SCENARIO: Joe, your network administrator, is overworked and underpaid. His bags are packed and ready for a family vacation to Disney World when he is tasked with deploying a critical patch. In order to make his flight, Joe quickly builds an installation file for the patch and deploys it before leaving for his trip. Next, Sue, the on-call service desk technician, begins receiving calls that nobody can log in. It turns out that no testing was done for the recently-installed critical patch.
What is your response?
Discussion questions
• What is Sue’s response in this scenario?
o Does your on-call technician have the expertise to handle this incident? If not, are there defined escalation processes?
• Does your organization have a formal change control policy?
o Are your employees trained on proper change control?
o Does your organization have disciplinary procedures in place for when an employee fails to follow established policies?
• Does your organization have the ability to “roll back” patches in the event of unanticipated negative impacts?
Processes tested: Patch Management
Threat actor: Insider
Asset impacted: Internal Network
