Project 4
Early one morning at work, CEO Alice Johnson asks if you have a moment to chat. In her office, Alice explains that CyberTech is serving as the cyber forensics consultant for a law firm handling the suit from a 2015 hack of the Office of Personnel Management, OPM. The OPM hack compromised background information on millions of workers. In a related case Anomalous, a non-US gray hat hacking group suspected in the OPM breach case, is claiming that US-based Equation Set attempted to hack its facilities. So we have a non-US and a US set of test hacker groups involved. With Anomalous, the non-US group, being a client plaintiff in one case against Equation Set, the US group, and as a suspect in the OPM breach. But Alice then outlines why the case is problematic. Along with the OPM victims, CyberTech represents clients from some of the OPM breach suspect companies in unrelated cases, which could appear to be a conflict of interest. This could affect the way our company is perceived by others. We need to maintain our image as an unbiased cyber security consultant. Should CyberTech remain on both the OPM breach investigation and the overseas case at the same time? Or should we drop one of the cases? Apply your critical thinking and analytical skills to figure out what happened what we know and don’t know, and how the company might remedy this situation. I’d like a paper by the end of the week with your recommendations