO did the right thing by not complying with the demand. If complied with the demand, this will not only add any future threat, but also shows the companies weakness. Also, the company hired an outside cyber firms to handle the investigation. This gave the company more assurance on what to fix from being a target in the future. I would have handled it similarly as the company did. The only thing I will add is creating internal security department that can handle day to day situation, and also increase the budget allocation. This will help increase the company’s capability to overcome situation before it happen, such as having experts that is compromised with stronger offensive, defensive and compliance team.

I believe the company did well, when it comes to handling the situation. In terms of handling the attack, it was important for the company to stand firm and confident. This will give the stake holders and the consumer a much needed assurance. If the face of the company shows any kind of discouragement and doubt with the outcome, it will plummet the market and create instability. In terms of 1 to 10, I would rate the company’s handling at 8. I do believe, the company had opportunity to improve at the beginning of the attack. Having the law enforcement involved can create more stability to the listener. Concerning the law enforcement involvement, the CEO came out to announce on second face to face interview. The CEO also announced in the same interview that the Void was put to stop at after the involvement of the law enforcement.

There are many ways to communicate about cyber incident. Many organizations, tend to put out their on the news rather than sharing with employees, vendors and clients. The advantage of media is the damage control will be less in the future. If announce to employees only, there is a danger that information might leak out. According to U.S Department of Justice, “Victim companies should likewise consider sharing press releases regarding a cyber incident with investigative agents before issuing them to avoid releasing information that might damage the ongoing investigation” (U.S Department of Justice, 2015).

Response 2:

For me, the key take-away is that even up-and-coming organizations can be devastated by cyber attacks in a very short period of time. The risk calculus used in this module includes consequence along with threat and vulnerability as factors contributing to risk (UMUC, n.d.). Hence, without consequence, there is no risk to the organization. As evidenced by revenue losses and damage to credibility, there was great consequence to the organization and the Worldwide Global, Inc. (WG) risk assessment should have accounted for this to reduce threats, vulnerabilities, and consequence to reduce risk overall.

Based on the background supplied in the vignette, it sounds as though WG was deficient in several areas. First, a former employee retained network access to WG systems. WG must establish and adhere to exit procedures for employees who resign, retire, or are terminated so that the former employees’ access is immediately removed once their affiliation with the organization ends.

Second, an employee with authorized access to the network connected a piece of hardware created by the hacking group to a device on a WG system via USB. There are various problems here, including probably a lack of security awareness on the part of the employee as well as poor technical planning. As the guest in the segment, Dr. Lee-Hamilton, noted, defense in depth is an important concept to implement because threats come in various forms, so a multi-level approach helps ensure sound coverage (FEMA, 2012). A fundamental component to any such security system is that of having a security policy and educating employees on that policy. For instance, WG could improve its security posture by implementing a policy control on its employees to prohibit them from connecting non-approved hardware to their WG systems and then education employees on this policy. This would prevent such an incident from recurring because it would treat all non-approved hardware as suspect, thereby prohibiting its being connected to any WG system. WG should also decide what its process for certifying hardware is and communicate this policy to employee so that they know how to nominate non-certified hardware for the certification process. In addition to the policy control, WG could adopt the following additional security technique to mitigate the USB attack vector: disabling USB access through basic input/output system (BIOS) modifications or at the operating system level by changing registry values (al-Zarouni, 2006, pp. 8-9). Similar steps can be taken to prohibit infections from other media, like optical discs.

With respect to recovering its image, WG must recognize the stigma associated with cyber compromises. Affiliates are likely to be weary of the company after even a single major incident or several smaller incidents, particularly if WG does not offer reassurances it has adopted stronger security. For optimal efficacy, WG must plan the response to a cyber attack before one occurs by incorporating it into their overall crisis management strategy so a thought-out response is at the ready at all times (Affect, 2012). This includes things like composing the outline of press releases in advance and filling in the details based on the actual event. The earlier WG can get in front of the issue and explain what happened, why it happened, and how procedures are being changed to prevent it from occurring again, the more likely it is to weather the consequences of an incident. Communication and appropriate transparency (to provide enough assurance of competency while limiting compromising operational security) are key to rebuilding trust.