KOP1 — TASK 1: ANALYSIS RESPONSE

MANAGING INFORMATION SECURITY — C843

Anu Nkematabong
Part I: Incident Analysis and Response

A. Determine why the attack on Azumer Water’s infrastructure was successful,

including the specific vulnerabilities that allowed the attack to occur. Provide details

from the case study to support your claims.

The successful compromise of Azumer Water's infrastructure may be attributed to a number

of vulnerabilities present inside the organization. First and foremost, the absence of

information technology security specialists may have resulted in the disregard of security

protocols, such as routine software upgrades and network surveillance. Additionally, it is

noteworthy that the organization failed to maintain backup copies of the volunteer database

and relied on sporadic USB drive backups. This practice exposes the organization to an

elevated vulnerability of data loss in the case of a successful cyber-attack. Furthermore, the

use of open-source software for the database, email, and web servers posed a potential

vulnerability due to the widespread availability and popularity of such software among

hackers. Ultimately, the absence of adequate password management practices and a robust

network architecture facilitated the perpetrator's effortless infiltration of the network and

subsequent exfiltration of confidential data. The aforementioned vulnerabilities facilitated the

attacker in effectively compromising the infrastructure of Azumer Water.

B. Explain how the confidentiality, integrity, and availability of Azumer Water’s

operations and PII (personally identifying information) data have been

compromised, using NIST, ISO 27002, or another industry-standard framework to

support two claims of compromise.

The operational and personal identifiable information (PII) data of Azumer Water were

hacked, impacting the confidentiality, integrity, and availability of their operations.

Confidentiality pertains to safeguarding sensitive information from unauthorized access. In

this instance, the perpetrator successfully acquired sensitive data pertaining to the volunteers,

encompassing fundamental contact details, background checks, training, involvement

particulars, and access to regional storage. The breach of confidentially exposed the personal

information of the volunteers to potential use for nefarious intentions. Integrity pertains to the

preservation of data accuracy and completeness, as well as the prevention of unauthorized

alterations. In this instance, the attacker successfully disrupted Bottled water from area

warehouses delivered, thereby compromising the integrity of the organization's relief efforts.

The concept of availability pertains to the assurance of data and systems being available as

required. The assault on Azumer Water's infrastructure resulted in a disruption of the

organization's capacity to provide clean drinking water to metropolitan populations, so

jeopardizing the availability of their services.

C. Identify a federal regulation this NGO violated, providing a specific example from

the case study as evidence of Azumer Water’s noncompliance.

Azumer Water was found to be in violation of the Federal Risk and Authorization

Management Programmed (FedRAMP) law due to its inadequate configuration of the

enterprise firewall solution. This failure had the potential to compromise the security of

sensitive information belonging to the volunteers, making it susceptible to unauthorized

access. The organization's non-compliance with FedRAMP standards resulted in a breach of

the aforementioned regulation.

D. Recommend immediate steps to mitigate the impact of the incident, using specific

examples from the case study to justify how these steps would mitigate the impact.

The prompt suggests that immediate measures to alleviate the consequences of the event

including the implementation of a password policy, the execution of a vulnerability

assessment, the encryption of sensitive data, the establishment of a backup strategy, and the

formulation of an incident response plan. The use of these measures will effectively fortify

the organization's infrastructure and safeguard confidential data against any future breaches.

E. Explain how having an incident response plan in place will benefit Azumer Water,

using details from the case study to support your explanation.

The implementation of an incident response strategy would be advantageous for Azumer

Water as it would enable the organization to promptly and efficiently address security

incidents. This strategy will delineate the sequential actions to be undertaken in the case of an

attack, identify the individuals accountable for each action, and elucidate the methods for

effectively communicating with stakeholders. The implementation of this strategic plan will
effectively mitigate the consequences of an assault, hence minimizing the adverse effects on

the organization's operational efficiency and reputation.

Part II: Risk Assessment and Management

F. Discuss two processes to increase information assurance levels within the

organization and bring Azumer Water into compliance with the violated federal

regulation identified in part C.

There are two methods that may be used to enhance information assurance levels inside the

organization and ensure compliance with FedRAMP requirements. The first approach

involves the implementation of a comprehensive security framework, such as ISO 27002.

The second method is performing periodic security audits and assessments.

The implementation of a comprehensive security framework will establish the necessary

controls and procedures inside the organization, therefore safeguarding sensitive data and

ensuring compliance with regulatory requirements.

Regularly conducting Security audits and assessments find weaknesses. and ensuring that the

organization maintains compliance with relevant requirements.

G. Recommend technical solutions to counter the remaining effects of the attack in the

case study and to prevent future attacks.

Azumer Water should consider the following technical solutions to limit the attack's

effects:

1. Azumer Water should upgrade its corporate firewall system to improve network security.

The new firewall should detect and block unauthorised access with sophisticated

capabilities. For maximum performance, the firewall must be properly configured and

updated often.
2. Azumer Water must routinely update its systems and applications to fix vulnerabilities

and maintain security. This includes database, email, and web server operation using

open-source software.

3. Azumer Water should employ multi-factor authentication to enhance access security. This

ensures that unauthorised users cannot access the network without further authentication

if they steal a user's password.

4. To improve network security, Azumer Water should provide network monitoring and

traffic analysis. These tools will alert system administrators to possibly harmful network

activity. This lets the organisation fix security issues fast..

