Critical Thinking Activity: Module 09 Flashcards
- Was the CSIRT response appropriate, given the circumstances? On what do you base your position?
The CSIRT response was appropriate. They were able to quickly identify and contain the worm, minimize downtime and data loss, and obtain a copy of the worm for further analysis.
When infected containing the virus and minimizing damages would be my first response after i know that my system or a system that I’m monitoring got infected.
- Was Paul being unjustly accused of allowing the incident to happen? On what do you base your position?
The scenario states that HAL had firewalls in place to prevent such attacks, and it is not clear whether there were any gaps or vulnerabilities in the firewall that Paul could have prevented. Therefore, I think would be unfair to lay the blame solely on Paul without a thorough investigation into the incident’s root cause r any other potential gaps in HAL’s security.
My bases lands on innocent until proven guilty as well as their just trying there best, no one is perfict.
- Was there anything else Paul could have done to prevent the incident? On what do you base your position?
paul could of tryed to do his best at the following:
Regularly patching and updating systems to address known vulnerabilities.
Implementing and enforcing strong password policies.
Educating employees on safe computing practices, such as not clicking on suspicious links or downloading unknown attachments.
Conducting regular vulnerability assessments and penetration testing to identify and address any weaknesses in the network.
Ethical Decision Making
1. How does the team approach this aspect of the investigation to get the best results and to avoid conflicts of interest??
some ideas that they could of use are: establish clear communication, conduct a thorough investigation, document everything, and be transparent.
Ethical Decision Making
2. Can the team access Osbert’s personal devices to examine them? Under what constraints? How might the team accomplish this legally?
In most cases, the team would not be able to access Osbert’s personal devices without his consent or a legal basis for doing so. If the team suspects that Osbert’s devices were involved in the incident and believe that accessing them is necessary for the investigation, they may need to obtain a court order or search warrant in order to do so.
Ethical Decision Making
3. During the investigation and forensic effort in response to the worm outbreak, you are examining a hard drive and find “love letters” between two employees of the organization who are not married to each other. This activity is not illegal, and it is not related to the worm attack. Do you report it in the investigation?
no, the focus should remain on the incident at hand these “love letters” are not related to the worm attack.
Ethical Decision Making
4. Suppose the examiner is friends with the spouse of one of the lovers, and the examiner shows the friend evidence of the affair. Would that be ethical behavior? Why or why not?
No, it would not be ethical behavior for an examiner to show their friend evidence of the affair. The examiner has a professional responsibility to maintain the confidentiality of the information obtained during the investigation. Showing evidence of the affair to a friend who is not involved in the investigation would violate that responsibility and could have serious consequences. Additionally, it could also lead to accusations of bias or conflicts of interest if the friend is closely associated with one of the individuals involved in the investigation.
