Group Activity Day2

The document outlines a group activity focused on a cybersecurity incident at HealthOne, a hospital group facing suspicious network activity and compliance audits. Teams must develop a scanning strategy, assess compliance risks related to PCI-DSS and GDPR, and propose mitigation steps within a limited timeframe. Key tasks include identifying scanning methods, compliance violations, and creating a containment plan to address the security breach.

Uploaded by

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

14 views4 pages

Group Activity Day2

Uploaded by

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 4

GROUP ACTIVITY: Zero Hour at HealthOne – Scan or Be Hacked

Time: 60 minutes
Team size: 4 students
Format: Scenario-based investigation + decision-making + group report
Objective: Apply vulnerability scanning methods, evaluate compliance risks (PCI-DSS,
GDPR), and recommend mitigation steps using CySA+ Lesson 5 principles.

SCENARIO
HealthOne, a private hospital group operating across Southeast Asia, just discovered
suspicious activity on its internal network.
 Billing systems were offline for 2 hours
 Unauthorized access was detected to patient records
 Unusual CPU spikes and traffic to unknown IPs were reported
 The company is undergoing a PCI-DSS and GDPR compliance audit
 Their infrastructure includes:
o SCADA-connected lab equipment
o Legacy Windows Server 2012 systems
o A partially migrated multi-cloud environment (AWS + Azure)
The CIO must testify before a government hearing in 90 minutes. Your team—the
Emergency Threat Assessment Unit—must deliver a credible, well-reasoned incident
analysis and scanning strategy within 60 minutes.

PHASE 1 – SCANNING STRATEGY (20 MINUTES)

Objective: Choose the right scanning approaches for the environment.
Given infrastructure:
 Legacy patient billing servers (Windows Server 2012)
 SCADA lab systems
 Multi-cloud patient data storage
 Endpoints with CPU spikes
 BYOD tablets used by doctors
 Network segmentation unknown
Your tasks (discuss and write your decisions):
1. Identify which scan types you would use for each asset group (credentialed,
non-credentialed, agent-based, passive, etc.)
2. Which systems must be scanned first (triage order)
3. Which systems must not be scanned with active tools, and why
Checkpoint Questions:
 Which scan type would expose unpatched SCADA vulnerabilities safely?
 How would you detect lateral movement to cloud resources?
 What scan method gives you visibility into BYOD device security?

PHASE 2 – COMPLIANCE IMPACT (15 MINUTES)

Objective: Identify how PCI-DSS and GDPR apply and what scanning or controls are
required to meet them.
Assume:
 3TB of patient data is stored across hybrid cloud
 Credit card info used in billing system
 Systems haven’t undergone a credentialed scan in 45 days
 There’s no record of patch baseline comparison in the last 60 days
 DNS logs show TXT record abuse to external IPs
Your tasks:
1. Identify which requirements of GDPR and PCI-DSS were likely violated
2. Match each to a specific scanning or logging gap
3. List 2 compliance artifacts you'd need to show auditors (e.g., vulnerability
reports, system hardening logs, etc.)
Checkpoint Questions:
 What does PCI-DSS say about patch timelines?
 Which scan outputs can help prove GDPR accountability?
 What control type (technical, operational, managerial) failed?
PHASE 3 – MITIGATION & REPORTING PLAN (20 MINUTES)
Objective: Propose a credible path to containment and recovery.
Assume:
 The attacker exploited a forgotten web application running on the same subnet
as billing
 SIEM logs were misconfigured and missed the early activity
 Antivirus failed to detect the reverse shell
 DNS exfiltration succeeded due to weak egress controls
Your tasks:
1. Create a step-by-step containment plan (for next 24 hours)
2. Recommend at least:
o One new scanning schedule or policy
o One hardening or patch baseline approach
o One technical control to reduce future attack surface
Checkpoint Questions:
 What scanning schedule should be applied to legacy servers?
 How would you baseline the lab network without risking device failure?
 What scanning limitation delayed detection in this case?

FINAL REPORT (5 MINUTES)

Prepare a 5-minute verbal or written debrief with:
 Your timeline of the attack
 The root cause
 3 scanning or control failures
 3 fixes you propose
 Which compliance requirements were at risk

OPTIONAL TWIST
One of the doctors' tablets was jailbroken and used to pivot into the SCADA subnet.
Prove whether this was the original entry point, or a distraction. Back it with scanning or
logging evidence you'd expect to see.

