Group Activity Day2

The document outlines a group activity focused on a cybersecurity incident at HealthOne, a hospital group facing suspicious network activity and compliance audits. Teams must develop a scanning strategy, assess compliance risks related to PCI-DSS and GDPR, and propose mitigation steps within a limited timeframe. Key tasks include identifying scanning methods, compliance violations, and creating a containment plan to address the security breach.

Uploaded by

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

14 views4 pages

Group Activity Day2

Uploaded by

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as DOCX, PDF, TXT or read online on Scribd

You are on page 1/ 4

GROUP ACTIVITY: Zero Hour at HealthOne – Scan or Be Hacked

Time: 60 minutes
Team size: 4 students
Format: Scenario-based investigation + decision-making + group report
Objective: Apply vulnerability scanning methods, evaluate compliance risks (PCI-DSS,
GDPR), and recommend mitigation steps using CySA+ Lesson 5 principles.

SCENARIO
HealthOne, a private hospital group operating across Southeast Asia, just discovered
suspicious activity on its internal network.
 Billing systems were offline for 2 hours
 Unauthorized access was detected to patient records
 Unusual CPU spikes and traffic to unknown IPs were reported
 The company is undergoing a PCI-DSS and GDPR compliance audit
 Their infrastructure includes:
o SCADA-connected lab equipment
o Legacy Windows Server 2012 systems
o A partially migrated multi-cloud environment (AWS + Azure)
The CIO must testify before a government hearing in 90 minutes. Your team—the
Emergency Threat Assessment Unit—must deliver a credible, well-reasoned incident
analysis and scanning strategy within 60 minutes.

PHASE 1 – SCANNING STRATEGY (20 MINUTES)

Objective: Choose the right scanning approaches for the environment.
Given infrastructure:
 Legacy patient billing servers (Windows Server 2012)
 SCADA lab systems
 Multi-cloud patient data storage
 Endpoints with CPU spikes
 BYOD tablets used by doctors
 Network segmentation unknown
Your tasks (discuss and write your decisions):
1. Identify which scan types you would use for each asset group (credentialed,
non-credentialed, agent-based, passive, etc.)
2. Which systems must be scanned first (triage order)
3. Which systems must not be scanned with active tools, and why
Checkpoint Questions:
 Which scan type would expose unpatched SCADA vulnerabilities safely?
 How would you detect lateral movement to cloud resources?
 What scan method gives you visibility into BYOD device security?

PHASE 2 – COMPLIANCE IMPACT (15 MINUTES)

Objective: Identify how PCI-DSS and GDPR apply and what scanning or controls are
required to meet them.
Assume:
 3TB of patient data is stored across hybrid cloud
 Credit card info used in billing system
 Systems haven’t undergone a credentialed scan in 45 days
 There’s no record of patch baseline comparison in the last 60 days
 DNS logs show TXT record abuse to external IPs
Your tasks:
1. Identify which requirements of GDPR and PCI-DSS were likely violated
2. Match each to a specific scanning or logging gap
3. List 2 compliance artifacts you'd need to show auditors (e.g., vulnerability
reports, system hardening logs, etc.)
Checkpoint Questions:
 What does PCI-DSS say about patch timelines?
 Which scan outputs can help prove GDPR accountability?
 What control type (technical, operational, managerial) failed?
PHASE 3 – MITIGATION & REPORTING PLAN (20 MINUTES)
Objective: Propose a credible path to containment and recovery.
Assume:
 The attacker exploited a forgotten web application running on the same subnet
as billing
 SIEM logs were misconfigured and missed the early activity
 Antivirus failed to detect the reverse shell
 DNS exfiltration succeeded due to weak egress controls
Your tasks:
1. Create a step-by-step containment plan (for next 24 hours)
2. Recommend at least:
o One new scanning schedule or policy
o One hardening or patch baseline approach
o One technical control to reduce future attack surface
Checkpoint Questions:
 What scanning schedule should be applied to legacy servers?
 How would you baseline the lab network without risking device failure?
 What scanning limitation delayed detection in this case?

FINAL REPORT (5 MINUTES)

Prepare a 5-minute verbal or written debrief with:
 Your timeline of the attack
 The root cause
 3 scanning or control failures
 3 fixes you propose
 Which compliance requirements were at risk

OPTIONAL TWIST
One of the doctors' tablets was jailbroken and used to pivot into the SCADA subnet.
Prove whether this was the original entry point, or a distraction. Back it with scanning or
logging evidence you'd expect to see.

