PART B CASE STUDY - Application of Cybersecurity Concepts

Study & evaluate the extract below and answer the questions which follow: A massive cyber attack on Air Indias data processor in February led to the hack of ten years worth of customer data, including credit cards, passports and phone numbers. The Air India company announced three months after it was first informed about the incident that it had affected about 45 lakh customers registered between 26th August 2011 and 3rd February 2021.

This is to inform that SITA PSS our data processor of the passenger service system (which is responsible for storing and processing of personal information of the passengers) had recently been subjected to a cybersecurity attack leading to personal data leak of certain passengers. This incident affected around 4,500,000 data subjects in the world.

On 4th March 2021, SITA confirms that it was the victim of a cyber-attack, leading to a data security incident involving certain passenger data that was stored on SITA Passenger Service System (US) Inc. servers. Passenger Service System (US) Inc. (SITA PSS) operates passenger processing systems for airlines. SITA is the worlds leading specialist in air transport communications and information technology. It provides solutions and services for Airlines. So that incident might have affected Air India too. While we had received the first notification in this regard from our data processor on 25.02.2021, we would like to clarify that the identity of the affected data subjects was only provided to us by our data processor on 25.03.2021 & 5.04.2021. The present communication is an effort to apprise of accurate state of facts as on date and to supplement our general announcement of 19th March 2021 initially made via our website, Air India said.

The breach involved personal data registered between 26th August 2011 and 3rd February 2021, with details that included name, date of birth, contact information, passport information, ticket information, Star Alliance and Air India frequent flyer data (but no passwords data were affected) as well as credit cards data. However, in respect of this last type of data, CVV/CVC numbers are not held by our data processor. Air India said as part of their investigation into the event, they engaged the security experts and notified credit card issuers they had a problem, as well as reset passwords for their frequent flyer program.

question

SOAR Diagram

1) With reference to the SOAR model, in which of the stages due you think there was a process failure to implement the necessary measures and controls so that the data breach could have been prevented? Explain in detail.

Security Operations, Analytics and Reporting Stack SOA SIR TVM Response Mitigation Configuration/System Change, Application Patching. Rule/Signature Creation Assessment Policies, Processes, Playbooks, Triage VA, SIEM, etc. Detection Impact and Risk Analysis/Modeling. Threat Intelligence Fusion Source: Gartner, Innovation Tech Insight for Security Operations, Analytics and Reporting (November 2015)