CYB_200_Project_Three_Milestone_Owen_Capak

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

200

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

7

Uploaded by BailiffYakMaster294

Report
CYB 200 Project Two Milestone Decision Aid Template Complete the template by filling in the blank cells provided. I. Detection 1. Describe the following best practices or methods for detecting a threat actor. Awareness Promoting cybersecurity awareness among employees to recognize and report suspicious activities. Auditing Conducting regular audits of systems, networks, and logs to identify anomalies and potential security breaches. Diligence Encouraging employees to remain vigilant and cautious when handling sensitive information or interacting with unknown sources. Monitoring Implementing continuous monitoring solutions to track network traffic, system activities, and user behavior for signs of compromise. Testing Performing regular penetration testing and vulnerability assessments to identify and address security weaknesses. Sandboxing Employing sandbox environments to safely analyze and test suspicious files, applications, or activities. Enticing Creating honeypots or decoy systems to lure and identify potential attackers. Citations:
II. Characterization 2. Briefly define the following threat actors. Individuals who are “shoulder surfers” Threat actors who attempt to gain unauthorized access or steal sensitive information by observing or eavesdropping on individuals' screens or activities in public places. Individuals who do not follow policy Threat actors who knowingly or unknowingly violate organizational security policies and procedures, increasing the risk of security incidents and breaches. Individuals using others’ credentials Threat actors who impersonate legitimate users by obtaining or stealing their credentials to gain unauthorized access to systems, networks, or data. Individuals who tailgate Threat actors who exploit physical security weaknesses by following authorized individuals into restricted areas without proper authentication or authorization. Individuals who steal assets from company property Threat actors who unlawfully remove or misappropriate physical assets, equipment, or resources belonging to the organization. Citations:
3. Describe the following motivations or desired outcomes of threat actors. Fraud Threat actors seek financial gain through fraudulent activities such as identity theft, credit card fraud, or financial scams. Sabotage Threat actors aim to disrupt or damage organizational operations, infrastructure, or reputation through deliberate acts of sabotage. Vandalism Threat actors engage in malicious activities to deface websites, vandalize digital assets, or spread destructive malware. Theft Threat actors steal sensitive information, intellectual property, or valuable assets for financial gain or competitive advantage. Citations:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4. Identify the company assets that may be at risk from a threat actor for the following types of institutions. Remember: Each company will react differently in terms of the type of assets it is trying to protect. Financial Customer financial data, transaction records, and banking systems. Medical Electronic health records (EHR), patient information, and medical devices. Educational Student records, research data, and academic resources. Government Classified documents, sensitive information, and critical infrastructure systems. Retail Customer payment information, personal data, and e-commerce platforms. Pharmaceutical Drug research, intellectual property, and regulatory compliance data. Entertainment Digital content, intellectual property, and user accounts. Citations: III. Response
Choose a threat actor from Question 2 to research for the response section of the decision aid: Threat Actor Individuals who steal assets from company property 5. Describe three potential strategies or tactics that you would use to respond to and counter the threat actor you chose. Hint: What are the best practices for reacting to this type of threat actor? Strategy 1 Strategy 2 Strategy 3 Implementing access controls and surveillance measures to monitor and restrict unauthorized access to company premises and assets. Conducting regular security audits and inventory checks to track and protect valuable physical assets from theft or misuse. Providing employee training and awareness programs to educate staff on security protocols, reporting procedures, and the importance of safeguarding company property. Citations:
6. Describe three potential strategies or tactics that you would employ to reduce the likelihood of a similar threat occurring again. Hint: What are the best practices for proactively responding to this type of threat actor? Strategy 1 Strategy 2 Strategy 3 Enhancing physical security measures, such as installing CCTV cameras, access control systems, and intrusion detection alarms. Implementing strict access management policies and procedures to limit employee access to sensitive areas and assets based on job roles and responsibilities. Conducting background checks and vetting procedures for employees, contractors, and vendors to mitigate the risk of insider threats and unauthorized access. Citations:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
7. Explain your reason for determining the threat actor you chose to research. Why are the strategies you identified appropriate for responding to this threat actor? Justify your tactics to proactively and reactively respond to this threat actor. The chosen threat actor, "Individuals who steal assets from company property," poses a significant risk due to potential financial losses and operational disruptions. To address this threat, proactive measures such as access controls, surveillance systems, and employee awareness programs are crucial. Enhancing physical security measures, including access controls and surveillance, helps deter and detect unauthorized access and suspicious activities. Employee training raises awareness and encourages a culture of vigilance, empowering staff to identify and report suspicious behavior. Proactively, the organization should invest in advanced surveillance technologies, implement strict access controls, and conduct regular security audits to identify vulnerabilities. Reactively, clear escalation procedures, coordination with law enforcement, and incident response plans are essential to minimize the impact of theft incidents. In summary, a comprehensive approach combining proactive measures with reactive response tactics is vital to mitigate the risk of physical theft and safeguard company assets.

Related Documents

week 8 Discussion Questions.docx
IT-FPX2230_LastFirst_Assessment2-Attempt1.docx
Ch 2 Notes.docx
Chapter 1 HW.docx
Chapter 2 HW.pdf
A2- Interview Questions.docx
Module 5 FOR 565 writing .docx
Module 6 writing assignment for 550.docx
IRB FAQ_Pilot Study vs Field Test_V8.9.23(1).docx
CYB 240 Vulnerability Summary Report Michael Lara.docx
CYB 230 Module Four Lab Worksheet Michael_Lara.docx
CYB 220 Module Five Technology Evaluation Criteria Worksheet Michael Lara.docx