KEY LEARNING OUTCOMES

 Apply the right vulnerability scanning techniques
 Understand how compliance standards influence security controls
 Link technical symptoms to control and scanning failures
 Recommend realistic mitigation steps using CySA+ knowledge

CompTIA Cybersecurity Analyst (CySA+) CS0-003 Updated Dumps
100% (2)
CompTIA Cybersecurity Analyst (CySA+) CS0-003 Updated Dumps
41 pages
CySA+ CS0-002 Cheat Sheet
100% (3)
CySA+ CS0-002 Cheat Sheet
31 pages
SAP QM Tutorial - SAP Quality Management (QM) Training Tutorials
No ratings yet
SAP QM Tutorial - SAP Quality Management (QM) Training Tutorials
5 pages
Security Testing & Governance Guide
No ratings yet
Security Testing & Governance Guide
9 pages
Pentest 2
No ratings yet
Pentest 2
4 pages
CySA+ Exam Prep for Analysts
No ratings yet
CySA+ Exam Prep for Analysts
15 pages
ENTERPRISE Cybercrime Incident Response Plan-FINAL
No ratings yet
ENTERPRISE Cybercrime Incident Response Plan-FINAL
4 pages
Vulnerability Assessment Tools
No ratings yet
Vulnerability Assessment Tools
12 pages
Csf-3203 (Intrusion Detection and Ethical Hacking) Project Output (25%)
0% (1)
Csf-3203 (Intrusion Detection and Ethical Hacking) Project Output (25%)
11 pages
2022 08 CySA
No ratings yet
2022 08 CySA
15 pages
Chapter 4 - Designing A Vulnerability Management Program
No ratings yet
Chapter 4 - Designing A Vulnerability Management Program
38 pages
Vulnerability Assessment Report: Assignment-2
No ratings yet
Vulnerability Assessment Report: Assignment-2
14 pages
Security Quetion
No ratings yet
Security Quetion
70 pages
IRP Report - New
No ratings yet
IRP Report - New
29 pages
A. Introduction: Noc Reporting Template
No ratings yet
A. Introduction: Noc Reporting Template
3 pages
cs0-003 Lesson 05
No ratings yet
cs0-003 Lesson 05
50 pages
IDCSS 2024 Compromised Data Center and Cloud Infrastructure Challenge
No ratings yet
IDCSS 2024 Compromised Data Center and Cloud Infrastructure Challenge
2 pages
Module I
No ratings yet
Module I
16 pages
Executive Rep
No ratings yet
Executive Rep
8 pages
Untitled
No ratings yet
Untitled
772 pages
5-Cybercrime Incident Response KEY AREA-LAW ENFORCEMENT
No ratings yet
5-Cybercrime Incident Response KEY AREA-LAW ENFORCEMENT
3 pages
Final Lab
No ratings yet
Final Lab
10 pages
pt0 002 05
No ratings yet
pt0 002 05
33 pages
SSCP Book Chapter03 (Incident Response and Recovery) Notes
No ratings yet
SSCP Book Chapter03 (Incident Response and Recovery) Notes
22 pages
In-Course Assessment (Ica) Specification: Teesside University
No ratings yet
In-Course Assessment (Ica) Specification: Teesside University
6 pages
IRM LabArtefacts 2023
No ratings yet
IRM LabArtefacts 2023
11 pages
cs0-003 6
No ratings yet
cs0-003 6
33 pages
Day 5 - Implementing Vulnerability Scanning Methods
No ratings yet
Day 5 - Implementing Vulnerability Scanning Methods
125 pages
IA 422 Lab 1 Assignment
No ratings yet
IA 422 Lab 1 Assignment
4 pages
Unit 3 Ethical Hacking
No ratings yet
Unit 3 Ethical Hacking
9 pages
CC Mid Solution
No ratings yet
CC Mid Solution
9 pages
Check List 1
No ratings yet
Check List 1
5 pages
Cs2hep Icalepcs RM
No ratings yet
Cs2hep Icalepcs RM
17 pages
cs0-003 1
No ratings yet
cs0-003 1
22 pages
Hacking Notes For CEH
No ratings yet
Hacking Notes For CEH
13 pages
Ngô Minh Hùng HE187099 Lab 4 Qualitative Assessment
No ratings yet
Ngô Minh Hùng HE187099 Lab 4 Qualitative Assessment
11 pages
Case Study Based Assessment - Core Domains
No ratings yet
Case Study Based Assessment - Core Domains
12 pages
CompTIA CySA+ Exam Guide CS0-002
No ratings yet
CompTIA CySA+ Exam Guide CS0-002
18 pages
BuiCongThanh SE184348 IAA202 Lab 2
No ratings yet
