CYB 200_Project Three

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

200

Subject

Business

Date

Feb 20, 2024

Type

docx

Pages

5

Uploaded by ISSIT_Learn

Report
Professor Doe CYB 200 19 June 2022
For this project, I will be using scenario two for the technical brief. Being that the organization that hired my IT firm is a financial company that deals with high-income accounts, the data contained within this company would be very valuable to any person looking to exploit it for personal gain. Most threat actors want to commit fraud, sabotage, vandalize, or theft. The threat actors here, the cleaning crew; are aware of the business that goes on in this company because they are shoulder surfing company employees and stealing physical documents from bins that hold sensitive data. They have a cleaning schedule that allows them certain amount of time to move about the company. During their time performing their normal work roles, they have done reconnaissance and seen the type of information contained within the financial analyst’s computer screens, noticed that sensitive data contained within “destroy” bins was unsecured and easy to take, and most important of all; seen how relaxed the environment was with security procedures. These cleaning crew members set out to deliberately steal this company’s data. To a normal person, the paperwork being taken from the “destroy” bins could simply be numbers and words. However, in the hands of the right person; this could be a gold mine. The data contained in these documents could range from customer names, addresses, account numbers, account balances, and social security numbers. This information could be sold to a third party in the dark web for a monetary gain. It could also be used by the cleaning crew to try and get compensation from the financial firm to get the data back. In any case, I believe that this incident deals with stealing data for financial gain. To be able to detect these threat actors and to prevent an incident like this one from happening again, the company employees have to be taught about security objectives, current threats and trends, and the need to get motivated and stay motivated to comply with the stated security policies. Not being motivated and living by those security policies could be the
difference between having and not having a job, and possibly paying a high price for your neglect. The financial firm could also employ monitoring processes that could be used to capture actions and changes within day to day operations. Cameras could be deployed in a manner that would not be able to capture computer screens but maybe used in common areas like hallways, break rooms, and areas where “destroy” bins are located. The employees of the financial firm could also be tested randomly to see if they are aware of the policies and are able to spot suspicious activity. Doing this would help make them more aware of their surroundings and possibly catch on to future events like those done by the cleaning crew. All companies gather and store data. Some of this data is useless to others and some of it needs to be safeguarded to protect the data owners and the companies that are using it. Companies must comply with the rules and regulations that apply to them and their data. This means knowing the laws that apply to them and ensuring that these laws are defined in their policies and procedures. If this is not done, the company will not be able to prove in court that they were compliant with those laws in the event of a lawsuit or litigation. In this scenario, the data that comes across the financial analysts’ screens and the data contained in the “destroy” bins is sensitive data that has to be protected. Not complying to security policies and procedures and protecting sensitive data can lead this company and any employee involved to fines and possible criminal prosecution; depending on the severity of the incident. The proper security controls must be implemented to ensure that data loss does not happen to include access control techniques and real time monitoring of the area. To respond to and counter these threat actors means to put measures into place to mitigate them. One way to accomplish this is to not make sensitive data available to the threat actor. This
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
is done by not placing documents sensitive in nature in bins that are not secured or in a secured area. This would mean that the cleaning crew could not gain access to those documents to steal. Another way to not make data available to the cleaning crew is to use privacy screens on the monitors so that no-one can shoulder surf and gather data. If privacy monitors are not available, angle the screen in a way that only you can see what’s on it. A tactic that would be employed to prevent future events would be better safeguarding of sensitive data. This tactic involves the training of the employees on security policies and procedures to inform them on the importance of our jobs, our customers, and their data. Also, to teach them to do a better job of being aware of their surroundings so that no-one could be able to stand next to them without them realizing it. It would include the securing of sensitive data in the physical form in a secure place where only authorized users could access it until it is properly disposed of. The potential ramifications of not employing the methods suggested could lead to major data loss; depending on the amount of data taken form bins and acquired from shoulder surfing. The data loss will lead to the loss of current customers. It will also make it difficult for any new customer to trust in our organization. The customers affected by the data loss will file lawsuits and litigation. The fines would depend on the amount and severity of the data loss. Potentially, the company could go belly up and have to close due to not being able to recover financially and the lack of new customers to provide income.
References: Amoroso, E., (2010). Cyber Attacks: Protecting National Infrastructure. Elsevier Science & Technology. ProQuest Ebook Central, https://ebookcentral- proquest.com.ezproxy.snhu.edu/lib/snhu-ebooks/detail.action?docID=610561 . Andress, J., (2014). The Basics of Information Security, (2 nd Ed), Elsevier Science & Technology. Cebula, J. & Young, L., (2014). A taxonomy of Operational Cyber Security Risks. Carnegie- Melon Univ. Pittsburgh Pa Software Engineering Inst. Chapple, M. & Seidl, D. (2017). CompTIA: CYSA+ Study Guide. John Wiley & Sons Inc, Indianapolis, Indiana. Kim, D., & Solomon, M. (2016). Fundamentals of Information Systems Security, (3 rd Ed), Jones & Bartlett Learning. Understanding Threat Actors 101. Intellectual Point, 05 Nov 2020, Retrieved 17 June 2022 From https://intellectualpoint.com/understanding-threat-actors-101/ What is a Cyber Threat Actor? CrowStrike, 17 May 2022, Retrieved 17 June 2022 from https://www.crowdstrike.com/cybersecurity-101/threat-actor/