KEY LEARNING OUTCOMES

 Apply the right vulnerability scanning techniques
 Understand how compliance standards influence security controls
 Link technical symptoms to control and scanning failures
 Recommend realistic mitigation steps using CySA+ knowledge

CompTIA Cybersecurity Analyst (CySA+) CS0-003 Updated Dumps
100% (2)
CompTIA Cybersecurity Analyst (CySA+) CS0-003 Updated Dumps
41 pages
CySA+ CS0-002 Cheat Sheet
100% (3)
CySA+ CS0-002 Cheat Sheet
31 pages
KNNL - Malaprabha - Final Feasibility Report
No ratings yet
KNNL - Malaprabha - Final Feasibility Report
53 pages
Security Testing & Governance Guide
No ratings yet
Security Testing & Governance Guide
9 pages
30GX
0% (1)
30GX
12 pages
Middlemarch: Realism Explored
100% (1)
Middlemarch: Realism Explored
31 pages
Pentest 2
No ratings yet
Pentest 2
4 pages
CySA+ Exam Prep for Analysts
No ratings yet
CySA+ Exam Prep for Analysts
15 pages
ENTERPRISE Cybercrime Incident Response Plan-FINAL
No ratings yet
ENTERPRISE Cybercrime Incident Response Plan-FINAL
4 pages
Vulnerability Assessment Tools
No ratings yet
Vulnerability Assessment Tools
12 pages
Csf-3203 (Intrusion Detection and Ethical Hacking) Project Output (25%)
0% (1)
Csf-3203 (Intrusion Detection and Ethical Hacking) Project Output (25%)
11 pages
2022 08 CySA
No ratings yet
2022 08 CySA
15 pages
Chapter 4 - Designing A Vulnerability Management Program
No ratings yet
Chapter 4 - Designing A Vulnerability Management Program
38 pages
Vulnerability Assessment Report: Assignment-2
No ratings yet
Vulnerability Assessment Report: Assignment-2
14 pages
Security Quetion
No ratings yet
Security Quetion
70 pages
IRP Report - New
No ratings yet
IRP Report - New
29 pages
A. Introduction: Noc Reporting Template
No ratings yet
A. Introduction: Noc Reporting Template
3 pages
cs0-003 Lesson 05
No ratings yet
cs0-003 Lesson 05
50 pages
IDCSS 2024 Compromised Data Center and Cloud Infrastructure Challenge
No ratings yet
IDCSS 2024 Compromised Data Center and Cloud Infrastructure Challenge
2 pages
Module I
No ratings yet
Module I
16 pages
Executive Rep
No ratings yet
Executive Rep
8 pages
Untitled
No ratings yet
Untitled
772 pages
5-Cybercrime Incident Response KEY AREA-LAW ENFORCEMENT
No ratings yet
5-Cybercrime Incident Response KEY AREA-LAW ENFORCEMENT
3 pages
Final Lab
No ratings yet
Final Lab
10 pages
pt0 002 05
No ratings yet
pt0 002 05
33 pages
SSCP Book Chapter03 (Incident Response and Recovery) Notes
No ratings yet
SSCP Book Chapter03 (Incident Response and Recovery) Notes
22 pages
In-Course Assessment (Ica) Specification: Teesside University
No ratings yet
In-Course Assessment (Ica) Specification: Teesside University
6 pages
IRM LabArtefacts 2023
No ratings yet
IRM LabArtefacts 2023
11 pages
cs0-003 6
No ratings yet
cs0-003 6
33 pages
Day 5 - Implementing Vulnerability Scanning Methods
No ratings yet
Day 5 - Implementing Vulnerability Scanning Methods
125 pages
IA 422 Lab 1 Assignment
No ratings yet
IA 422 Lab 1 Assignment
4 pages
Unit 3 Ethical Hacking
No ratings yet
Unit 3 Ethical Hacking
9 pages
CC Mid Solution
No ratings yet
CC Mid Solution
9 pages
Check List 1
No ratings yet
Check List 1
5 pages
Cs2hep Icalepcs RM
No ratings yet
Cs2hep Icalepcs RM
17 pages
cs0-003 1
No ratings yet
cs0-003 1
22 pages
Hacking Notes For CEH
No ratings yet
Hacking Notes For CEH
13 pages
Ngô Minh Hùng HE187099 Lab 4 Qualitative Assessment
No ratings yet
Ngô Minh Hùng HE187099 Lab 4 Qualitative Assessment
11 pages
Case Study Based Assessment - Core Domains
No ratings yet