BuiCongThanh SE184348 IAA202 Lab 2
6 pages
Shreyash Reduction
No ratings yet
Shreyash Reduction
2 pages
CSDP Unit 4
No ratings yet
CSDP Unit 4
32 pages
Incident Response Playbook
No ratings yet
Incident Response Playbook
153 pages
Managing Risk in Information Systems: Student Lab Manual
No ratings yet
Managing Risk in Information Systems: Student Lab Manual
9 pages
Incident Response
No ratings yet
Incident Response
11 pages
Cyber Security Brochure
No ratings yet
Cyber Security Brochure
3 pages
cs0-003 5
No ratings yet
cs0-003 5
33 pages
Cybersecurity Strategy Guide
No ratings yet
Cybersecurity Strategy Guide
13 pages
CompTIA Security + Chapter 5
No ratings yet
CompTIA Security + Chapter 5
27 pages
Pentest Report
No ratings yet
Pentest Report
19 pages
CKC RedTeam Pentest Plan 2025 AI Enhanced
No ratings yet
CKC RedTeam Pentest Plan 2025 AI Enhanced
6 pages
Vulnerability Scanning Techniques
No ratings yet
Vulnerability Scanning Techniques
14 pages
Foreinsics and Trustmanagement
No ratings yet
Foreinsics and Trustmanagement
39 pages
HE182570 NguyenDucAnh Lab05 Identifiying Threats Vulnerabilities and Exploits
No ratings yet
HE182570 NguyenDucAnh Lab05 Identifiying Threats Vulnerabilities and Exploits
7 pages
Building A Cybersecurity Framework-Best Practices
No ratings yet
Building A Cybersecurity Framework-Best Practices
19 pages
50Q Cyber Security
No ratings yet
50Q Cyber Security
2 pages
Đ Thees Dương Ia1902 Iaa202 Lab4
No ratings yet
Đ Thees Dương Ia1902 Iaa202 Lab4
9 pages
Lê Công Cảnh SE183750 LAB 2
No ratings yet
Lê Công Cảnh SE183750 LAB 2
4 pages
Group Activity d3
No ratings yet
Group Activity d3
2 pages
Lab 2 NguyễnTrọngĐứcHải HE180930
No ratings yet
Lab 2 NguyễnTrọngĐứcHải HE180930
5 pages
Laboratory 5
No ratings yet
Laboratory 5
7 pages
Disaster in The Dataverse
No ratings yet
Disaster in The Dataverse
2 pages
CAPM Discussion Activities Extended
No ratings yet
CAPM Discussion Activities Extended
2 pages
Copilot
No ratings yet
Copilot
61 pages
The Raya Ad Catastrophe Corporate Conflict Simulation
No ratings yet
The Raya Ad Catastrophe Corporate Conflict Simulation
2 pages
Certified Associate in Project Management (CAPM) ® Official Exam Prep Train The Trainer
No ratings yet
Certified Associate in Project Management (CAPM) ® Official Exam Prep Train The Trainer
1 page
Raya Ad Catastrophe
No ratings yet
Raya Ad Catastrophe
1 page
Project Management Plan - Group 4
No ratings yet
Project Management Plan - Group 4
12 pages
Ultimate Guide To CGRC Certification - Prepare For CGRC With Domain Insights and Test Strategies by Chaudhary Arun Kumar
100% (1)
Ultimate Guide To CGRC Certification - Prepare For CGRC With Domain Insights and Test Strategies by Chaudhary Arun Kumar
812 pages
AWS MLEng Day 1
No ratings yet
AWS MLEng Day 1
3 pages
MCMC Bootcamp
No ratings yet
MCMC Bootcamp
2 pages
GenAi Outline
No ratings yet
GenAi Outline
3 pages
Day3 RMP
No ratings yet
Day3 RMP
2 pages
Progress and Update Term 3 2024 - 2025
No ratings yet
Progress and Update Term 3 2024 - 2025
8 pages
PMP Group Activity Booklet - Official PMI - v0.1
No ratings yet
PMP Group Activity Booklet - Official PMI - v0.1
23 pages
Terraform Lambda
No ratings yet
Terraform Lambda
5 pages
PMI Official - Group - PMPv3
No ratings yet
PMI Official - Group - PMPv3
5 pages
Aws Spark
No ratings yet
Aws Spark
3 pages
Parents' Guide: 2025 School Year
No ratings yet
Parents' Guide: 2025 School Year
3 pages
Job Design (Job Analysis & Job Description) (1 Day)
No ratings yet
Job Design (Job Analysis & Job Description) (1 Day)
4 pages
Training Outline - Partyrock
No ratings yet
Training Outline - Partyrock
4 pages
Elliana Yasmin - Assignment
