CYB 250- Module 3- Short Response-Adam Mason

doc

School

The University of Oklahoma *

*We aren’t endorsed by this school

Course

122

Subject

Information Systems

Date

Feb 20, 2024

Type

doc

Pages

5

Uploaded by BailiffIce6649

Report
1 Module Three- Short Response Adam Mason Associates in Cyber-Security CYB-250-R3456 Cyber Defense 24EW3 Cody Taylor January 28, 2024
2 Module Three- Short Response . Information security includes confidentiality, integrity, and availability, the CIA trinity in the Sony Pictures affair. Integrity, which guarantees data veracity and authenticity, fits the “Action” category best. The cyber attack on Sony Pictures illegally accessed and modified data, compromising Sony's servers' data. The attackers compromised Sony's servers and deleted important data, showing system integrity issues. The CIA triad gives a complete assessment of information system security. The Sony Pictures incident hinges on information integrity and authenticity, making integrity the most important factor. Analyzing the Sony Pictures attackers and objective with an adversarial attitude helps inform the reaction. This method reveals the attackers' motivations and methods, which can guide future security measures. In the Sony Pictures incident, the assailants wanted to shame the firm and disrupt a movie release. With this information, Sony might have protected its data and systems from this attack. Sony's servers were also targeted for stealing personnel, financial, and internal email data. With this knowledge, Sony might have used multi-factor authentication, encryption, and data access controls to protect this information. Understanding attacker motivation and objectives helps uncover vulnerabilities and prioritize security measures, according to the adversarial mentality approach. If the company had used a threat model proactively, they may have recognized and addressed risks and weaknesses. They may have avoided the incident by making these changes:
3 Improved network security: One compromised email account gave attackers access to Sony's infrastructure. Sony might have prevented unauthorized access by installing firewalls, intrusion detection and prevention systems, and access controls. Encrypting sensitive data: Sony housed employee, financial, and internal email data on its systems. Encryption would have secured this data. It could have been encrypted at rest, during transmission, or both. Regular patching and updates: The attackers exploited a third-party software application vulnerability to compromise Sony's systems. Sony could have addressed these vulnerabilities with regular patches and upgrades. Multi-factor authentication (MFA): MFA requires users to validate their identity with a password and a phone-sent one-time access code. MFA could have protected Sony's systems. Employee training: Employees with access to sensitive systems and data should get information security training on phishing, safe internet use, and other security topics. Third-party vendor management: Sony could have managed third-party vendors by checking their backgrounds, security standards, and access to critical data.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4 Threat modeling: Threat modeling identifies and assesses dangers to an organization's information systems and data. Threat modeling could have helped Sony identify risks and weaknesses and apply security solutions. The adjustments Sony made could have greatly decreased the likelihood of a repeat attack. A threat model and adversarial mentality approach to understanding attackers and objectives would have improved the organization's information security. .
5 References James, E. S. (2015, June 3) . The 2014 Sony hacks, explained. Vox . https://www.vox.com/2015/1/20/18089084/sony-hack-north-korea Peterson, A. (2014, December 18). The Sony Pictures hack, explained . The Washington Post. https://www.washingtonpost.com/news/the-switch/wp/2014/12/18/the-sony-pictures-hack- explained/ Maryann, F. (2022, January 3). What was learned from the 2014 Sony pictures hack? NetworkTigers News. https://news.networktigers.com/opinion/what-was-learned-from-the-2014-sony- pictures-hack/

Related Documents

AT1 Written Questions_Concepts.doc
Prepare Data For Exploration Course Challenge (Part 7).docx
CYB 300 Module Three Lab Worksheet.docx
Defining SOC Hardware and Software requirements .docx
PSI Risk Case Study Assignment.docx
DAD 220 Module Three Major Activity Database Documentation- Adam Mason (1).docx
PD202 Unit 5 Network Mind Map Worksheet.docx
Week 4 Assignment(3) (2).docx
Hall Research Analysis- Week 2_ EDAD 6954 (1).pdf
Module 3 Discussion.docx
Week 1 Case Study 6010 - Gnaneshwari Challapalli(1).docx
CYB_260 7-3 Project Three Submission Service Level Agreement Requirement Recommendations_Richard_Bil