SUBDOMAIN 427.1 ­ ENTERPRISE CONTINUITY PLANNING Competency 427.1.5: Responding to Attacks and Special Circumstances ­ The graduate identifies, evaluates, and applies network response procedures for attacks with special circumstances. Competency 427.1.7: Continued Assessments During a Disaster ­ The graduate assesses needs, threats, and solutions prior to and during a network disaster. Scenario: An employee hacked into the human resource records system at the employee’s place of business and changed the employee’s base salary rate to obtain a pay raise. The employee did this by spoofing an IP address in order to eavesdrop on the network. Once the employee identified where the data was stored and how to modify it, the employee made the changes and received two paychecks with the new amount. Fortunately, an auditor happened to discover the error. The auditor sent an e­mail to several individuals within the organization to let them know there was a potential problem with the employee’s paycheck. However, the employee was able to intercept the message and craft fake responses from the individuals the original e­mail was sent to. The employee and the auditor exchanged e­mails back and forth until the employee was soon given access permissions for some other financial records. With this new information, the employee was able to lower the salaries of the president of the company and several other employees and then to include the salary difference in the employee’s own paycheck. The IT staff determined that the spoofing that occurred that allowed the employee to gain access to the human resources system was caused by a lack of authentication and encryption controls. As such, a local root certificate authority was installed to implement a public key infrastructure (PKI) in which all communication to the human resource system required a certificate. This would encrypt network