Assignment

Case Background Information

iPremier:

• On January 12, 2001, the iPremier Company (the name of the company has been changed), a successful high-end web-based retailer, was shut down by a distributed denial of service (DDoS) attack that began at 4:31 AM ET (Eastern Time) and then ended abruptly and mysteriously at 5:46 AM.

• How well did this company perform during the attack? What should they have done differently, before or during the event? What, if anything, should they say to customers, investors, and the public about what has happened?

Boss I think someone stole our data:

• The fictitious company profiled is Flayton Electronics, a regional electronics chain with 32 stores across six states. The premise of the fictitious data breach focuses on the manner in which Flayton Electronics decides what to do, how to interact with Law Enforcement Officers, and how/if to communicate the alleged data breach consisting of potentially thousands of their customer's credit cards. Further, what remediation plans do you suggest?

Intel Corp: BYOD

• Since early 2009, the information technology (IT) division of a leading manufacturer of semiconductor chips had noticed a growing trend among the company's 80,000 employees worldwide to bring their own smartphones and storage devices to their individual workstations. Recognizing that Bring Your Own Device (BYOD) was not a passing fad but a growing phenomenon, the company decided in January 2010 to formally implement this initiative. As the company's chief information security officer prepares for a full rollout of BYOD, he revisits the issue of ensuring security of corporate data stored on devices owned by individual employees. He also wonders how Intel should respond to the demand for e-Discovery, wherein a litigant could seek access to internal documents stored on devices not owned by the company. He also reflects on a more fundamental and strategic issue: How can Intel extract value from the BYOD initiative and turn this initiative into a new source of competitive advantage?

Choice Point A PUBLICATION DATE: February 10, 2006 PRODUCT #: 306001-PDF-ENG

• The CEO of ChoicePoint, a leading company in the rapidly growing U.S. personal data industry, must reexamine the company's business model after a serious breach of data security affecting some 145,000 U.S. citizens. He must decide on steps to strengthen data protection in the company and clarify his stance on regulating a largely unregulated industry. Your task, assist with an evaluation and recommendations.

Startup SME

A new start-up SME (small-medium enterprise) based in Marlyland with an Egovernment model has recently begun to notice anomalies in its accounting and product records. It has undertaken an initial check of system log files, and there are a number of suspicious entries and IP addresses with a large amount of data being sent outside the company firewall. They have also recently received a number of customer complaints saying that there is often a strange message displayed during order processing, and they are often re-directed to a payment page that does not look legitimate.

The company makes use of a general purpose eBusiness package (OSCommerce) and has a small team of six IT support professionals, but they do not feel that they have the expertise to carry out a full scale malware/forensic investigation.

As there is increased competition in the hi-tech domain, the company is anxious to ensure that their systems are not being compromised, and they have employed a digital forensic investigator to determine whether any malicious activity has taken place, and to ensure that there is no malware within their systems.

Your task is to investigate the team's suspicions and to suggest to the team how they may be able to disinfect any machines affected with malware, and to ensure that no other machines in their premises or across the network have been infected. The team also wants you to carry out a digital forensics investigation to see whether you can trace the cause of the problems, and if necessary, to prepare a case against the perpetrators. What methods could you use to do this? The company uses Windows Server 2012/2008 for its servers. Clients run Windows 7/8 internally. They only use a firewall from (Seek&Destroy). Patches are applied by the IT support team on a monthly basis, but the team has noticed that a number of machines do not seem to have been patched. The IT Team is not as skilled as it should be.

Deliverables

Your deliverable in this assignment is a 6-10 page word report discussing how you would approach the following:

• Malware investigation
• Digital Forensic Investigation
• Overall Security Analysis
• Recommendations

You should discuss a general overview of the methodology that you will use, and provide a reasoned argument as to why the particular methodology chosen is relevant.