An Report On The Human Resource System Essay

1724 Words Aug 16th, 2015 7 Pages
An auditor happens to discover an error in the human resource system that allowed an employee to hack into the company human resources record systems and change their base salary rate to receive a pay raise on two paychecks. The employee was able to eavesdrop on the network using IP spoofing technique to hijack a trusted host on the network and hide their identity in the process. The technique allowed the hijacker to steal and alter sensitive data such as payroll records. The employee also monitors the email traffic about the incident, to use the man-in-middle attack an intercept the auditor email to several individuals at the company explaining what had happened. During the man-in-middle attack, he was able to impersonate the individuals the auditor had email and gain additional access to the financial records from the auditor. With the new permit from the auditor, the employee was able to lower the salaries of the company president and several other employees and transfer those differences into his paycheck.
Once the incident was discovered, the auditor should follow the incident response plan and inform the incident response team of the breached in person or on a conference call with all the team members to minimize additional loss or theft of the information. Allowing the response team time to start the start the investigation and obtain enough information to determine an appropriate response to this incident. Using either of these two methods could have prevented the…

Related Documents