Risk Assessment and Incident Response for Finance Systems

-

 


Learning Objectives

  1. Review the steps for monitoring, incident detection, and data loss prevention using all-source intelligence.
  2. Identify the elements of an incident response policy and members of the incident response team (IRT).
  3. Classify the SSCP’s role in supporting forensic investigations.
  4. Evaluate the scenario.
  5. Apply knowledge in the given scenario.

Instruction

XYZ Network Solutions provides network services and value-added communications to customers in several countries in Europe and North America.

The corporate headquarters is in Miami, Florida, with offices in Chicago, U.S.A., London, UK, and Frankfurt, Germany. The company has a sales division with eight employees led by Andre Wisser, human resources with three employees led by Jane Aubin, and Technical and Communications with 45 employees led by Peter O’Day. Finance is led by Andrea Worth, but most of the payroll and finance functions have been outsourced to a SaaS cloud provider.

  1. Andrea Worth, Manager, Finance has just asked you whether you have conducted a risk assessment on the Finance systems (payroll, accounts receivable, accounts payable, email, etc.). What is the difference between IT risk and business risk?

  2. List some of the threats to an IT system that supports Finance.

  3. What are the reasons to implement separation of duties and how can this be done?
      
  4. XYZ Network Solutions has asked you to set up an incident response program that will work together with the help desk and information security department. 

  5. What should be the first few steps in creating an incident response program?

  6. What is the first priority and first steps to be taken when an incident is detected?

  7. How can an organization ensure that lessons are identified following an incident and that they are carried out as ‘lessons learned’?

1. Andrea Worth, Manager of Finance, has just asked you whether you have conducted a risk assessment on the Finance systems (payroll, accounts receivable, accounts payable, email, etc.).

Difference Between IT Risk and Business Risk

    • IT Risk: Involves potential threats and vulnerabilities specific to the information technology infrastructure, such as data breaches, system failures, and cyberattacks.
    • Business Risk: Involves broader organizational risks that can affect the business operations, reputation, and financial health, such as market competition, regulatory changes, and economic downturns.

2. Threats to an IT System Supporting Finance

Cyber Attacks: Phishing, malware, ransomware.
Insider Threats: Employees misusing access, fraud.
System Failures: Hardware or software malfunctions.
Data Breaches: Unauthorized access to sensitive information.
Third-Party Risks: Vulnerabilities in SaaS cloud providers.
Human Error: Mistakes leading to data loss or corruption.


3. Reasons to Implement Separation of Duties and How It Can Be Done

  • Reasons:

    • Reduce Fraud:
      Prevents a single individual from having control over all aspects of financial transactions.
    • Error Prevention:
      Limits the potential for mistakes by dividing responsibilities.
    • Accountability:
      Ensures that different individuals are responsible for different parts of the process, making it easier to trace errors or malicious actions.

  • Implementation:

    • Divide Responsibilities:
      Assign different tasks in a process to different employees (e.g., one person handles payments, another handles reconciliations).
    • Access Controls:
      Implement role-based access controls to restrict access to sensitive information.
    • Regular Audits:
      Conduct regular internal and external audits to ensure compliance with separation of duties.

4. Setting Up an Incident Response Program

  • First Steps:
    • Establish a Response Team:
      Form an incident response team (IRT) with representatives from IT, HR, Legal, and Management.
    • Develop Policies:
      Create an incident response policy outlining roles, responsibilities, and procedures.
    • Training:
      Train staff on recognizing and reporting incidents.
    • Communication Plan:
      Establish a communication plan for internal and external stakeholders during an incident.
    • Tools and Resources:
      Ensure the IRT has access to necessary tools and resources for incident detection and response.

5. First Priority and Steps When an Incident is Detected

  • First Priority: Contain and mitigate the impact of the incident to prevent further damage.
  • First Steps:
    • Identify and Classify:
      Identify the nature and scope of the incident.
    • Containment:
      Implement measures to contain the incident (e.g., isolating affected systems).
    • Eradication:
      Remove the cause of the incident.
    • Recovery:
      Restore affected systems and data.
    • Notification:
      Inform relevant stakeholders and authorities as required.

6. Ensuring Lessons Learned

  • Post-Incident Review:
    Conduct a thorough review of the incident, identifying what went wrong and what worked well.
  • Document Findings:
    Document the lessons learned and update policies, procedures, and training materials.
  • Implement Changes:
    Make necessary changes to improve the incident response process.
  • Continuous Improvement:
    Regularly review and test the incident response plan to ensure it remains effective.

XYZ Network Solutions can establish a robust incident response program and effectively manage risks to its finance systems by following these steps.

Comments

Post a Comment

Popular posts from this blog

Solving Computer Forensics Case Using Autopsy

-
Image
  Computer Forensics is the well-planned series of procedures and techniques used for obtaining evidence from computer systems and storage media. This evidence can then be analyzed for relevant information that is to be presented in a court of law. This article focused on a particular case and a forensic tool to give you a ‘feel’ of what computer forensics investigations are like. However, it is in no way comprehensive enough to cover the variety of problems and complications faced by the investigator.   Scenario  A complaint was made to the authorities describing alleged Wi-Fi hacking activity. When the authorities reached the spot, they found an abandoned Dell computer which is suspected that this computer was used for hacking purposes. Schardt uses "Mr.Evil" nickname when he goes online. He is also accused of parking his car in wireless range (like Starbucks and other T-Mobile Hotspots) where he would then intercept internet traffic, attempting to get credit card numbers,
Read more

Pentesting - Exploitation Guide Metasploitable 1

-
Image
Metasploitable Metasploitable is an Ubuntu 8.04 server installed on a VMWare 6.5 image with a number of vulnerable packages included, which can be run on most virtualization software. You can grab your copy at Vulnhub – Metasploitable I used Kali Linux for attacking and VirtualBox for virtualization. Information Gathering nmap is a great tool for scanning ports and finding network services on a machine. We will run nmap with the following options: -sV to probe open ports for service and version info -O to fingerprint and try to guess the operating system -p1-65535 to do a complete port scan root@kali:~# nmap -sV -O 192.168.0.14 -p1-65535 Starting Nmap 6.47 ( http://nmap.org ) at 2015-06-12 16:46 MDT Nmap scan report for 192.168.0.14 Host is up (0.00073s latency). Not shown: 65522 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp ProFTPD 1.3.1 22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1 (protocol 2.0) 23/tcp open telnet Linux telnetd 25/tcp open smtp Postfix smtpd 53/tcp open
Read more

How does a proxy server work

-
Image
Every computer on the internet needs to have a unique Internet Protocol (IP) Address. Think of this IP address as your computer's street address. Just as the post office knows to deliver your mail to your street address, the internet knows how to send the correct data to the correct computer by the IP address. A proxy server is basically a computer on the internet with its own IP address that your Computer knows. When you send a web request, your request goes to the proxy server first. The proxy server then makes your web request on your behalf, collects the response from the web server, and forwards you the web page data so you can see the page in your browser. When the proxy server forwards your web requests, it can make changes to the data you send and still get you the information that you expect to see. A proxy server can change your IP address, so the web server doesn't know exactly where you are in the world. It can encrypt your data, so your data is unreadable
Read more