logo

Incident Response Plan for PeopleSharz: Analysis, Threats, and Recommendations

14 Pages3628 Words158 Views
   

Added on  2019-10-18

About This Document

This document analyzes the incident of PeopleSharz's social media site being attacked and user passwords being compromised. It identifies key issues and recommends solutions to improve security.

Incident Response Plan for PeopleSharz: Analysis, Threats, and Recommendations

   Added on 2019-10-18

ShareRelated Documents
Incident Response PlanPeopleSharzStudent Name: Student ID: Course Name: Course ID:Faculty Name: University Name:
Incident Response Plan for PeopleSharz: Analysis, Threats, and Recommendations_1
Executive SummaryThe social media site of PeopleSharz has been attacked by some unknown internal or external entities and numerous user passwords have been shared externally. The purpose of this documentis to analyze the problem or the incident that took place, and identify the key issues that might have led to the company’s web server and customer information being compromised.The scope of the activity was to assess the internal and external threat exposure and recommend solutions. The interview of the company employee, along with the key employees of the host provider was required. Moreover, testing the issues of current system was also under consideration. There are numerous possible problems that have been identified in this case. Some of them are weak security problems, insider threat, injection flaws, broken authentication, improper encryption and others.There are some recommendations that have been given regarding these issues. Some of them are using protection against injection flaws, using framework for authentication issues, proper security configuration, hiding sensitive data under HTTPS or encrypted storage, restricting use ofvulnerable components, employee education and awareness program, restriction to use removable media, use privilege management, and incident management.
Incident Response Plan for PeopleSharz: Analysis, Threats, and Recommendations_2
Table of ContentsExecutive Summary.........................................................................................................................1Background and Problem Analysis.................................................................................................3Threat Analysis................................................................................................................................4Dependencies and Critical Success Factors.....................................................................................7Recommendations for Improvements..............................................................................................9References......................................................................................................................................12
Incident Response Plan for PeopleSharz: Analysis, Threats, and Recommendations_3
Background and Problem AnalysisThe site of PeopleSharz (PS) has been hacked by some unknown external unethical entity or individual. PS is a social media site for the masses and is expecting an appreciable growth in the user base in the years to come. The hacking incident that just took place might dent image of the company and few people might prefer to tread towards this site. The news on April 21st came as shocking to the company that the passwords of the site users have been dumped to the Pastebin. The company, after confirming the news, has consulted the HackStop Consulting for solution to this issue. There are various possibilities that can be identified as the issues that might have led to the company’s web server and customer information being compromised. Some of the likely issues related to this case are mentioned below:Malicious Code: The hackers could have used the malicious code that were not identified by theHotHost1’s server and impacted the stored information (Corona et al, 2014).Backdoors in Computer Network: There can be the possibility that the hackers found a loophole in the network that they can misuse to get into the system.Trojan horses on employees’ computer: The hackers might have planted Trojans into the computers of employees who are working with the company. This might have led them to get access to the administrators account. The Trojan horses are represented as something that is harmless. This is mostly done through the phishing mails (Bhasin et al, 2013). In such scenarios, when the user clicks on the file to download, the virus installs itself automatically before the usercan do anything. Insider Threat: It might be possible that one or two of the employees within the company shared the key information to the external individuals. This could be possible sighting the enough competition in the social media space. The employee might have been lured by some handsome amount of money to dilute the reputation of the company.
Incident Response Plan for PeopleSharz: Analysis, Threats, and Recommendations_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Identified Vulnerabilities and Preventive Measures for Social and Operational Threats
|2
|642
|189

Comodo Certificate Fraud Hack and Its Implications on Dotti Fashion Organization
|12
|957
|129

Hacking and Cybersecurity
|4
|705
|70

Analysis of Security Tools for JKL Company
|8
|1708
|98

Cloud Privacy and Security: Threats and Solutions
|12
|2587
|159

Zeus the King of Botnet - Networking Project
|7
|1471
|124