Application security | isol | university of the cumberlands
‘Boeing Possibly Hit by WannaCry’ Malware Attack
In his article dated 3/28/2018 in NYT, Nicole Perlroth wrote:
“Boeing said on Wednesday that it was hit by a cyberattack that some Boeing executives identified as the same WannaCry computer virus that struck thousands of computer systems in more than 70 countries around the world last year.
In an internal memo, Mike VanderWel, chief engineer of Boeing Commercial Airplane production engineering, said the attack was “metastasizing” and he worried it could spread to Boeing’s production systems and airline software”
In a high level, please briefly discuss the steps you would follow if you have been selected to lead the Information Security team for this ransomware incident.
Your participation is worth 4 points of your total grade.
To get the full 4 points, students must write one own post (create thread) related to the subject and comment on at least one other student post.
Hints for best practices
Don’t just describe good security measures that would be implemented after everything is stable and under control.
- What would you do first hour, first day, and so on.Think about the big picture and how you would escalate the issue.
- who are your stakeholders? Think about RACI matrix (Responsible, Accountable, Consulted, and Informed)
- Who should be notified first?
- Would you form your response team?
- Collecting and handling evidence investigation
- What is the role of digital forensics?
- What about backup and restore?
- Do you need to restore anything?
- Reporting and Documenting? What about your initial incident report?
- Would you be segregating some computers and folders from the network?
- Would you involve any external government or private agency ?
Think about the process from both management and technical perspectives.