milestone 3
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
ISE 620
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
5
Uploaded by DukeTurkeyMaster1233
P a g e
|
1
7-2 Final Project Milestone Three: Countermeasures Analysis
Southern New Hampshire University
ISE-620-Q1513 Incident Detection & Response 23TW1
11/5/2023
Systems
P a g e
|
2
During this security breach at Finger Lakes Community Bank, we have been exposed to
several security attack types. Organizations are expected to maintain the security of their
information systems and keep all incoming/outgoing and stored data secure from bad actors.
Though these measures do not in any way guarantee immunity from attacks, they do help to
protect our systems from unauthorized access, data theft, and other malicious act that threaten the
confidentiality, integrity, and availability of data (Scheldt, 2023). In order to prevent an attack
from taking place, we can employ the use of access control and user authentication. By using
access management we are ensuring that those that are accessing the network are authorized to
be there. For instance, an effective countermeasure to an attack would to be to utilize the Role
Based Access Control (RBAC) which limits permissions and access rights strictly to individuals
in each specific role (NIST, 2012). When identifying, authenticating, and authorizing users and
devices, we can use Identity and Access Management (IAM). This process is crucial in
preventing unauthorized users from being granted access to systems and the sensitive
information stored within. IAM can include password policies for the organization such as
requiring the use of multi-factor authentication which further protects hackers from cracking
passwords by requiring a combination of two or methods of verification for access (Scheldt,
2023). Another countermeasure that would reduce negative impacts on the company is the use of
an Intrusion Detection and Prevention System (IDPS) that monitors activities occurring in a
computer system or a network and analyses then for potential security threats (NIST, n.d.). In
general, practicing good cyber hygiene is going to be one of the most common countermeasures
used to protect most systems. This would include using network firewalls, regular software
updates,
using anti-virus/malware protection and detection programs, disabling/removing any
unused applications and devices from the network, etc. As well as all of these practices, cyber
P a g e
|
3
awareness security training for all employees should be required learning events that get done at
least annually. This kind of education and training is going to prepare all employees to know
what to look out for in terms of phishing emails or calls, understand good cyber hygiene, learn
what to do to protect the company and themselves, etc.
Operations
In any business, we want to make sure that we have countermeasures in place to ensure
that the business can stay afloat when inevitably some cyber attack happens, after all, nobody is
fully immune to these attacks. The process to ensure this can be organized into five steps;
identify your sensitive information, identify possible threats, analyze
security holes and other
vulnerabilities, appraise the level of risk associated with each vulnerability, get countermeasures
in place
(Zhang, 2023)
.
Some best practices to implement a robust operational security platform
could be enforcing an access to network restriction by utilizing the principle of least privilege
which restricts access to users to only the minimum levels of access required,
or permissions
needed to perform their job. By doing this, there is a lesser chance of a user with bad intentions
to have free reign over the network, or in the case that a hacker gains access to a user’s account,
they cannot move further into the network past what the compromised account’s permissions
allow for their position (Wikipedia, 2023). Another practice that would ensure that the five steps
are being used is implementation of a precise change management process(es). When network
changes are performed, employees will have a process that they will follow ensuring that all
changes are logged and controlled (Miller, 2020).
Personnel
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
P a g e
|
4
One of the most common vulnerability exploits is areas controlled by human beings, they
are considered the weakest link in terms of the defense chain. To reduce the effects of a cyber-
attack on the personnel aspect of the company, we can use tactics such as security awareness
training programs. By educating employees of the various risks, threats, vulnerabilities, and how
to defend them, we can ensure that the entire teams is set up for cyber success. These programs
can train and help user practices recognizing and countering different types of attacks that may
happen on a day-to-day basis, such as a phishing email asocial engineering attack (EC Council,
2020). Attackers are notorious for “being lazy” when deciding who, what, and where to attack.
They will more often than not choose the path of least resistance when trying to get past the
security walls built round the network, and knowing that they have a better chance of targeting
individual users, it is common for hackers to use social engineering practices and information
that is readily available to the public regarding employees’ positions, personal information, etc.
To help protect the personnel of the company, it is important to limit organizational and
employee information posted online ( company website, social media pages, public
announcements, etc.) Lastly, one of the very key segments of the incident response plan is the
incident reporting and communication channels. The ability to have a reporting structure in place
and allow for employees to make a timely report of incidents that may arise can be the turning
point of an attack. These communication and reporting spaces could be dedicated phone lines,
company portals, secure emails, etc. Company personnel are the backbone of any company, and
ensuring that their security remains a priority and this includes minimizing the effects that they
might feel from cyber incidents that may arise.
P a g e
|
5
References:
EC Council. (2020, May 20).
Security Awareness Training: 6 Important Training Practices
.
Aware.eccouncil.org. https://aware.eccouncil.org/security-awareness-training-6-
important-training-practices.html
Miller, K. (2020, March 19).
5 Critical Steps in the Change Management Process
. Harvard
Business School. https://online.hbs.edu/blog/post/change-management-process
NIST. (n.d.).
Intrusion Detection and Prevention Systems
.
https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=901146
NIST. (2012).
Role Based Access Control | CSRC
. Nist.gov. https://csrc.nist.gov/projects/role-
based-access-control
Scheldt, A. (2023, August 21).
What Is a Countermeasure in Computer Security?
CompTIA.
https://www.comptia.org/blog/what-is-a-countermeasure-in-computer-
security#:~:text=Countermeasures%20often%20refer%20to%20a%20set%20of
%20techniques
Wikipedia. (2023, October 23).
Principle of least privilege
. Wikipedia.
https://en.wikipedia.org/wiki/Principle_of_least_privilege#:~:text=In%20information
%20security%2C%20computer%20science%2C%20and%20other%20fields%2C
Zhang, E. (2023, May 5).
What is Operational Security? The Five-Step Process, Best Practices,
and More
. Www.digitalguardian.com. https://www.digitalguardian.com/blog/what-
operational-security-five-step-process-best-practices-and-more#:~:text=The
%20processes%20involved%20in%20operational%20security%20can%20be