Braccili CYB 200 Project Three Milestone Decision Aid

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

200

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

9

Uploaded by ColonelEel1513

Report
CYB 200 Project Three Milestone Decision Aid Template Complete the template by filling in the blank cells provided. I. Detection 1. Describe the following best practices or methods for detecting a threat actor. Awareness Awareness is being aware of something so detecting threat actors though awareness is best through learning. Learning helps you become more aware you learn to know why threat actors arrive what are the motives behind the attack, how do we stop it. Auditing Cyber security auditing is finding the presence of cyber security controls such as firewall and intrusion detection services. So to find the presence of threat actors in firewalls etc you regulate, if you keep an eye out for these potential targets that pop up in the fire wall you can stop them. Monitoring Obviously monitoring is keeping an eye on things, so to detect a threat actor through this one is obvious we monitor any suspicious activity that arises. We keep track of users, applications, firewalls etc. Testing “Penetration test serves to expose the weaknesses a real-world threat actor may find by attempting to breach your organisation's security using the same exploits, techniques and strategies an external threat actor would use to gain unauthorised access to your sensitive data.” So with this from the website cyber audit team we test to understand the strategies that threat actors do so we understand them and we can fix the weakness within our code to prevent them Sandboxing So with this one you keep malicious program or code away from the rest of the organizations environment so with that being said you can detect and remove threats easier without having to worry about the important code or your programs Citations: https://www.bitsight.com/blog/cybersecurity-audit-assessment-which-do-you-need#:~:text=A %20cybersecurity%20audit%20is%20used,that%20compliance%20requirements%20are%20met . https://cyberauditteam.com/services/vulnerability-management/penetration-testing-pen-test#:~:text=A %20penetration%20test%20(pen%20test,access%20to%20your%20sensitive%20data . https://www.checkpoint.com/cyber-hub/threat-prevention/what-is-sandboxing/#:~:text=Sandboxing %20works%20by%20keeping%20potentially,it%20can%20be%20removed%20proactively.
II. Characterization 2. Briefly define the following threat actors. Individuals who are “shoulder surfers” “Shoulder surfing occurs when someone watches over your shoulder to nab valuable information such as your password, ATM PIN, or credit card number, as you key it into an electronic device. When the snoop uses your information for financial gain, the activity becomes identity theft.” Individuals who do not follow policy They know the policies of the business but steal data anyway for financial gain Individuals using others’ credentials “Credential stuffing is a cybersecurity vulnerability in which hackers target web infrastructures and take over user accounts using stolen credentials. When hackers use organisational credentials to login and hijack user accounts, the threat gets further elevated.” Individuals who tailgate “Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers.” Individuals who steal assets from company property “Embezzlement occurs when someone steals or misappropriates money or property from an employer, business partner, or another person who trusted the embezzler with the asset. Embezzlement is different from fraud or larceny (theft). The embezzler has permission to handle the property in a certain way (but not to take it).”
Citations: https://lifelock.norton.com/learn/identity-theft-resources/what-is-shoulder-surfing#:~:text=Shoulder %20surfing%20occurs%20when%20someone,the%20activity%20becomes%20identity%20theft . https://www.loginradius.com/blog/identity/prevent-credential-stuffing-attacks/#:~:text=Credential %20stuffing%20is%20a%20cybersecurity,the%20threat%20gets%20further%20elevated . https://www.mcafee.com/blogs/internet-security/what-are-tailgating-attacks/#:~:text=Tailgating%20is %20a%20type%20of,even%20install%20malware%20on%20computers . https://www.nolo.com/legal-encyclopedia/what-is-embezzlement.html#:~:text=Embezzlement%20occurs %20when%20someone%20steals,but%20not%20to%20take%20it).
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
3. Describe the following motivations or desired outcomes of threat actors. Fraud Threat actors sometimes just want money and some are terrorists Russia a while back hacked the U.S. gas pumps not to get the money but to make the U.S. suffer by raising the prices because Russia hates the u.s. So with fraud they either want hack and get the vicums info and sell the info to make money or they hate the person and ruin their life everyone has different motives. Sabotage Mabey they want to make money by sabotaging a organizations computer with malware and asking for money to unlock it A.K.A random ware this case they want money maybe steal info and sell it to opposing businesses because they hate the organization that much Vandalism Sometimes hackers like to flex just because their egotistical so they can hack into a website that doesn’t have much security and vandalize it just because they can. Theft This ones straight forward they hack an organization for money they can steal and sell data, they can steal financial info from a bank and make money or sell that info this one most likely is for financial gain outcome money. Citations: On the top of my head