Case Study Based Assessment - Core Domains
12 pages
CompTIA CySA+ Exam Guide CS0-002
No ratings yet
CompTIA CySA+ Exam Guide CS0-002
18 pages
BuiCongThanh SE184348 IAA202 Lab 2
No ratings yet
BuiCongThanh SE184348 IAA202 Lab 2
6 pages
Shreyash Reduction
No ratings yet
Shreyash Reduction
2 pages
CSDP Unit 4
No ratings yet
CSDP Unit 4
32 pages
Incident Response Playbook
No ratings yet
Incident Response Playbook
153 pages
Managing Risk in Information Systems: Student Lab Manual
No ratings yet
Managing Risk in Information Systems: Student Lab Manual
9 pages
Incident Response
No ratings yet
Incident Response
11 pages
Cyber Security Brochure
No ratings yet
Cyber Security Brochure
3 pages
cs0-003 5
No ratings yet
cs0-003 5
33 pages
Cybersecurity Strategy Guide
No ratings yet
Cybersecurity Strategy Guide
13 pages
CompTIA Security + Chapter 5
No ratings yet
CompTIA Security + Chapter 5
27 pages
Pentest Report
No ratings yet
Pentest Report
19 pages
CKC RedTeam Pentest Plan 2025 AI Enhanced
No ratings yet
CKC RedTeam Pentest Plan 2025 AI Enhanced
6 pages
Vulnerability Scanning Techniques
No ratings yet
Vulnerability Scanning Techniques
14 pages
Foreinsics and Trustmanagement
No ratings yet
Foreinsics and Trustmanagement
39 pages
HE182570 NguyenDucAnh Lab05 Identifiying Threats Vulnerabilities and Exploits
No ratings yet
HE182570 NguyenDucAnh Lab05 Identifiying Threats Vulnerabilities and Exploits
7 pages
Building A Cybersecurity Framework-Best Practices
No ratings yet
Building A Cybersecurity Framework-Best Practices
19 pages
50Q Cyber Security
No ratings yet
50Q Cyber Security
2 pages
Đ Thees Dương Ia1902 Iaa202 Lab4
No ratings yet
Đ Thees Dương Ia1902 Iaa202 Lab4
9 pages
Lê Công Cảnh SE183750 LAB 2
No ratings yet
Lê Công Cảnh SE183750 LAB 2
4 pages
Group Activity d3
No ratings yet
Group Activity d3
2 pages
Lab 2 NguyễnTrọngĐứcHải HE180930
No ratings yet
Lab 2 NguyễnTrọngĐứcHải HE180930
5 pages
Laboratory 5
No ratings yet
Laboratory 5
7 pages
Disaster in The Dataverse
No ratings yet
Disaster in The Dataverse
2 pages
CAPM Discussion Activities Extended
No ratings yet
CAPM Discussion Activities Extended
2 pages
Copilot
No ratings yet
Copilot
61 pages
The Raya Ad Catastrophe Corporate Conflict Simulation
No ratings yet
The Raya Ad Catastrophe Corporate Conflict Simulation
2 pages
Certified Associate in Project Management (CAPM) ® Official Exam Prep Train The Trainer
No ratings yet
Certified Associate in Project Management (CAPM) ® Official Exam Prep Train The Trainer
1 page
Raya Ad Catastrophe
No ratings yet
Raya Ad Catastrophe
1 page
Project Management Plan - Group 4
No ratings yet
Project Management Plan - Group 4
12 pages
Ultimate Guide To CGRC Certification - Prepare For CGRC With Domain Insights and Test Strategies by Chaudhary Arun Kumar
100% (1)
Ultimate Guide To CGRC Certification - Prepare For CGRC With Domain Insights and Test Strategies by Chaudhary Arun Kumar
812 pages
AWS MLEng Day 1
No ratings yet
AWS MLEng Day 1
3 pages
MCMC Bootcamp
No ratings yet
MCMC Bootcamp
2 pages
GenAi Outline
No ratings yet
GenAi Outline
3 pages
Day3 RMP
No ratings yet
Day3 RMP
2 pages
Progress and Update Term 3 2024 - 2025
No ratings yet
Progress and Update Term 3 2024 - 2025
8 pages
PMP Group Activity Booklet - Official PMI - v0.1
No ratings yet
PMP Group Activity Booklet - Official PMI - v0.1
23 pages
Terraform Lambda
No ratings yet
Terraform Lambda
5 pages
PMI Official - Group - PMPv3
No ratings yet
PMI Official - Group - PMPv3
5 pages
Aws Spark
No ratings yet
Aws Spark
3 pages
Parents' Guide: 2025 School Year
