This website uses cookies to ensure you have the best experience. Learn more

Enterprise Continuity Planning Essay

3229 words - 13 pages

November 10, 2015
chrystal kimbrough
November 10, 2015
chrystal kimbrough


A company’s worst fear came to fruition when an employee hacked into his own records on the human resource system and was successful in modifying their own records. The employee gave himself an increase in pay by increase his base salary rate. The employee had success in performing this crime by spoofing an IP address, allowing their self the ability to eavesdrop on the network. By spoofing the specific IP address, the employee was able to find the ...view middle of the document...

With authentication and encryption controls, a local root certificate authority was installed on the network in order to implement a PKI {public key infrastructure} that permits all communication to the HR system making all communication require a certificate. These controls would also encrypt all network traffic going to or coming from the HR system and would create a prevention in eavesdropping on the network. This would also prove to be successful in the prevention against spoofing by properly authenticating the host.

Part A – Evaluation – Post – Event

A.1 – Overview – Nature of Incident

An employee was successful in their efforts of exploiting vulnerabilities on the company’s network, specifically the HR system, in order to gain unauthorized access and to give their self an increase in salary by modifying the salary information. A lack of authentication and controls on the network allowed the employee to be successful in utilizing a technique called spoofing, allowing them to ability to view network traffic on the network that was not intended for their view. With this technique, they were successful in granting an unapproved increase to their pay, in which they received on the next two subsequent payroll checks, thus directly violating the integrity of the system. When the fraudulent changes and updates were discovered by an auditor for the company, the auditor immediately sent emails to significant parties within the company that should be made aware of the situation. The scandalous employee, was once again, able to manipulate the network and intercept the emails. False responses were then crafted up and sent back to the auditor as if they were coming from the originally intended individuals. Because they were successful in disguising their self as ‘entitled’ company officials, the employee was also successful in obtaining additional access to other financial systems and data, thus modifying this data as well. Other company employees’ pay was cut, including the president, and the employee added the pay to their salary as well.
A.2 – Notification Requirements

Although the company’s HR system has been compromised, there has not been any disruption in the ability of the company to maintain business as usual. This does not take away from the fact that this event was very serious in nature, but it does not fall into the category of being a disaster. Because this incident resulted in a breach of security, it is a requirement that a predetermined incident procedure and notification protocol be activated and put into place. Upon initial classification that the incident was indeed a breech in security, it is the responsibility of IT management to notify all parties included on the incident response team. This list of parties should include executive staff, direct management, IT security staff (specifically staff trained in incident response), and the company’s legal counsel. It should be well-stated to all incident response members...

Other Papers Like Enterprise Continuity Planning

Sec280 Disaster Recovery - Case Study

1010 words - 5 pages deployment and system restoring. Business-Continuity Planning III. As the network must have a form of redundancy in the event of a failure it’s a recommendation to have a Syslog Server installed on a separate but corresponding network that receives periodic updates from the embedded intrusion detection systems we are now putting in place. On top of the log server it will be viable to segment the network. This can be done via VLANs, with

Information Technology Essay

1710 words - 7 pages software market trends. Faulkner Information Services. Barr, J. (2011). Federal business continuity plans. Faulkner Information Services. Ledford, J. L. (2012). Federal Information Security Management Act (FISMA). Faulkner Information Services. Ainsworth, M. (2009). The business continuity planning process. Faulkner Information Services. Barr, J. G. (2011). The standard of good practice for information security. Faulkner Information

Agcredit Case

836 words - 4 pages PROCESS-DRIVEN ORGANIZATION AT AGCREDIT In this case IT often takes a backseat to other business concerns. The CEO having to be approached on the weekend to look at IT issues shows a lack of perceived IT value. AgCredit, a financial institution focusing on agribusiness that is at a crossroads after an effort of three months of planning. Kate Longair is mapping critical restructuring in the IT system to support the company’s growth and

Enterprise Resource Planning (Erp) Many Companies Look to Their Enterprise Resource Planning (Erp) Systems to Find Efficiencies, Improve Processes, Reduce Complexity, Integrate Systems, and Eliminate...

