1 of 7

�CASE STUDY OF �APPLECARE��WITH A PROPOSED�CYBERSECURITY�INCIDENT RESPONSE �PLAN��

ERIC SCHULTZ

COMPUTER EMERGENCY RESPONSE & RESILIENCE COURSE

GEORGETOWN UNIVERSITY

CYBERSECURITY RISK MANAGEMENT MASTERS PROGRAM

05/15/2022

2 of 7

APPLECARE INCIDENT RESPONSE PLAN

This is an Incident Response Plan designed for AppleCare, a department within Apple handling customer service and technical support for its hardware and software products.

The IRP may include C-level executives as well as Incident Response Team staff members.

The AppleCare department includes telephone and chat contact centers in physical office locations as well as virtual contact centers with employees.

Recently, Apple started a partnership with Cisco, Aon and Allianze to work together on its cybersecurity strategy to provide a “cyber risk management solution for businesses.”

3 of 7

INCIDENT RESPONSE PLAN GOALS

The Incident Response Team goals include:

The goal to stop unauthorized access or disclosure of confidential data

Maintain and/or restore business continuity

Limit immediate incident impact within the IT environment

Limit immediate impact to customers and business partners

Preserve evidence

Determine how the incident occurred

Determine who or what initiated the incident

Ensure existing policies and standards are followed and updated to prevent further attack” (CEB, 2013).

4 of 7

4 PHASES OF THE INCIDENT RESPONSE PLAN

Ensure

Ensure Postmortem Learning – this phase would involve how to shore up systems by patching vulnerabilities and doing a post-mortem analysis.

Prepare

Prepare to Contain, Eradicate, and Recover from Incidents – by stopping the breach, eliminating any malware present and restoring systems knocked offline or taken offline to avoid spreading the malware.

Set

Set Criteria to Detect and Analyze Incidents – to determine the appropriate response based on the nature of the breach by using tools to analyze the depth and breadth of damage to the network.

Scope and Conduct

Scope and Conduct Groundwork – this would involve setting the severity level and collecting forensic evidence of any crimes for reports to the appropriate authorities.

5 of 7

PROPOSED ROLES OF THE INCIDENT RESPONSE TEAM MEMBERS FOR THIS CASE STUDY

Incident Response Manager – coordinates the response between departments and provides direction.
Incident Response Lead – controls the Security Operations Center’s response in real time.
Network Forensic Specialists – works on securing the network and conducting the forensic work to find the responsible parties, determine how the breach occurred and to stop it from spreading.
General Council – provides guidance on compliance during and after the incident including its records retention.
Legal Counsel – works to provide guidance about how to notify stakeholders.
Additionally, there should be a group of Change Control personnel to manage and mitigate any changes needed post-incident: Change Manager, Change Review Board, Change Developer, Change Implementor, Change Controller, Change Scheduler.

6 of 7

REGULATORY REPORTING & RESPONSIBILITY

There are many governmental authorities, regulations and policies that may govern the actions of the company and its implementation of the IRP.

In the information technology sector, the regulations that govern IT include GDPR (General Data Protection Regulation) and SOX (Sarbanes-Oxley Act) and FTC Act 5.

GDPR mandates privacy protections for the information of individuals living in the European Union. In the event of a data breach that violates consumer privacy then the organization must report it to authorities within 72 hours. If the law is not followed, a businesses can be sanctioned with audits and fines. SOX applies to companies which are publicly traded. It covers corporate responsibility when it comes to reporting financial transactions.

The FTC Act Section 5 is an information security regulation which says organizations must engage in all “reasonable and necessary” security practices.

HIPAA may apply to a breach at Apple since it stores health data from consumers in its cloud.

The Consumer Privacy Protection Act of 2017 says organizations must provide notice of security breaches involving consumer information.

The SEC would also regulate any pertinent breaches since publicly traded companies and could be fined if breaches were not reported in a timely fashion.

7 of 7

REFERENCES

Apple - Leadership and Governance. Investor.apple.com. (2021). Retrieved 18 February 2021, from https://investor.apple.com/leadership-and-governance/default.aspx.
A, S. (2017). Change Management and the CISSP. Infosecinstitute. Retrieved 9 May 2021, from https://resources.infosecinstitute.com/certification/change-management-cissp/.
Audit and Finance Committee Charter. S2.q4cdn.com. (2020). Retrieved 19 February 2021, from https://s2.q4cdn.com/470004039/files/doc_downloads/2020/20200819-Audit-and-Finance-Committee-Charter.pdf.
Bandos, T. The Five Steps of Incident Response. Digital Guardian. Retrieved 10 March 2021, from https://digitalguardian.com/blog/five-steps-incident-response.
Computer Security Incident Handling Guide Special Publication 800-61 Revision 2. Nvlpubs.nist.gov. (2012). Retrieved 10 March 2021, from https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf.
The Corporate Executive Board Company. (2013). Develop a Comprehensive Incident Response Process [Ebook]. Retrieved 18 February 2021, from.
Cybersecurity and Privacy Laws Directory.. Itgovernanceusa.com. Retrieved 26 February 2021, from https://www.itgovernanceusa.com/federal-cybersecurity-and-privacy-laws.
How Big Tech Is Finally Tackling Cybersecurity - CB Insights Research. CB Insights Research. (2019). Retrieved 26 February 2021, from https://www.cbinsights.com/research/facebook-amazon-microsoft-google-apple-cybersecurity/.
General Data Protection Regulation. En.wikipedia.org. (2021). Retrieved 27 February 2021, from https://en.wikipedia.org/wiki/General_Data_Protection_Regulation.
Rosencrance, L. (2019). 10 types of security incidents and how to handle them. SearchSecurity. Retrieved 10 March 2021, from https://searchsecurity.techtarget.com/feature/10-types-of-security-incidents-and-how-to-handle-them.
Sarbanes–Oxley Act. En.wikipedia.org. (2021). Retrieved 27 February 2021, from https://en.wikipedia.org/wiki/Sarbanes–Oxley_Act.
Schieber, D., & Reid, G. CSIRT Case Classification (Example for Enterprise CSIRT). First.org. Retrieved 19 March 2021, from https://www.first.org/resources/guides/csirt_case_classification.html.
Third Party Data Breach: How to Prevent and What To Do - TrustNet Cybersecurity Solutions. TrustNet Cybersecurity Solutions. (nd). Retrieved 15 May 2021, from https://www.trustnetinc.com/third-party-data-breach-how-to-prevent-and-what-to-do/.