Assessment 1 - Task 2 Review risks and develop cyber responses
docx
keyboard_arrow_up
School
University of Southern Queensland *
*We aren’t endorsed by this school
Course
8018
Subject
Information Systems
Date
Feb 20, 2024
Type
docx
Pages
3
Uploaded by PrivateSummerWren28
Part Three: Implementing Mitigation
a.
The ITWorks CEO Billy has been using a Raspberry Pi within the organisations network during the past month so she can play retro video games at lunch! Billy has only just informed the ICT manager of her actions which has concerned the ICT Department. As you have been working on the risk strategies project you have now been tasked to contribute some ideas regarding the risks the new device will bring.
Complete the table below:
Identify 2 threats / vulnerabilities that the Raspberry Pi has created for ITWorks and list 1 risk / consequence for each.
Using the BSBXCS404-ITWorks-risk-mitigations.docx complete the solutions column by providing one approved mitigation to the identified threat and risk.
Risk management strategies for IoT device – Raspberry Pi
2 Threats / vulnerabilities
1 Risk / consequence
Solutions and strategies (15-30 words per point) Insecure Network Services
Cyber criminals can evade security
control
Consider isolating IoT devices on a separate network that is not connected to sensitive information assets.
Use a firewall to monitor traffic between IoT and the internet to detect suspicious behaviour.
Lack of Device
Management
Third party vendors can pose a threat accessing in security system
Conduct a comprehensive risk assessment before connecting any device to the network.
Install security patches and software updates.
Keep up to date on IoT vulnerabilities and threats.
b.
Your manager is happy with the above intended management strategies and would like you to complete the email below ready to be sent to the CEO Billy
(email does not need to be sent)
.
Hi Billy,
Thanks for allowing us the time to come up with a security strategy to minimise the risk the Raspberry Pi has to the corporate network.
The below is the intended strategy we will implement to ensure the Pi will safely integrate into ITWorks network:
-
Consider isolating IoT devices on a separate network that is not connected to sensitive information assets. Use a firewall to monitor traffic between IoT and the internet to detect suspicious behaviour.
-
Conduct a comprehensive risk assessment before connecting any device to the network. Install security patches and software updates. Keep up to date on IoT vulnerabilities and threats. Thanks for understanding and assisting in keeping the network safe from cyber-attacks.
Regards
ITWorks Manager
Risk Evaluation for IoT – Raspberry Pi
Metric
October
November
IoT - Mitigation implemented in November Malware infection attempts
55
25
Antivirus installed on all appropriate IoT and databases updated daily
Security breach attempts
10
5
Monitoring and analyzing all IoT device activity to detect potential device security incidents
Key loggers
8
3
Use a firewall to block IoT specific ports
Obsolete security
10
2
Update IoT systems regularly
c.
Assume the Raspberry Pi has been active within the network for several months. The
table above shows network incidents that had been monitored / recorded during the month of October, prior to the intended IoT strategies being implemented. November is provided indicating incidents that were recorded post mitigation strategies. Given this data determine indicate if the strategies have been effective and why. (10 – 15 words)
The strategies have been visibly effective since the network incident already got reduced in a significant amount from October to November according to 4 metrics i.e.,
Malware infection attempts, Security breach attempts, Key loggers, Obsolete security
.
Part Four: Determining Compliance
a.
The ITWorks ICT Manager has decided to contract a white hat hacker (whh) to test several components of security on the network. User passwords was one of the security aspects that was initially tested and the below is a small capture of several user password details. The usernames have been hidden but the passwords are displayed. Your task is to complete the table to determine if the passwords are meeting compliance with the BSBXCS404-ITWorks-security-policy.docx.
Password results
User
Password
Compliance Achieved (Yes / No) and reason (approx. 10 – 15 words)
########
Cats12
No (Not 8 character long, doesn’t include special
characters, and can be easily guessed)
########
BaTLord123!
No (Can be easily guessed)
########
password
No (Doesn’t include special characters or numbers)
########
PaSb$h&t22
Yes (More than 8 character long, can’t be guessed easily)
########
dogfan1
No (Not 8 character long, can be easily guessed)
b.
Given the results from the table above research and list two ways that you would address the non-compliance of user passwords? (approx. 15 – 20 words)
Most of the passwords of the table above are not included with special characters, it increases the chance of password susceptibility that can be leaded to financial damage of the company.
Most of the passwords of the table above can easily be guessed and they are not more than 8 character long, so it may increase the chances of password hacking and it leads to information disclosure, fraud, and unauthorized transactions.
c.
Using the BSBXCS404-ITWorks-IR.docx document
Given the work you have completed in question a and b identify the process to ensure escalation occur and to who. (approx. 20 – 25 words)
Notifying all IT Work Personnel of their responsibilities and obligations in the management of cyber security incidents.
Identifying the reporting procedures that must be followed whenever the workers become aware of a cyber security incident.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help