Background

November 2019, Barak_Air (BA) and several other major aircraft manufacturers and designers suffered the loss of

200 gigabytes of data which was stored on servers belonging to a third-party

company, Next Step AI Group.

The stolen or corrupted data included over a decade's worth of information related to assembly

line schematics, factory floor plans and layouts, robotic configurations and documentation, ID

badge request forms for employees, contracts and non-disclosure agreements.

Poor security measures meant that sensitive data from BA could be readily altered, deleted, or in

this case copied without prior permission.

After undertaking a comprehensive risk assessment, BA under the direction of its leadership team

including the CEO, CFO, CISO and General Counsel, moved to identify data lost, immediately

address the risk of further breaches, established a response team and commissioned the services of

an independent specialist cybersecurity forensic audit team. The response team comprised the

CEO, CFO, CISO, General Counsel, Chief People Officer, VP Robotics, VP Operations, VP

Communications, Chief Audit Executive and Head of Security.

The response team undertook a complete risk assessment and identified key priorities around

increased IT and physical security measures, review of assembly line and robotics systems,

measures around staff safety and security and third-party supply arrangements and contractual

obligations. The risk assessment also addressed reporting and compliance obligations and

proposed the development of a detailed stakeholder engagement program.

Prior to the forensic audit team commencing, the response team established 5 key elements to

ensure the audit proceeded smoothly. These included appropriately scoping the audit, defining the

threats, providing information on the response team's assessment of the current security

performance and sharing the risk priority assessment as noted above.

Question 2 - Questions for Forensic Audit team

Given an external forensic audit is essentially evaluating the performance of the leadership team, management and the entire company at BA, it is important they have unfettered access to relevant personnel, documentation and equipment. This can be confrontational and upsetting for staff so it is important that the forensic audit team are clear about their approach, program and timing including whether activities and investigations will occur outside of hours.

A) What are the key questions that should be considered for the company and to whom should they be addressing?

Question 3

To assess the performance of the forensic audit team, the BA leadership and response team need to consider and rate

Question 4 a) - Assessment criteria

Create 10 point Disaster Recovery Plan (DRP) for Barak_Air. Ensure to include a justification on why each of these things are critical to Barak_Air

  

Audit team performance Vulnerability assessment Data breach/loss evaluation Controls assessment DR/BCP evaluation Scope consistency Timeliness/accessibility particularly of senior auditors Relevance of findings Communication/responsiveness with BA leadership team Rating 1-5 (Where 1 = very poor 5 = excellent) 2 Comments/rationale Audit team did not respond fully to scope and complete an in-depth analysis of data breach. Audit team did not engage with client effectively meaning outcomes not maximised. Audit engagement completed in 4 weeks instead of 6-audit cost savings? Report well-presented but did not cover full audit scope. No communication with BA team following the initial briefing.