4. Identify the company assets that may be at risk from a threat actor for the following types of institutions. Remember: Each company will react differently in terms of the type of assets it is trying to protect. Financial For financial they steal credit card info, customer information, Social security numbers Medical Insurance information, patient’s health information, personal info Educational Transcripts, financial info, faculty info, emails passwords Government Top secret clearance info, government info, maybe military ids, they can have police info, military info, cia and fbi info, know what there doing knowing secreat missions knowing how to weaken the government this would be the worst one for info to be stolen from Retail Client information, business secrets mabey a slogan mabey a secret recipe, debit and/or credit card info Pharmaceutical Customer information what drugs there taking, they can steal pills sell on dark web, maybe recipes to drugs make it and sell it their selves Entertainment “Web Portals and Data Theft. ... Malware. ... Ransomware. ... Third-Party and Supply Chain Risks. ... Remote Working. ... Leaked Content and Movie Pirating. ... Sabotage or Hacktivism. ... Leaked High-Profile Emails.”
Citations: https://www.upguard.com/blog/cybersecurity-in-the-entertainment-industry
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
III. Response Choose a threat actor from Question 2 to research for the response section of the decision aid: Threat Actor Shoulder surfers 5. Describe three potential strategies or tactics that you would use to respond to and counter the threat actor you chose. Hint: What are the best practices for reacting to this type of threat actor? Strategy 1 Strategy 2 Strategy 3 Cover the ATM keypad when entering your PIN. Use a screen protector for public computers or laptops, and your phone. A screen protector only allows you to see the screen if your facing right at it Don't verbalize sensitive information over a mobile device in public. Citations: https://www.techtarget.com/searchsecurity/definition/shoulder-surfing#:~:text=Here%20are%20a%20few %20other%20helpful%20tips%20to%20avoid%20being,an%20added%20layer%20of%20cybersecurity.
6. Describe three potential strategies or tactics that you would employ to reduce the likelihood of a similar threat occurring again. Hint: What are the best practices for proactively responding to this type of threat actor? Strategy 1 Strategy 2 Strategy 3 Don’t go on anything in public that has to do with sensitive information like if something requires a user name and password either don’t do it in public or make sure no one is around you look around first If you don’t have one buy a screen protector that prevents people looking at your sensitive info because not they cant see it If your suspicious of someone you can also scream police police!!!!!!!!!!!! I know it seems stupid but if you yell that word people are 99% of the time going to run away. That will defiantly make people think twice Citations: On top of my head common sense
7. Explain your reason for determining the threat actor you chose to research. Why are the strategies you identified appropriate for responding to this threat actor? Justify your tactics to proactively and reactively respond to this threat actor. Because I feel this is the one you can easily prevent the best. My strategies are appropriate for responding to the threat actor because there the most logical reasons your not going to pull out a gun and threaten someone if they look, your not going to say oh can you see from back there here ill show you my credit card info, your not going to go in public and talk about personal info. This is the most logical way to deal with the problem by follow the steps I suggested above. Well screen protectors is a great way to prevent the problem you just buy it and it prevents info being stolen. Covering atm pin is common steps so no one can see what your typing in and it prevents money from being stolen. Finally not saying personally info out loud is defiantly common sense and it’s a easy way to prevent data being stolen just don’t talk about it. Now why put that down that obvious well you’ll be surprised with what people do, oh hes my best friend ill tell him um no.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

City Jail Database Submission.docx
D._Chance_-_City_Jail_Constraints_Submission (1).docx
W7A1 Data Warehouse.docx
Section 3 & 4 Parts.docx
Phone policy.docx
Braccili IT 202 Project Two.docx
304 narrative assessment (5).docx
CYB_230_Module_Four_Lab_Worksheet_Chris_Braccili.docx
CYB_230_Module_Three_Lab_Chris_Braccili.docx
CYB_200_Project_One_Chris_Braccil1.docx
Zero Trust Discovery Questions.docx
DCS Vertiv Kick off.pptx