CYBERSECURITY (Lab Report Sample)

Part A: Project #1 - Sifers-Grayson cybersecurity report form
Student name
Institution affiliation
Instructor
CSIA 310 Project #1 Incident Response report
Due date
Sifers- Grayson cybersecurity report form
1 Contact information for the incident reporter and handler
1 Name.................
2 Role: Cybersecurity incidence response leader
3 Organisational unit : Information Technology Department at Sifers – Grayson Corporate, Blue Team member.
4 Email address...................
5 Contact phone number..................
6 Location: 155 Pine, Knob Trail, Pine Knob, KY 42721
2 Incident information/incident details
7 Time stamps/ status change of time: No clear information on the official date of attack. The incident was discovered when the system slowed down its operations as a result of drone malfunctions.
8 Physical location of incident: Pine Knob, KY 42721.
9 Current status of the attack: The attack ended.
10 Cause of the incident: the attack was caused by an unknown device with an IP address 11.123.26.193 with no host name associated to it with an aim of stealing all valuable information.
Description of the incident: The incident was detected when the system became sluggish in its operations. Continuous running of logging information on the server.
Description of affected sources : The R&D Centre server (IP address 10.10.120.0/24 ) have been exploited and the Red Team stole 100% of design documents and source code for the AX10 Drone System. The Red Team stole passwords for 20%of employees logins using key logging software installed on the USB left on the lunch table by the employees.
If unknown, incident category, vector of attack associated with the incident, the indicators related to the incident. At the moment, no vector of attack associated with the incident available.
Prioritization factors: By the time attack was ongoing, the system slowed down its operations and after the attack and the Red Team gave report to the company about the system security, the system returned to its normal functioning state.
Mitigating factors: The server that was hacked by the Red Team resulted to stolen of 100% of design documents and source code for the AX10 Drone system, passwords of 20% of employees logins stolen from key login software installed.
Response actions performed: The system was switched off and all activities performed were logged in for forensic evidence.
Other organisations contacted: No other organisation that was contacted.
3 Cause of the incident (e.g. misconfigured applications, unmatched host )
The incident was by poor handling of devices by Sifers-Grayson's employees, unsecured access points, and lack of overall network security. Employees allowed strangers (Red Team) into secure areas, that is, allowing the attackers into RFID controlled doors on the engineering staff. Lack of security measures to detect malware installed on the system. Attackers hacked the system and stole all the design documents and source code for AX10 Drone.
4 Cost of the incident
The total cost is about to be revealed. It is projected that the time IT staff could take