Resource Downloads
Google Slides | Microsoft PowerPoint | PDF Presentation
Injection
Michigan State Police Cyber Command Center (MC3) informs you that there are reports that data from your district is being sold on the dark web. They provide some screenshots of the example data which appears to be staff personnel.
Discussion Prompts
- How do you determine if this is a confirmed security incident or some kind of anomaly?
- How do you identify what systems, data, people, and operational processes are potentially involved?
- What real or potential risk(s) does your organization face?
- What short term containment options do you have?
- Can you contain it without destroying evidence?
- What is the operational impact of the incident and your containment strategy?
Check Your Work
- Review screenshot and compare against publicly available or potentially breached data from other sources.
- Compare screenshots with data from your district.
- Review format and contents of your systems with darkweb screenshot.
- Work with data owners from HR and/or Finance.