128 What Every Engineer Should Know About Cyber Security
since you have only been in place a few days, you are still getting a grasp
on the organization as a whole. You are still determining the critical assets,
the topology of the network, and, most important, the personnel resources
you have to help you do your job of securing the infrastructure of this com-
pany. Unfortunately, you have already noticed that industry best practices
in the area of security have not found their way to this organization … yet.
You begin your day like any other day with meetings and e-mail. It is
about 11:00 a.m., and you decide to take a break. You stop in the restroom
and overhear a conversation between an engineer and the IT administrator
who walked in after you; they are discussing a recent incident. Here is what
Paul (engineer): Hey, David, how’s it going?
David (IT administrator): Pretty good, Paul. Sorry I didn’t meet you guys last
night for happy hour. I noticed at the end of the day that the web
server went ofine.
Paul: Oh, did you get it back up and running?
David: Yeah, it was no big deal. The global.asa
le was deleted. We got it back
up and running in no time.
Paul: That’s cool. I’ll let you know when we plan another happy hour.
You are alarmed at the casual conversation regarding this incident. You
leave the restroom and wait for David in the hall, who realizes you over-
heard the conversation when he sees you:
CISO: Hey, David. I overheard your conversation about the web server issue.
I would like to review the incident report.
David (now looks like a deer caught in the headlights): I didn’t ll out a report
because it was an easy x.
CISO: Let’s discuss this in my ofce.
Before you give David a lecture on why documenting an incident and fol-
lowing an incident response process is crucial, you decide to listen to the
facts rst. You begin your discussion in line with the incident response process:
CISO: David, please rst explain in detail how you detected this incident.
David: Sure. I uploaded a new PDF to the database and wanted to test how
the information from the PDF was displayed on our website, but
I couldn’t access the website because it was ofine. Ichecked the
root directory of the server and noticed the global.asa le was
The global.asa le is a special le that handles session and applications events on a server.
In this case, the main function of the globa.asa le is to provide information to the web page
regarding where the information that needs to be displayed is located.