5. Azumer Water should implement an IDS (intrusion detection system) to monitor and

notify administrators of unusual network activity, such as unauthorised access, loss of

data, and malware assaults. IDS configuration must monitor and assess network traffic

that comes and goes..

6. Technical solutions aid Azumer Water in controlling attack aftermath and preventing

future attacks..

H. Recommend an organizational structure for IT and security management, including

a logical delineation of roles and adequate coverage of responsibilities, to support

the efficient discovery and mitigation of future incidents.

Azumer Water should create an IT and security department to handle its technology and

security. A Chief Information Security Officer (CISO) should manage the department and

develop the organization's security strategy and oversee security measures. The following

duties are required of the department:

1. The IT support personnel will maintain the hardware, software, and networks of an

organisation. Additionally, this team will be responsible for offering technical

assistance to users and overseeing the resolution of events as they occur.

2. Security Operations: The responsibility of the security operations team include the

continuous monitoring of the organization's security status and prompt response to

any security problems that may arise.

3. Additionally, this team will do routine vulnerability assessments and deploy security

measures in order to mitigate the risk of future assaults.

4. Incident Response: The responsibility of reacting to security events when they arise

lies with the incident response team. The collaboration between this team and the

security operations team will be important in promptly and efficiently addressing and

resolving events.

5. Compliance: The team responsible for compliance will ensure that the organization

adheres to relevant legislation and standards, such as FedRAMP.

The implementation of a distinct IT and security department within Azumer Water would result

in the establishment of a centralized management structure, hence enabling efficient oversight of

the organization's technology and security activities. This will guarantee that the organization can

effectively identify and address future occurrences.

I. Describe your risk management approach for Azumer Water based on the likelihood,

severity, and impact categorization of two risks in the case study.

The risk management strategy I propose for Azumer Water entails the use of a framework that

categorizes risks based on their probability, severity, and effect. This framework will enable the

assessment and prioritization of risks. One potential risk that the organization faces is the

potential for further cyber assaults, which is very probable considering the previous successful

attack on its infrastructure. The danger is severe since it might cause data loss, service disruption,

and brand damage. A future attack might result in the loss of sensitive information, financial

losses, and volunteer and customer distrust.

Federal regulations, such as FedRAMP, may be violated. This risk is moderate due to the

organization's past non-compliance with the law. The organisation might lose government

contracts, financial penalties, and reputational damage due to this risk. This risk might result in

significant financial liabilities and hinder the organization's service commitments.

In order to address these threats, it is advisable to establish a comprehensive information security

programmed that encompasses frequent vulnerability assessments, data encryption, backup and

recovery protocols, incident response planning, and staff training. In addition, it is advisable for
the organization to enlist the services of a third-party security expert to do periodic security

assessments and provide suggestions for enhancing security measures. By applying the

aforementioned procedures, Azumer Water has the potential to enhance its information assurance

levels and align itself with federal requirements, hence mitigating the probability and

consequences of future hazards.

J. Acknowledge sources, using in-text citations and references, for content that is quoted,

paraphrased, or summarized.

The APA (American Psychological Association) style encompasses a prescribed set of guidelines

that dictate the formatting of papers and essays. It is mostly used for the purpose of referencing

sources in scholarly writing pertaining to social science and its associated disciplines. Citing

sources is a fundamental practise in academic writing that serves to recognise the origins of

material used within a work, so mitigating the risk of plagiarism.

In accordance with the guidelines of the American Psychological Association (APA), in-text

citations are used inside the main text of your academic work to concisely indicate the origin of

the information being presented. The purpose of in-text citations is to assist readers in accessing

a particular source, thereby establishing a direct connection between each citation and the

corresponding comprehensive reference listed at the conclusion of the work.

An example of an in-text reference for a paraphrased piece may be seen as follows:

As to the findings of Smith (2020), the available data indicates a substantial growth in the

population.

In order to properly cite a direct quotation, it is necessary to mention the page number.

According to Smith (2020), there is a substantial growth in the population (p. 22).

The reference list entry might appear as follows:

In the year 2020, Smith conducted a study. The phenomenon of population expansion and its

associated consequences. The subject of discussion is City Publishing.

K. Demonstrate professional communication in the content and presentation of your

submission.

Effective professional communication involves the transmission of information in a way that is

both clear and succinct, while also maintaining a professional tone. In the context of academic

writing, it is essential to adopt a formal tone, refrain from using slang and colloquial expressions,

and strive for clarity and conciseness. Additionally, it entails organizing one's work in a coherent

manner, using paragraphs strategically, and ensuring the seamless progression of ideas.
The primary objective of professional communication is to effectively transmit one's message in

a manner that is comprehensible and suitable for the intended recipients. In order to adhere to

academic standards, it is important to use correct grammar, punctuation, and spelling, while

using acceptable language and tone.

Reference,

Law, Ethics, and Security Compliance Management. Pluralsight. (n.d.). Retrieved February 1,

2023, from https://www.pluralsight.com/

Managing Information Security Incidents. Pluralsight. (n.d.). Retrieved February 1, 2023, from

https://www.pluralsight.com

Managing Information Security Threats and Risks. Pluralsight. (n.d.). Retrieved February 1,

2023, from https://www.pluralsight.com

Security Architecture and Design. Pluralsight. (n.d.). Retrieved February 1, 2023, from

https://www.pluralsight.com

Whitman, M. E., & Mattord, H. J. (2019). Management of Information Security. Cengage.