WGU C843 KOP2 Task 1 |Passed on First Attempt
|Latest Update with Complete Solution
Azumer Water Cybersecurity Incident Case Study
Introduction
Azumer Water, a non-governmental organization (NGO) based in League
City, Texas, partners with the Federal Emergency Management Agency
(FEMA) to provide clean drinking water to urban communities in the
southwestern United States affected by disasters. With a mission to "help
communities restore livelihoods" and a motto of "clean water heals a
community faster in a disaster," the organization aims to deliver bottled
water within 24 hours of a disaster’s impact. Employing 10 full-time staff
and relying on 1,073 regional volunteers, Azumer Water coordinates
logistics from its main office, where a local database stores sensitive
volunteer information, including contact details, background checks,
training records, and partial Social Security numbers.
In 2025, Azumer Water faced a significant cybersecurity incident that
compromised its volunteer database and disrupted operations. This case
study analyzes the incident, identifies vulnerabilities and risks, evaluates
regulatory noncompliance, and proposes immediate and long-term solutions
to enhance the organization’s security posture. It serves as a learning tool
for understanding the importance of proactive security governance, incident
response planning, and risk management in small NGOs.
Incident Overview
On a Friday afternoon, John Smith, Azumer Water’s volunteer coordinator,
received a phishing email from "" offering
discounted water pallets. Busy updating volunteer addresses in the
database, John clicked a malicious link, which likely delivered malware. The
link led to a non-existent webpage, and John noted to follow up later. By
Saturday, volunteers received fraudulent emails from
"," posing as John and soliciting donations via a web
form. Confused, 71 volunteers sent angry emails to John, suspecting a scam.
On Monday, as the new Information Security Officer (ISO) began their role,
John reported that the volunteer database was inaccessible, and the angry
emails highlighted a breach. The incident exposed vulnerabilities in Azumer
Water’s infrastructure, compromised sensitive data, and threatened its
, mission-critical operations.
Part I: Incident Analysis and Response
Why the Attack Succeeded
The attack succeeded due to critical vulnerabilities in Azumer Water’s
security practices:
1. Lack of Phishing Awareness Training: John’s decision to click the
phishing link reflected a lack of training on identifying suspicious
emails. The email’s domain ("watersupp1y.int") was not Azumer
Water’s official "@azumerwater.org" and contained a typo, but John
failed to recognize these red flags. This human error allowed malware
to infiltrate the network.
2. Unconfigured Enterprise Firewall: Pruhart Tech, Azumer Water’s
IT contractor, installed an enterprise firewall but deferred its
configuration. This left the network unprotected, allowing the
malicious payload to pass undetected to John’s computer,
compromising the database.
Compromise of Security Principles
Using NIST SP 800-122 ("Guide to Protecting the Confidentiality of
Personally Identifiable Information"), the incident compromised four key
security principles:
1. Confidentiality: NIST emphasizes training to prevent unauthorized
PII access (McCallister et al., 2010, 4.1.2). The lack of training led to
the database breach, exposing volunteer PII (e.g., contact details,
partial Social Security numbers).
2. Personally Identifiable Information (PII): The database stored
unaltered PII, violating NIST’s recommendation for de-identification
(McCallister et al., 2010, 4.2.3). Attackers used this data to send
fraudulent emails, increasing the risk of identity theft.
3. Integrity: Fraudulent emails damaged Azumer Water’s reputational
integrity, as volunteers expressed anger and confusion, eroding trust
in the organization.
4. Availability: The database, stored on a local machine without
backups (except occasional USB copies), was deleted, halting
operations. NIST stresses regular backups to ensure availability
(McCallister et al., 2010, 5.3).
|Latest Update with Complete Solution
Azumer Water Cybersecurity Incident Case Study
Introduction
Azumer Water, a non-governmental organization (NGO) based in League
City, Texas, partners with the Federal Emergency Management Agency
(FEMA) to provide clean drinking water to urban communities in the
southwestern United States affected by disasters. With a mission to "help
communities restore livelihoods" and a motto of "clean water heals a
community faster in a disaster," the organization aims to deliver bottled
water within 24 hours of a disaster’s impact. Employing 10 full-time staff
and relying on 1,073 regional volunteers, Azumer Water coordinates
logistics from its main office, where a local database stores sensitive
volunteer information, including contact details, background checks,
training records, and partial Social Security numbers.
In 2025, Azumer Water faced a significant cybersecurity incident that
compromised its volunteer database and disrupted operations. This case
study analyzes the incident, identifies vulnerabilities and risks, evaluates
regulatory noncompliance, and proposes immediate and long-term solutions
to enhance the organization’s security posture. It serves as a learning tool
for understanding the importance of proactive security governance, incident
response planning, and risk management in small NGOs.
Incident Overview
On a Friday afternoon, John Smith, Azumer Water’s volunteer coordinator,
received a phishing email from "" offering
discounted water pallets. Busy updating volunteer addresses in the
database, John clicked a malicious link, which likely delivered malware. The
link led to a non-existent webpage, and John noted to follow up later. By
Saturday, volunteers received fraudulent emails from
"," posing as John and soliciting donations via a web
form. Confused, 71 volunteers sent angry emails to John, suspecting a scam.
On Monday, as the new Information Security Officer (ISO) began their role,
John reported that the volunteer database was inaccessible, and the angry
emails highlighted a breach. The incident exposed vulnerabilities in Azumer
Water’s infrastructure, compromised sensitive data, and threatened its
, mission-critical operations.
Part I: Incident Analysis and Response
Why the Attack Succeeded
The attack succeeded due to critical vulnerabilities in Azumer Water’s
security practices:
1. Lack of Phishing Awareness Training: John’s decision to click the
phishing link reflected a lack of training on identifying suspicious
emails. The email’s domain ("watersupp1y.int") was not Azumer
Water’s official "@azumerwater.org" and contained a typo, but John
failed to recognize these red flags. This human error allowed malware
to infiltrate the network.
2. Unconfigured Enterprise Firewall: Pruhart Tech, Azumer Water’s
IT contractor, installed an enterprise firewall but deferred its
configuration. This left the network unprotected, allowing the
malicious payload to pass undetected to John’s computer,
compromising the database.
Compromise of Security Principles
Using NIST SP 800-122 ("Guide to Protecting the Confidentiality of
Personally Identifiable Information"), the incident compromised four key
security principles:
1. Confidentiality: NIST emphasizes training to prevent unauthorized
PII access (McCallister et al., 2010, 4.1.2). The lack of training led to
the database breach, exposing volunteer PII (e.g., contact details,
partial Social Security numbers).
2. Personally Identifiable Information (PII): The database stored
unaltered PII, violating NIST’s recommendation for de-identification
(McCallister et al., 2010, 4.2.3). Attackers used this data to send
fraudulent emails, increasing the risk of identity theft.
3. Integrity: Fraudulent emails damaged Azumer Water’s reputational
integrity, as volunteers expressed anger and confusion, eroding trust
in the organization.
4. Availability: The database, stored on a local machine without
backups (except occasional USB copies), was deleted, halting
operations. NIST stresses regular backups to ensure availability
(McCallister et al., 2010, 5.3).
