Case StudyTHE CASE SCENARIOThe victim: A bank with $400$ networked windows $100$ in a central office, with another $300$ in a branch offices. Upon arrival of the incident response team, we identify that the client had nosecurity protection in place. The network administrators had no clue has to what is going on in the network, no security tool and the perimeter had no IPS$/$IDS system in place.All the organizations user systems are Windows $7$ and Windows $10.$ Employees are using Windows mail systems which operates on Office $365$ and MS Outlook. Cyber Security team identified that the infection started with a phishing email.THE MALWAREThe malware was identified has ETEY, specifically a newer variant that resisted efforts by utility programs such as Norton Anti$-$Virus to remove it$.$ The bank admin also checked the registry settings as described by Malwarebytes, hoping to isolate the exact nature of the threat, but had no luck. ETEY has a nasty habit of deleting key files in its wake in order to confound attempts to stop it$.$The bank decided to restart the server and see how things went. While the server was down, though, the firm had to write down new transactions on little slips of paper. It was chaos.Each infected folder contained files: # DecryptReadMefile.txt$.$ It encrypted any file on the target extension list, giving it a random filename with the $.$ETEY extension.The malware infected all PCs at the central office and all the systems at branch offices. The damage to these infected machine was not serious since they could be reimaged. The $10$ servers hosting critical banking information and databases was a big issue, since the bank admin foundout the backups has been failing: the log files $(.$log$)$ were all encrypted, config files, as well as group setting files.THE DEMANDThe # DecryptReadMe file contained a message asking for $150$ Bitcoins $($about $$1,734,000)$ to restore back the organization systems and data, including details on how to make payment. The bank's management decided that they have no other avenue but to pay the amount.Cybersecurity experts first tried to recover files from the physical servers but had no luck, due most of the flies where corrupted. The team proceed with negotiation and was able to bring down the negotiated amount to $300$ bitcoins.Answer the following Questions:$1.$ What are the vulnerabilities on this case study?$2.$ There are $12$ principles of information security, which one do you think did not apply? state$3.$ What are the three components of the C$.$I.A$.$ triangle?$4.$ What are they used for? If the C$.$I.A$.$ triangle is incomplete, why is it so commonly used in security?$5.$ What is the difference between vulnerability and threat on this case study $?6.$ Discuss ways on how are you going to reduce the risk$\mathrm{.}7.$ What are some advice you could offer to the firm that could have taken to prevent this incident?