2-1 Module 01

.docx

School

Ivy Tech Community College, Indianapolis *

*We aren’t endorsed by this school

Course

105

Subject

Information Systems

Date

Jul 3, 2024

Type

docx

Pages

2

Uploaded by DrRock101364

Alan Petree CSIA Professor Melanie Hurst 6/06/2024 #TrendingCyber The first attack spoken about is something that could have easily been avoided. In hindsight, I’m sure we can be thankful to how eye opening this attack was. The first step is as simple as a barrier. Fencing with an anti climb collar or rotating spikes. A fence can easily be paired with bollards to prevent any vehicle from getting too close to assist in getting over the fence. Second choice is going to be physical security. By increasing the number of people on the premises to specifically monitor for strange activity, the activists would’ve more than likely been deterred. The last physical level of security I would implement is a passive infrared sensor. If done correctly, if anyone were to make it past the gate and bollards, the guards would most likely see them. In the off chance that they made it past the guards, the passive IR system would have alerted the guards to an increase in the IR levels. Meaning they would know there was unauthorized personnel present. For operational procedures, the first thing that is apparent would be implementing dual control. Upon deploying dual control, automation would be the next step. This would minimize the chance of human error when it comes to data/critical details. The biggest step would be to plan for a disaster. Whether it be drawing out plans, or writing out a handbook for hundreds of specific events. The second attack spoken about is a much more barbaric approach. Breaking a padlock, ransacking the office, and then replacing the padlock to hide any immediate attention to damage. The first implementation that I would see beneficial is security guards. Alongside the security guards, I would introduce a high security: access control vestibule. This vestibule would require an access badge. Also, it would only allow for one door to be open at a time. Lastly, I would implement a wireless bluetooth lock to prevent any loss or duplication of keys. These locks would only send signals to whitelisted devices in order to prevent bluejacking. By removing keypads entirely, it also prevents people from seeing smudges or shoulder surfing a code being put in. Taking from my last set of OPSEC procedures, I will say that we must utilize planning for a disaster. Secondly, we will restrict access to network devices, this will help prevent bluejacking and a plethora of other attacks. We would have also given employees minimal access. We will go with the principle of the least privilege. To help prevent any insider attacks. The last attack written about is something that did not come from lack of physical security, rather a lack of training on social engineering and believing everything that is in front of them. I would say that there isn’t much that I could tell you that I would physically implement, rather than electronic keypads and IR sensors to detect movement. As well as security guards to monitor any cameras and IR sensors within the vicinity. I am going back to my original OPSEC procedures, and would implement dual control, automation, as well as planning for disaster. With the planning for disaster would come training for the disasters. It’s only right every employee is trained on events, and that they are aware that they need to escalate ANY security concerns within the administration to a higher up. Although these scenarios are all different, there are some data security concerns that could all be solved or at least prevented to some extent with a few items. Cable locks are a must have to make it much harder to access documents if someone were trying to gain unauthorized access. Second, you could utilize
faraday bags to prevent tampering with the electromagnetic signals on portable devices. I would even go as far to say that cable conduits are a must have for any government building, or any building with classified information. An alarmed cable conduit would trigger an alarm if anyone were trying to gain access to cables. These conduits would also prevent the need for periodic visual inspection. ( What is operational security? OPSEC explained . Fortinet. (n.d.). https://www.fortinet.com/resources/cyberglossary/operational-security ) Ciampa, M. (n.d.). Pervasive Attack Surfaces and Controls (8th ed.). essay. Retrieved June 6, 2024,.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help