1248 words - 5 pages Utilities Fact Sheet Enterprise resource planning reviews How Internal Audit can help utilities get the most from their enterprise technology investments Unless properly managed, complex technology implementations may miss the mark on the delivery of strategic business benefits. In the current economic environment, utilities are under tremendous pressure to ensure continuity of key operations with fewer resources. Some are reducing head count

Planning and Non Planning Factors

3215 words - 13 pages considerations including personal circumstances of occupiers. The classification of these considerations as material depends on the circumstance of each case. Planning considerations can also be discussed in terms of its responsiveness, permeability, variety, legibility, robustness, richness, personlisation, design, amenity, visual appropriateness, adaptability, stimulation, safety, efficiency, scale, access, continuity and the appearance of the

Business Management

969 words - 4 pages operations in a single system, which includes Enterprise Resources Planning (ERP), Accounting, Customer Relationship Management (CRM), and Ecommerce. It’s patent-pending "real-time dashboard" technology provides an easy-to-use view into up-to-date, role- specific business information. The difference between NetSuite software and other web-based business software which persuaded us to select their software is that it’s built around a single

Management Controls

1041 words - 5 pages acquisition and maintenance, access security, and application system development and maintenance. They create the environment in which the application systems and application controls operate. Examples include IT policies, standards, and guidelines pertaining to IT security and information protection, application software development and change controls, segregation of duties, service continuity planning, IT project management, etc. Application

Values for Americans

1184 words - 5 pages Natural and Positive Kohls (1988) talks about the fact that many cultures view change as not always something positive. These cultures value stability, continuity, tradition, and a rich and ancient heritage (Kohls, 1988). 3. Time and Its Control Time is critically important to Americans. Time is the given and people are the variable. To people from other countries Americans may be a little obsessed about being on time

Internal Controls

1129 words - 5 pages complete with data backup systems that protect the files from system failure or corrupted hardware. There should be contingency planning systems which would have offsite backup systems that can restore data to the enterprise. The database controls should dictate the type of data required, reasonableness, and protect the integrity of the transactions and the use of the data by many end users. The inventory systems should have personnel controls, file

Chapter 1—Introduction to Accounting Information Systems

3566 words - 15 pages business activities and resources is known as a. an information system b. a management information system c. an enterprise database d. strategic planning ANS: C 39. The process of selecting the organization’s long term objectives such as product lines and profitability is a. strategic planning b. tactical planning c. operations planning d. operations and business event processing ANS: A 40. Which of the following is NOT

risk management

3766 words - 16 pages a disruption. 50 file servers 12 databases Enterprise Resource Planning software (ERP) Electronic Funds Transfer software (EFT) DLIS Plan: To receive, edit, and route logistics transactions for the Military Services and Federal Agencies to provide value added services for standard MILS transactions provide information about anything, anywhere, anytime, anyway, to anyone in the DoD and Federal Logistics Community. Army

Related Essays

Jit2 Task 1 Instructions Essay

938 words - 4 pages  ­ The graduate analyzes risks and values and uses a variety of decision analysis tools and decision theory to evaluate alternatives during decision­making processes. 326.4.1: Enterprise Continuity ­ The graduate analyzes enterprise continuity plans and the continuity planning process to ensure the inclusion of essential elements, processes, and stakeholder roles. 326.4.2: Continuity and the Global Marketplace ­ The graduate applies

Lab 8 Information Systems Essay

1454 words - 6 pages 1.The creation of a strategy through the recognition of threats and risks facing a company, with an eye to ensure that personnel and assets are protected and able to function in the event of a disaster. Business continuity planning (BCP) involves defining potential risks, determining how those risks will affect operations, implementing safeguards and procedures designed to mitigate those risks, testing those procedures to ensure that they work

Enterprise Architecture Essay

5494 words - 22 pages business processes, performance indicators, etc. (Braun/Winter 2005). Only when ‘ purely’ business related artifacts are covered by EA, important management activities like business continuity planning, change impact analysis, risk analysis and compliance can be supported. ENTERPRISE ARCHITECTURE: REPRESENTATION The aforementioned definition of enterprise architecture restricts included components to be ‘ fundamental’ Due to the broad range of rele

Shui Fabric Essay

2138 words - 9 pages Name: Dynamic Trio MANDYN R24 Shui Fabrics Date Due: November 24, 2011 Date Submitted: November 23, 2011 I. Case Method A. Problem Statement How to ensure Shui Fabrics’ business continuity by increasing profitability and at the same time fulfill diverse expectations of partnering companies brought about by strong influences of politico-social and cultural differences B. Objectives 1