Background November 2019, Barak_Air (BA) and several other major aircraft manufacturers and designers suffered the loss of
Question:
Background
November 2019, Barak_Air (BA) and several other major aircraft manufacturers and designers suffered the loss of
200 gigabytes of data which was stored on servers belonging to a third-party
company, Next Step AI Group.
The stolen or corrupted data included over a decade's worth of information related to assembly
line schematics, factory floor plans and layouts, robotic configurations and documentation, ID
badge request forms for employees, contracts and non-disclosure agreements.
Poor security measures meant that sensitive data from BA could be readily altered, deleted, or in
this case copied without prior permission.
After undertaking a comprehensive risk assessment, BA under the direction of its leadership team
including the CEO, CFO, CISO and General Counsel, moved to identify data lost, immediately
address the risk of further breaches, established a response team and commissioned the services of
an independent specialist cybersecurity forensic audit team. The response team comprised the
CEO, CFO, CISO, General Counsel, Chief People Officer, VP Robotics, VP Operations, VP
Communications, Chief Audit Executive and Head of Security.
The response team undertook a complete risk assessment and identified key priorities around
increased IT and physical security measures, review of assembly line and robotics systems,
measures around staff safety and security and third-party supply arrangements and contractual
obligations. The risk assessment also addressed reporting and compliance obligations and
proposed the development of a detailed stakeholder engagement program.
Prior to the forensic audit team commencing, the response team established 5 key elements to
ensure the audit proceeded smoothly. These included appropriately scoping the audit, defining the
threats, providing information on the response team's assessment of the current security
performance and sharing the risk priority assessment as noted above.
Question 2 - Questions for Forensic Audit team
Given an external forensic audit is essentially evaluating the performance of the leadership team, management and the entire company at BA, it is important they have unfettered access to relevant personnel, documentation and equipment. This can be confrontational and upsetting for staff so it is important that the forensic audit team are clear about their approach, program and timing including whether activities and investigations will occur outside of hours.
A) What are the key questions that should be considered for the company and to whom should they be addressing?
Question 3
To assess the performance of the forensic audit team, the BA leadership and response team need to consider and rate
Question 4 a) - Assessment criteria
Create 10 point Disaster Recovery Plan (DRP) for Barak_Air. Ensure to include a justification on why each of these things are critical to Barak_Air
Cost management a strategic approach
ISBN: 978-0073526942
5th edition
Authors: Edward J. Blocher, David E. Stout, Gary Cokins