Consider this scenario: Management has been proud that sensitive customer information stored in company systems has never been accessed by an unauthorized party. This is a major bragging point with the chief technology officer (CTO). Your supervisor reports directly to the CTO and is always trying to please them. You are responsible for ensuring that this data remains secure.
Sensitive data is stored in a database protected by technical and administrative controls. A scheduled audit report reveals a vulnerability that could be exploited. However, there is no immediate evidence of an adversarial presence or unusual internal traffic. In looking into this matter, you find that a technical control is out of date. You missed installing a patch.
While the company has an incident response plan, invoking that will call for a team response. Does this apparently unexploited vulnerability rise to the level of an incident? With a simple upgrade, the system should be secure.
What should you do and why?
In your initial response, select and defend a course of action. You may consider the following possibilities or craft one of your own:
- Fix the issue and don’t tell anyone. There’s no reason to make a big deal of this minor event.
- Fix the issue and explain to management that there was a problem. They need to know.
- Don’t fix it. Start by reporting the issue internally. Follow the incident response plan.
- Turn this matter over to a colleague for decisions and action; you may be caught up in the investigation and should avoid any conflict of interest.
In response to your peers, play the part of a trusted colleague who wants to give advice. What would you ask or advise in considering your colleague’s decision?
Requirements: discussion post
Get this or a similar paper done in as fast as 4 hours, 24/7.
NB: We do not sell prewritten papers. All essays are written from scratch according to specific needs and instructions
Leave a Reply
You must be logged in to post a comment.