Lesson 3 Scenario Flashcards
Widget Enterprises (WE) uses the third party security tool
VendorView, which they have configured to send alerts for
specific risks or threats. On Monday, the team sees an alert
from VendorView that JSC’s network shows a botnet infection.
What would be your next steps?
* VendorView says the Botnet infection is a version of Virobot
* VendorView gives the vendor an A rating (A-F ratings)
* JSC has 120,000 employee and candidate PII stored in the
HR system
* JSC has one open finding on inadequate DLP, with a
remediation date three months from today.
* JSC has no other open items in findings or risks.
-Start by googling Virobot - keylogging
- Use the tools you have available to know the potential risk. Keylogger is something you want to pay attention to.
-What’s the relationship between Virbot and the open findings?
-What would be concerning for you there?
If you have a keylogger and inadequate DLP, what is our concern?
-Someone taking the data undetected.
You have a known vulnerability that’s been advertised by your tooling. We have a specific threat we can talk to you about.
What is the conversation you want to have with the vendor? We detected Virobot in your environment, can you see if the botnet can be turned off and what are you doing to pull in that data?
The company had an A, but because of your risk assessment process you found more than what the tool found.
Risk = likelihood x impact so virobot increases the likelihood
WE analysts notice an alert from VendorView on
MCS with an open port.
The data from the alert is as follows:
* VendorView says the open port is 25
- VendorView gives the vendor an B rating (A-
F ratings) - MCS processes about 1M customer records
for service calls globally for WE - MCS has several open findings for
insufficient DLP, inadequate access reviews,
and their BC plan has not been reviewed.
Port 25 sending of emails unencrypted
Potential issue is business email compromised
You get the dlert, do the research on port 25, no shame in using a search engine to fill in the gaps, take the information you’re getting and compare to the information you have
EXAM!!!
You will be asked to understand what next steps are!!!
Written in a way that you should be able to identify what the risks are!
Multiple choice, long paragraphs to understand the risk