No ratings yet
Parents' Guide: 2025 School Year
3 pages
Job Design (Job Analysis & Job Description) (1 Day)
No ratings yet
Job Design (Job Analysis & Job Description) (1 Day)
4 pages
Training Outline - Partyrock
No ratings yet
Training Outline - Partyrock
4 pages
Elliana Yasmin - Assignment
No ratings yet
Elliana Yasmin - Assignment
1 page
Sagemaker Studio - EMR - Glue - Macarious
No ratings yet
Sagemaker Studio - EMR - Glue - Macarious
2 pages
Aidel Azhar Assignment
No ratings yet
Aidel Azhar Assignment
1 page
(PO) IT Architecture For JKT
No ratings yet
(PO) IT Architecture For JKT
1 page
OUDREY THOMAS ASSIGNMENT AWS - Oudrey
No ratings yet
OUDREY THOMAS ASSIGNMENT AWS - Oudrey
2 pages
Dinellie D - Assignment
No ratings yet
Dinellie D - Assignment
1 page
Assignment Bedawi
No ratings yet
Assignment Bedawi
1 page
Chang Si Ju
No ratings yet
Chang Si Ju
2 pages
3-Day IT Architecture Business Technology Requirement Architecture Training Course Plan
No ratings yet
3-Day IT Architecture Business Technology Requirement Architecture Training Course Plan
2 pages
mb300andER Sent
No ratings yet
mb300andER Sent
2 pages
Problem Solving
No ratings yet
Problem Solving
16 pages
Acgih Manual 1998 (401-500)
No ratings yet
Acgih Manual 1998 (401-500)
100 pages
Elemental Battle Armor (AP Gauss) (Sqd6)
No ratings yet
Elemental Battle Armor (AP Gauss) (Sqd6)
1 page
Ilovepdf - Merged - 2024-06-07T151331.684
100% (1)
Ilovepdf - Merged - 2024-06-07T151331.684
7 pages
HFSS-High Frequency Structure Simulator
No ratings yet
HFSS-High Frequency Structure Simulator
38 pages
IFPS User Manual
100% (1)
IFPS User Manual
678 pages
Digital Innovations Exam UiTM
No ratings yet
Digital Innovations Exam UiTM
6 pages
Substation
No ratings yet
Substation
10 pages
Smoking Awareness Campaign by Slidesgo
No ratings yet
Smoking Awareness Campaign by Slidesgo
40 pages
Moldflow 2021 Features Comparison Matrix A4 en
No ratings yet
Moldflow 2021 Features Comparison Matrix A4 en
4 pages
The Things They Carry
No ratings yet
The Things They Carry
9 pages
Result Sem-6 UG 2025 Sixth 9 Subjects-1
No ratings yet
Result Sem-6 UG 2025 Sixth 9 Subjects-1
22 pages
RSettings For 64GT & 99GT PDF
No ratings yet
RSettings For 64GT & 99GT PDF
7 pages
Catalog Tong May Phat Dien Cummins
No ratings yet
Catalog Tong May Phat Dien Cummins
114 pages
BSC - Microbiology - Sem - 1 (Minor With Practicals)
No ratings yet
BSC - Microbiology - Sem - 1 (Minor With Practicals)
3 pages
Mohr's Circle
100% (1)
Mohr's Circle
13 pages
Manual Wms
No ratings yet
Manual Wms
4 pages
SPSS: A Tool For Survey Analysis: Alok Kumar PGDM 2 Year
No ratings yet
SPSS: A Tool For Survey Analysis: Alok Kumar PGDM 2 Year
3 pages
Types of False Ceilings: 1. Gypsum Plasterboard False Ceiling System
No ratings yet
Types of False Ceilings: 1. Gypsum Plasterboard False Ceiling System
15 pages
U2103660 Sharvani Exp5
No ratings yet
U2103660 Sharvani Exp5
10 pages
Scaffolding in Learning
No ratings yet
Scaffolding in Learning
5 pages
Daphnia Heart Rate Experiment Guide
No ratings yet
Daphnia Heart Rate Experiment Guide
7 pages
Estimating & Measuring Work Within A Construction Environment
No ratings yet
Estimating & Measuring Work Within A Construction Environment
29 pages
Mechanics of Structure
No ratings yet
Mechanics of Structure
16 pages
Fitness Careers & Event Planning
No ratings yet
Fitness Careers & Event Planning
3 pages
Online Credit Risk Analytics and Modeling
0% (2)
Online Credit Risk Analytics and Modeling
7 pages
Oscor Blue
No ratings yet
Oscor Blue
6 pages