A company is investigating a data compromise where data exfiltration occurred. Prior to the investigation,
the supervisor terminates an employee as a result of the suspected data loss. During the investigation,
the supervisor is absent for the interview, and little evidence can be provided form the role-based
authentication system in use by the company. The situation can be identified for future mitigation as
which of the following?
A.
Job rotation
B.
Log failure
C.
Lack of training
D.
Insider threat
So we have a breach and before the investigation, we fire the employee. We fail to interview the supervisor. There is little evidence. So the problem is our lack of logging. No, this is a failure to train the employees, the supervisor, the sys admin. For all we know, the supervisor pocketed the information and sold it to the competitor and fired the employee for no reason but since no one knew to actually interview him/her, we give up. This is a lack of training issue.
1
0
B is the correct answer. Log analysis is crucial to identifying problems that occur related to security.
0
3
I am with Paul in this one.
** So data was exfiltrated
** The incident was not even investigated
** The supervisor, prior to any investigation and due diligence fires an employee he SUSPECTS of being the culprit (so much that you are innocent until proven the contrary. This may constitute unfair dismissal)
** Then the investigation starts with a formal “interview”
** The fired employee is not present, the supervisor is not present, and there is very little evidence in effect to charge the fired employee.
This is an abysmal failure of HR and proper procedures and processes. It is a proverbial cockup of monumental proportions.
So this is not a TECHNICAL issue. It is a PROCEDURAL one.
People need to be properly trained on how to deal with such situations.
First you find the evidence, and then you fire someone based on concrete findings, not based on assumptions.
Log Failure has absolutely nothing to do with this.
I stick with C- Lack of training
1
0
D Insider threat.
Data exfiltration is done either by the terminated employee or by the supervisor. In either case, it was an insider threat.
0
0
An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems
0
0