Midterm
docx
keyboard_arrow_up
School
Jomo Kenyatta University of Agriculture and Technology *
*We aren’t endorsed by this school
Course
CYBSEC
Subject
Information Systems
Date
Nov 24, 2024
Type
docx
Pages
5
Uploaded by SargentBookSquirrel5
16.
Proprietary data is data that is owned by an organization and is considered a valuable asset and
sensitive data. It contains information that gives the organization a competitive advantage over
other companies and should be protected to maintain the organization's uniqueness and
profitability.
Why data is proprietary
It contains intellectual property i.e. patents, trademarks, copyrights, and secrets of trade.
The data may contain employee data that contains sensitive information such as social security
numbers, performance evaluations, and salaries.
The data may contain customer listings that are considered confidential and sensitive.
17.
Session hijacking occurs when an attacker gains unauthorized access to a session of a user,
allowing them to impersonate the user and potentially perform malicious actions.
Preventing Session hijacking
Using HTTP (SSL/TLS encryption)
-implementing SSL/TLS encryption for web traffic. Data
between the browser of the user and the server will be encrypted making it secure and difficult
for attackers to intercept and change data.
Using secure for cookies
- secure flag ensures that cookies are sent only over a secure HTTPS
connection.
Web Application Firewalls -
deploying Web application firewalls will help filter and block
traffic before it reaches the web application. Web application firewalls will identify and block
types of attacks such as session hijacking attempts through inspecting and monitoring incoming
and outgoing traffic.
Use CAPTCHA or multi-factor authentication:
Implementing additional authentication
measures, such as CAPTCHA challenges or multi-factor authentication, to protect against brute
force and credential stuffing attacks.
18.
Use of digital signatures
- digital signatures provide a way to verify the authenticity and
integrity of a file. Digitally signed files mean that the file has not been tampered with and will be
traced to the entity that signed it. The organization will digitally sign the file before making it
available for download. Users can verify the signature using the organization's public key to
ensure its authenticity.
Use of Hash functions
- The organization will calculate the hash value of the file and publish it
on their website. Users will download the file and calculate its hash value. If the calculated hash
matches the published one, the file is intact.
Using secure file transfer protocols like SFTP (SSH File Transfer Protocol) -
This adds an
additional layer of security to file transfers. The organization will ensure that the file is made
available for download through these secure protocols to protect against data interception and
tampering during transfer.
Using SSL/TLS
- SSL/TLS encrypts the data in transit, ensuring that it remains confidential and
hasn't been tampered with during download. The organization should deploy usage of SSL/TLS
to secure the connection between the remote offices and the website/server where the file is
hosted.
19.
The first step I would recommend is to
identify requirements
. This involves understanding the
organization's current security posture, its risk tolerance, and its compliance obligations.
Specific steps that can be taken to identify requirements:
Meet with key stakeholders, such as the CIO, CISO, and other IT leaders, to understand
their concerns and priorities.
Review the organization's security policies and procedures.
Conduct a security assessment to identify existing vulnerabilities and gaps in the
organization's security posture.
Research industry best practices and standards for vulnerability management.
20.
Sensitive PII
and
non-sensitive PII.
Sensitive PII
includes highly personal data that, if exposed, can lead to severe risks for
individuals, such as identity theft or financial fraud. Examples of sensitive PII are Social Security
Numbers (SSNs), financial account information, medical records, and biometric data. These data
types require the highest level of protection and stringent security measures.
Non-sensitive PII
should also be safeguarded, but the security measures may not need to be as
strict as those applied to sensitive PII.
In contrast, non-sensitive PII, while still personally identifying, poses lower risks when exposed.
Examples include names, addresses, email addresses, date of birth, and gender.
21
For a number of reasons, notifying customers who might be impacted when private information
including Protected Health Information (PHI) has been accessed during a security event is vital.
Failure to do so may have serious legal, moral, and practical repercussions.
Organizations are required by numerous laws and regulations, including the Health Insurance
Portability and Accountability Act (HIPAA) in the United States, to inform people whose PHI
has been compromised in a security event. If you don't, you risk receiving harsh fines and
penalties.
Customers trust businesses with their private information, particularly in the healthcare sector.
Giving a statement exhibits openness and dedication to fixing the problem, which can aid in
restoring trust.
By informing potentially impacted clients, you can encourage them to take the required security
measures, such as changing their passwords or keeping an eye on their bank accounts, to avoid
further damage or identity theft.
An organization's reputation may suffer if affected customers are not informed. The public view
of the breach could be harmed and customer retention could suffer when word of the breach
spreads through other channels.
22,
When a vulnerability scanner reports a false positive, the security team should first identify the
root cause of the false positive. Once the root cause is identified, the team can take steps to
mitigate it. The team should also suppress the false positive in the scanner and communicate the
false positive to the application's developers and other stakeholders. Finally, the team should
update the scanner's signature database.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Other actions
Document the False Positive
: The security team should create records that clearly indicate that
the vulnerability is a false positive, including the reasons for this determination.
Adjust Scanner Settings
: If false positives occur due to scanner settings or outdated signatures,
the security team should make necessary adjustments to the vulnerability scanner's
configurations to prevent similar issues in the future.
Educate and Train Staff
: Ensure that the team members responsible for using the vulnerability
scanner are well-trained in identifying and addressing false positives.
Continuous Monitoring
: Regularly review and re-scan the network, especially after system
changes or updates.
24,
OWASP (Open Web Application Security Project) and CVE (Common Vulnerabilities and
Exposures)
The nonprofit group OWASP is dedicated to enhancing software security. For cybersecurity
analysts, in particular those who work with web application security, it offers useful resources
and tools:
The OWASP Top Ten is a well-known ranking of the most important online application security
concerns. It assists analysts in prioritizing their mitigation efforts and identifying typical
vulnerabilities in online applications.
Guides and Best Practices: To assist analysts and developers in creating web applications that are
more secure, OWASP provides a multitude of guides, best practices, and documentation. These
resources cover a range of subjects, including threat modeling and secure coding techniques.
CVE is a program that gives distinctive identities (CVE IDs) to vulnerabilities that have been
made public.
Standardized Vulnerability Identifiers: CVE offers a uniform method of referencing and
communicating vulnerabilities, making it simpler for analysts and security experts to share
knowledge and monitor vulnerabilities across various systems and databases.
Coordination and Collaboration: CVE promotes collaboration among many stakeholders,
including vendors, researchers, and analysts.
CVE Databases: Many databases and tools, such as the National Vulnerability Database (NVD),
which offers comprehensive details on identified vulnerabilities, rely on CVE.
25.
Honeynets are a useful tool for understanding how attackers behave in the wild because they
establish a controlled environment that mimics a genuine network. Honeynets allow researchers
to monitor and examine real-world threats and tactics without putting actual systems or data at
risk by simulating the conditions of a legitimate network.
By gathering information about the techniques, equipment, and tools used by attackers,
honeynets produce useful threat intelligence.
Threats can be quickly identified through honeynets, frequently before they affect live systems.
Organizations can respond rapidly to prospective assaults thanks to this early warning, limiting
or averting damage.
Organizations can use honeynets to test and validate security measures like firewalls and
intrusion detection systems. Organizations can evaluate the effectiveness of these controls and
make the required adjustments by exposing them to actual threats in a secure environment.
Honeynets are a great tool for forensics and incident response. The information gathered from
honeynets can be analyzed by security teams to learn how attackers break systems and move
laterally throughout a network.