What are the containment strategy should organization take for the unauthorized acces
The question details is an administrator saw unknown person running out from office when her workstation are leave unattended(payroll program etc). When she come back to the workstation, she saw the mouse cursor movement are different.
Solutions I tried so far:
1.)Disconnected the payroll program from network to prevent further compromised.
2.)Performed port scan
3.)physical security staff or law enforcement may need to search the facility toconfirm that the intruder is not still present.
I'm not sure whether these strategy are appropriate for unautuhorzied access of payroll records