Professor Julian Slaughter
Foundations of Cyber Security
July 6, 2015
Assessing risk, threats, and vulnerabilities
Focus on the problem as soon as it occurs
The severity of the companies security impact due to the data breach
Investigation on the severity of incident and its damages
Actions taken towards this threat
Insights of similar incident
Actions that need to be taken
Outcomes and results due to malware attack
Consequences of the attack
Impact of possible exposure to incident
How to prevent future incidents
As we already know Fullsoft Inc, has recently experienced a malware attack that has resulted in proprietary information being leaked. Even though the company is now in the process of this breach being recovered, we will need to come up with a plan so we can prevent such incident of happening again.
[Us as] security professional need to be aware of common attack methods so that they can take proactive steps to prevent attacks [by recognizing] them when they occur and respond [to them] appropriately (James M. Stewart, p. 48).
In order for such incidents to occur again in the future one must have risk management strategies in place. According to the Risk Centric Threat Modeling: Process for Attack Stimulation and Threat Analysis Tony Uceda Velez and, Marco M. Morana state, “A risk management strategy of the company can be proactive or reactive depending on the culture and appetite of the risk (Morana Marco M, 2015, p. 66).”
One must first focus on the problem as soon as it has occurred. Secondly how severe was this companies security impacted such as the security of the incident data breach. A full investigation on the severity of this incident and the measures of all the damages has to be made.
An action plan is to take place by suspending any accounts associated with the threats to this company, such as credit cards, and or blocking credentials
Cited: Coombs, W. T. (2007). PSI Handbook of Business Security. James M. Stewart, M. C. CISSP- Certified Information Systems Security Profession Study Guide (Vol. 6th ed). Lobel Mark, G. L. (n.d.). Retrieved from www.pwc.com/giss2012. Morana Marco M, T. U. (2015). Risk Centric Threat Modeling: Process for Attack Stimulation and Threat Analysis.