Question 1. (30 points) Approximately 30 mins
Scenario 1
A financial company that makes loans to people wishing to buy pet dogs has suffered a ransomware attack. The group, calling themselves the CyberCat Criminals (CCC) compromised a user's (Bob) username and password and were able to access the company's server which was the main machine that runs all the company's systems. Although Bob worked in Finance, he had administrator privileges on the server machine. The criminals exfiltrated data about the company's customers and then encrypted the disks of the server, leaving a ransom note demanding payment in Bitcoin in exchange for a decryption key. The forensic team were unable to tell when the attack was carried out because no logging was being done on that machine.
Question 1.1 (15 points)
You oversee the incident response team that has been called in to deal with the situation outlined in Scenario 1.
[1] (5 points) Describe the skills you would need for people on the team
[2] (10 points) Describe the 4 stages you would go through in handling the incident. Include at least 2 activities in each stage.
Question 1.2 (15 points)
Referring to Scenario 1, How was the company's systems and data impacted in terms of Confidentiality, Integrity and Availability, Authorization, Authentication, and Accountability.
[1] (6 points) Give a brief explanation of the term in your own words
[2] (9 points) Explain how each term relates, or does not, to the specific situations in Scenario 1.
