DB 3- 

Wow, we¥ just learned that Worldwide Global, Inc. is The Voidàprimary target, and they¥ wreaking havoc on our company. They¥ trying to illegally transfer our money, sending customers fraudulent invoices, and threatening extortion. They¥ also disabled our website, which means that we have no way of communicating with our clients and customers. At this point, the most important questions that we need to address are:

How should the company be responding to this suspected cyber attack? What would the government expect our company to do at this point? What resources can we lean on?

As you discuss these questions in your discussion post, you may also address the following related questions

How would you conduct an assessment of this situation?

What resources do we have? What resources does the government have to offer us? What resources might others in the private sector, such as information sharing and analysis centers, have to offer us?

Do we have a Cyber Incident Response Team? What is their composition/skill set? Does our incident handler have a systems administrator, business process mindset, and understanding of the IT architecture?

DB 4: 

What hasn been covered by VNN is that there were also signs on our internal systems that something was amiss. It started two weeks ago when our security event console indicated the detection of suspicious network activities. Our system administrator conducted his daily check on the system backup server and discovered a backup error message. Upon further investigation, though, he did not find any additional errors, nor did he notice anything unusual. The system administrator logged the error message according to our standard logging procedures.

A week ago, the database server on our corporate local area network crashed. After an automatic reboot, operations appeared normal, but shortly afterwards IT Support received several phone calls from users in the Accounting Department reporting that their network appeared to be slow. By noon, additional calls were received from users in other departments, to the point where IT support became overwhelmed and considered escalating the problem to management.

In addition to those internal issues, The Voidàhacking is having significant negative impacts on our business:

As a company, our productivity has dropped significantly as a result of the cyber threat rumors and unresponsive systems.

Several of the customers who received unauthorized invoices are threatening legal action.

Wary of what they perceive as unsecure systems, customers and stakeholders alike are refraining from making any investments in our company.

Notifications and Stakeholder Communications

The situation at Worldwide Global, Inc. has reached a crescendo, with significant negative impacts on our employees and customers. At this point, the most important questions that we need to address are:

Who should we notify )nternally and externally )n the case of a cyber event? What should these processes be?

How should we quickly communicate with key stakeholders to minimize the impact of a cyber event on our business?

As you discuss these questions in your discussion post, you may also address the following related questions:

What is our planned decision-making process for protective actions in a cyber incident? What options are available? Planned for? How are they activated? What about planned notifications? How do we do this internal to our organization? External to our organization?

What are the business implications of the scenario? How would we determine them?

What are the expectations or plans for information sharing among stakeholders and response partners?