A1. The Nature of the incident was that an employee was able to hack into the computer system and gain access to the financial payroll system, human resources and even email system. This employee used several methods in order to gain access into the system: IP spoofing, Data modification, Man in the middle attack and compromised-key attack. As a result the employee was able to tamper with payroll system. An auditor discovered the discrepancies and tried to make upper management aware of the situation through email, but the email was intercepted by the hacker. The hacker impersonated an employee and persuaded the auditor into granting him more access into the system which resulted in additional sabotage into the payroll system. Hacker
…show more content…
This intrusion cost the company thousands of dollars, so this intrusion was a crime and the employee will be prosecuted. A more protective measure to consider is to have stronger encryption protocols between the client and the server. The server will need to authenticate itself by presenting a digital certificate this verification will permit the server and the client to authorized an encrypted channel for data exchanges and/or communication.
A5. How the system could be restored to normal business practice?
In order to bring the system back into production, it is imperative to test and validate and authenticate all systems in the entire network. It will also be wise to monitor it to see the results to verify they are not being compromised once again. It should have been determined by the CIRT on hold long the monitoring procedure should take. All system data should have been reconfigured and tested. All the systems have been reimaged, so the restoration of the data have initiated. The company will need to make another image copy of the system. In the event an intrusion could occur once again the company will have a clean image this will expedite the restore system. The image may be restore in the cloud and/or CD-ROM/external hard drive the company might even want to consider several spots were to store this image. The company might also want to consider on taking a fingerprint of the files installed in order to enable comparison (if needed) in the