No ratings yet
Elliana Yasmin - Assignment
1 page
Sagemaker Studio - EMR - Glue - Macarious
No ratings yet
Sagemaker Studio - EMR - Glue - Macarious
2 pages
Aidel Azhar Assignment
No ratings yet
Aidel Azhar Assignment
1 page
(PO) IT Architecture For JKT
No ratings yet
(PO) IT Architecture For JKT
1 page
OUDREY THOMAS ASSIGNMENT AWS - Oudrey
No ratings yet
OUDREY THOMAS ASSIGNMENT AWS - Oudrey
2 pages
Dinellie D - Assignment
No ratings yet
Dinellie D - Assignment
1 page
Assignment Bedawi
No ratings yet
Assignment Bedawi
1 page
Chang Si Ju
No ratings yet
Chang Si Ju
2 pages
3-Day IT Architecture Business Technology Requirement Architecture Training Course Plan
No ratings yet
3-Day IT Architecture Business Technology Requirement Architecture Training Course Plan
2 pages
mb300andER Sent
No ratings yet
mb300andER Sent
2 pages
Java Control Statements
No ratings yet
Java Control Statements
20 pages
Abiel Reyes Resume: Entry-Level Engineering Skills
No ratings yet
Abiel Reyes Resume: Entry-Level Engineering Skills
1 page
Basis Admin Practice Notes
No ratings yet
Basis Admin Practice Notes
75 pages
Inference Engines
No ratings yet
Inference Engines
3 pages
TLE-TE 9 - Q1 - W5 - Mod5 - ICT CSS
100% (4)
TLE-TE 9 - Q1 - W5 - Mod5 - ICT CSS
31 pages
Selenium Automation Q A 1725258035
No ratings yet
Selenium Automation Q A 1725258035
10 pages
Embedded PLC Implementation Using ARM
No ratings yet
Embedded PLC Implementation Using ARM
5 pages
JHGFJHGF
No ratings yet
JHGFJHGF
1 page
Test Case Generation From Use Cases
No ratings yet
Test Case Generation From Use Cases
11 pages
HP Latex 700 W Printer: Win High-Value Jobs, Equipped With White Ink, and Sharpen Your Sustainability Edge With HP Latex
No ratings yet
HP Latex 700 W Printer: Win High-Value Jobs, Equipped With White Ink, and Sharpen Your Sustainability Edge With HP Latex
2 pages
Wireframe 023 2019-09
No ratings yet
Wireframe 023 2019-09
68 pages
Esysx Tutorial 1 4
No ratings yet
Esysx Tutorial 1 4
57 pages
Teaching Notes 4 Asal It
No ratings yet
Teaching Notes 4 Asal It
10 pages
IT Infrastructure Setup Guide
No ratings yet
IT Infrastructure Setup Guide
29 pages
How To Find and Replace Characters in A String With Blank
No ratings yet
How To Find and Replace Characters in A String With Blank
2 pages
User Manual Software IT-Flood V.2.2
No ratings yet
User Manual Software IT-Flood V.2.2
51 pages
Srs
No ratings yet
Srs
11 pages
Citra Log
No ratings yet
Citra Log
11 pages
April 2023 Account Statement
No ratings yet
April 2023 Account Statement
14 pages
Google Ads Strategy Guide
No ratings yet
Google Ads Strategy Guide
5 pages
Experiment - 5: AIM: Write A Program To Perform Addition of 2 Strings in 8086 Microprocessor. Requirement
No ratings yet
Experiment - 5: AIM: Write A Program To Perform Addition of 2 Strings in 8086 Microprocessor. Requirement
5 pages
Chroma Kopi A
No ratings yet
Chroma Kopi A
1 page
Cbs 350 Chapter 08
No ratings yet
Cbs 350 Chapter 08
18 pages
Powerpoint Presentation On Java: Name - Devendra Kumar Mishra Roll No. - 1735110020
No ratings yet
Powerpoint Presentation On Java: Name - Devendra Kumar Mishra Roll No. - 1735110020
26 pages
CURSORS
No ratings yet
CURSORS
42 pages
Laboratory Activities Structures
No ratings yet
Laboratory Activities Structures
4 pages
Sailee Salgaonkar: IT Engineer & SDE-1 at Myntra
No ratings yet
Sailee Salgaonkar: IT Engineer & SDE-1 at Myntra
1 page
Failure Mode and Effects Analysis (FMEA) : Risk: 1. Preliminary Hazards Analysis (PHA)
No ratings yet
Failure Mode and Effects Analysis (FMEA) : Risk: 1. Preliminary Hazards Analysis (PHA)
4 pages
SF EC CWM Impl
100% (1)
SF EC CWM Impl
88 pages