module 5
docx
School
Florida State University *
*We aren’t endorsed by this school
Course
6826
Subject
Law
Date
Feb 20, 2024
Type
docx
Pages
3
Uploaded by SargentReindeer1209
Assume you are the Chief Compliance Officer for a publicly-traded US Company, called
Cybersafe Corporation. The CEO of the company comes to you and advises you that Cybersafe
needs to develop a plan for dealing with potential cyber incidents. As the Compliance Officer,
she would like you to focus on the company’s relationships with law enforcement and reporting
plan. You will become the liaison for the company once the policy is established. Cybersafe is
headquartered in Miami, Florida and does business in South America and the Caribbean.
1.
Please draft a proposal to the CEO (paragraph format) that lays out your
recommendations for (1) establishing law enforcement relationships at the specific local,
federal, and international (if you are outside the US) agencies in the jurisdiction where (a)
Cybersafe is headquartered and (b) wherever you live, (2) identifying which agencies to
contact in the event of an incident, and (3) managing the law enforcement relationship
over time.
2.
Please read the written
testimony of Joseph Blount
Download testimony of Joseph
Blount
, President and CEO of Colonial Pipeline, dated June 8, 2021, and evaluate
Colonial’s response to the ransomware attack in light of what you’ve learned in Modules
4 and 5. Your evaluation should address:
i.
At least three essential components of responding internally to a cybersecurity
breach incident and
ii.
At least two avenues for responding externally to a cybersecurity breach incident.
Please post your answer first and then please comment on posts by at least one of your
classmates.
For guidance on how to draft your Discussion Board posts, consult the following guides:
Dear CEO,
I would like to recommend you the following plan regarding possible cyber incidents handling as well as establishing relationships with the law enforcement agencies.
Cybersafe is based in Miami, Florida so relations should be established with local law enforcement agencies such the Miami-Dade Police Department Cybercrime Bureau and the Florida Department of Law Enforcement Cybercrime Unit. Network with federal law enforcement agencies to include the Federal Bureau of Investigation (FBI), and Department of Justice (DOJ).
If Cybersafe is in business outside the US we will also need to establish relations with law enforcement agencies in foreign countries. Once a cyber incident occurs, it is key that there be in place a plan to immediately identify the right law enforcement agency to be called up. The management can leave nothing for chance by keeping a list of contacts vouching for the relevant local, federal, and international law enforcement agencies to include telephone numbers of significance and what types of incidents the agencies are most capable handling.
You would stay in regular contact with the law enforcement and update them on any developments in Cybersafe, whether technological or changes in technical requirements. This will help develop trust and a positive working relationship between Cybersafe and the law enforcement that shall be of help in case a cyber incident takes place.
Thank you for accepting my proposal. Looking forward to discussing the recommendations made in this proposal with you so as to make sure they are effectively helpful when put into action.
Joseph Blount's testimony after the ransomware attack on Colonial Pipeline does give a general prospect into strategies' predispositions of internal and external response of the company. On evaluating this reaction to the organization in light of established best practices to manage cybersecurity incidents, many components and avenues are traceable that is within the given norms and some that do not meet them.
Internal Response to the Cyber Attack:
Response and Immediate Measures
Action Taken
:
Immediately Colonial discovered the ransom note, it responded swiftly by closing down its pipeline operations. This action ensured that whatever breach occurred would be contained and curtailed possibility of malware further spread, if any, with an aim to impact the Operational Technology (OT) network of the affected entity. Assessment: This follows with the first critical step of incident response—
immediate containment. The ability to make rapid decisions and to act upon them, as displayed by Colonial, this is a strong lemonade required for taming further spread of and damaged caused.
Activation of Incident Response Plan:
Action Taken
:
Colonial started their incident response process all across the business. This organized approach was based on frameworks akin to the federal agencies. All the employees including and all the personnel operational were given stop work authority in order to stress safety as well as system integrity. Evaluation: It describes the roles and responsibilities of each member when an incident takes place. The structured incident response process is something that cannot be compromised upon. By making every team member aware of the incident response process, and empowering the employees through the stop
work authority, Colonial evidences its maturity as far as processes related to incident management are concerned.
Investigation and Remediation:
Action Taken
: The company availed the services of forensic experts who would determine the nature and scope of the breach. They took necessary actions that included shutting down affected servers and reinforcing security defences in place. Assessment: Post-incident investigation and remediation form an important part of any cybersecurity breach recovery. Kudos to Colonial for not just keeping its recovery limited to the immediate dimension, but also engaging in the two dimensions of learning about the attack vectors as well as salvaging its cybersecurity posture.
External Response to the Cybersecurity Breach: Collaboration with Law Enforcement, Federal Agencies:
Action Taken
:
Colonial promptly established contact with the FBI, CISA, and other necessary agencies. Lines of communications remained open, indicators of compromise shared, actions taken in unison to deal with the situation. engagement and interaction with the law enforcement agencies and federal level entities are critical to a cyber response holistically. these will help them get an insight into broader social, justice,
and security implications that arise out of such critical breaches and tap other resources for effectively managing it. proactively reaching out to these external parties indicates the well thought out strategy at Colonial.
Transparent Communication and Public Disclosure:
Action Taken:
Although, at first, Colonial was tentative about the details of the ransom, later it made public this information open as well as discussed, amongst the concerned people and authorities, the course of action. Assessment: Transparent and timely communication plays a significant role in dealing with the external angles of any cyber incident. It is involved in sustaining public confidence and it may be even a regulatory requirement, finally. Colonial's approach of gradually opening up on the details of the incident
was essentially for maintaining an operational security and at the same time fulfilling responsibility towards the stakeholders. Conclusively, the response by Colonial Pipeline's Joseph Blount outlines a detailed, systematic, and comprehensive approach in managing a complicated cyber crisis. Appreciated is their swift action within, adhering to the structured incident response plan, and in-depth investigation and remediation. First, their collaboration with law enforcement and federal agencies, coupled with a measured approach in the public disclosure, is indicative of a mature and responsible handling of a critical situation externally. The fusion of these internal and external response strategies presents a robust approach towards cybersecurity incident management.
References:
HEARING BEFORE THE UNITED STATES SENATE COMMITTEE ON HOMELAND SECURITY & GOVERNMENTAL AFFAIRS
. (2021). https://www.hsgac.senate.gov/wp-content/uploads/imo/media/doc/Testimony-Blount-2021-06-08.pdf
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help