Project Part $3$: Malware Attack and Security Breach

Scenario

Before the risk assessment and gap analysis plan were finalized and implemented, Microsoft experienced a malware attack that began when an employee launched an application from a flash drive. As a result, proprietary information was leaked. The company is now in the process of recovering from this breach. The chief security officer $($CSO$)$ has asked you and your colleagues to participate in a team meeting to discuss the incident and its potential impact on the company.

Tasks

For this part of the project:

$1.$ Prepare for the meeting by deliberating on the following questions:

$$ What circumstances may have allowed this incident to occur, or could allow a similar incident to occur in the future?

$$ What insights about risks, threats, and$/$or vulnerabilities can you glean from reports of similar incidents that have occurred in other organizations?

$$ What potential outcomes should the company anticipate as a result of the malware attack and possible exposure of intellectual property?

$$ Which countermeasures would you recommend the company implement immediately to detect current vulnerabilities, respond to the effects of this and other successful attacks, and prevent future incidents?

$2.$ Write an outline of key points related to the questions above that the team should discuss at the meeting.

$3.$ Perform research as necessary.

Required Resources

$$ Textbook for this course$$

$$ Internet access$$

Self$-$Assessment Checklist

$$ I conducted adequate independent research for this part of the project.

$$ I created an outline that describes key points the team should discuss at the meeting. My outline

describes:

o Circumstances that may have allowed the malware infection to occur, or could allow a similar

incident to occur in the future

o Insights about risks, threats, and$/$or vulnerabilities from reports of similar incidents that have occurred in other organizations

o Potential outcomes of a malware attack and exposure of confidential information

o Countermeasures the company should implement immediately