An employee casually remarks about how generous it is of state officials to provide the handful of USB drives on the conference room table, embossed with the State logo.
After making some inquiries you find there is no state program to provide USB drives to employees.
Further investigation subsequently found an unspecified password-stealing keylogger. The spyware was designed to upload stolen usernames and passwords to a server under the control of hackers.
What do you do?
Items to discuss:
Who would the help desk notify?
How would you confirm the claim?
Who would you call to address the scenario?
Items to report:
Did communications flow as expected? If not, why?
Were processes and procedures followed?
Were there any surprises?
How well did the exercise work for your organization?