Related Documents

4-2 Module Four Lab.docx
OPSCB574 Reflection 1.docx
Task 3.pdf
BUSS230 - SandraC-Portfolio Project week 4 .docx
Core-Mark inventory - suggested solution (1).pdf
IMG_0991.jpeg
Regulatory Agencies_Trisha Dutrow .docx
IHP 6309-1 Final Project.pptx
Hospital Application_Trisha Dutrow.docx
IHP 630 Module 7-1 Analyzing KPI's.docx
Hospital Application_Trisha Dutrow2.docx
Study Objectives.docx
Recommended textbooks for you
Text book image
BUSN 11 Introduction to Business Student Edition
Business
ISBN:9781337407137
Author:Kelly
Publisher:Cengage Learning
Text book image
Essentials of Business Communication (MindTap Cou...
Business
ISBN:9781337386494
Author:Mary Ellen Guffey, Dana Loewy
Publisher:Cengage Learning
Text book image
Accounting Information Systems (14th Edition)
Business
ISBN:9780134474021
Author:Marshall B. Romney, Paul J. Steinbart
Publisher:PEARSON
Text book image
Introduction to Business
Business
ISBN:9781947172548
Author:OpenStax
Publisher:OpenStax College
Text book image
International Business: Competing in the Global M...
Business
ISBN:9781259929441
Author:Charles W. L. Hill Dr, G. Tomas M. Hult
Publisher:McGraw-Hill Education
Text book image
Bcom
Business
ISBN:9780357026595
Author:LEHMAN, Carol M.
Publisher:Cengage Learning,
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
BUSN 11 Introduction to Business Student Edition
Business
ISBN:9781337407137
Author:Kelly
Publisher:Cengage Learning
Text book image
Essentials of Business Communication (MindTap Cou...
Business
ISBN:9781337386494
Author:Mary Ellen Guffey, Dana Loewy
Publisher:Cengage Learning
Text book image
Accounting Information Systems (14th Edition)
Business
ISBN:9780134474021
Author:Marshall B. Romney, Paul J. Steinbart
Publisher:PEARSON
Text book image
Introduction to Business
Business
ISBN:9781947172548
Author:OpenStax
Publisher:OpenStax College
Text book image
International Business: Competing in the Global M...
Business
ISBN:9781259929441
Author:Charles W. L. Hill Dr, G. Tomas M. Hult
Publisher:McGraw-Hill Education
Text book image
Bcom
Business
ISBN:9780357026595
Author:LEHMAN, Carol M.
Publisher:Cengage Learning,
SEE MORE TEXTBOOKS