CPE 592 MT

pdf

School

Stevens Institute Of Technology *

*We aren’t endorsed by this school

Course

440

Subject

Information Systems

Date

Feb 20, 2024

Type

pdf

Pages

2

Uploaded by JudgeClover8746

Report
MIDTERM Tejas Vijay Adhav CWID:- 20012193 Q2) After COVID-19, many offices and institutions are adopting a hybrid work model. Employees can work from either home or the office. a) Principal vulnerabilities and attacks As the head of cybersecurity in an institution with a hybrid work model, I would be worried about the following principal vulnerabilities and attacks: 1. Increased attack surface : Since employees are connecting to the corporate network from a range of places and devices, the hybrid work paradigm increases the organization's attack surface. This increases the difficulty of keeping an eye on and securing every possible entry point. 2. Use of personal devices : When employees bring their own devices to work, there are potentially more security vulnerabilities. These devices could be more vulnerable to malware and other threats and might not have the same security safeguards as corporate equipment. 3. Remote access : Employees connecting to the corporate network remotely are more vulnerable to phishing attacks and other social engineering attacks. They may also be more likely to click on malicious links or open attachments from unknown senders. 4. Increased reliance on cloud-based applications : Cloud-based apps are frequently a major component of hybrid work methods, which might provide additional security threats. Attackers could target these apps, or they might contain security holes that might be used against them. 5. Lack of awareness and training : It's likely that employees are unaware of the cybersecurity risks associated with hybrid employment or are unsure of how to reduce such risks. They may become more open to assaults as a result. b) Measures to address them To address the vulnerabilities and attacks listed above, I would take the following measures: 1. Implement a zero-trust security model : According to a zero-trust security model, no user or device can be relied upon by default. Before being able to access any resources on the corporate network, all users and devices must first undergo authentication and
authorization. Even if an attacker manages to get their hands on a user's credentials or device, this can assist in lessening the chance of unauthorized access. 2. Use endpoint security software : Employee devices may be better shielded from malware and other threats with the use of endpoint security software. Every device—personal as well as corporate—that connects to the corporate network has to have this software installed. 3. Implement strong access control policies : To limit access to sensitive information and resources, access control policies have to be put into place. The least privilege principle, which states that users should only be given access to the resources they require to carry out their job responsibilities, should serve as the foundation for these regulations. 4. Educate and train employees : The best practises for cybersecurity should be taught to and trained upon by employees. Topics include password security, social engineering attack prevention, and phishing awareness should be included in this training. c) Changes due to the COVID-19 outbreak The COVID-19 outbreak has accelerated the adoption of hybrid work models. This has led to an increase in the security risks listed above. 1. The usage of personal gadgets for work has expanded, which is one of the largest developments. Many organizations haven't had time to put in place the required security procedures since they weren't ready for this abrupt change. 2. Another shift is the growing dependence on cloud-based software. To facilitate remote work, several businesses have moved their on-premises apps to the cloud. As a result, the organization now has a larger attack surface and is more susceptible to attacks from the cloud. References:- "Cybersecurity Challenges and Solutions for Hybrid Work Environments" by A. Sheth, P. Kumar, and F. Al-Turjman, IEEE Access, 2022. "Hybrid Work Environments and Cybersecurity: A Review of the Literature" by A. Al-Dulaimi, A. Al- Jarrah, and M. Al-Zoubi, ACM Computing Surveys, 2022. "Security Challenges and Mitigation Strategies in Hybrid Work Environments" by S. Gupta, S. Rani, and M. Shandilya, Journal of Information Security, 2022. "A Zero-Trust Security Model for Hybrid Work Environments" by A. Singh, S. Sharma, and R. Singh, IEEE Transactions on Industrial Informatics, 2022.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Metamerically_plunger_counterrampant.docx
Case_Study P1.docx
Noncircumstantial_lying-ins_walk-up.docx
Week 6 Discussion.docx
ECE9065-2023-lab3.pdf
ECE9065-2023-lab1.pdf
Screenshot 2023-12-02 at 5.18.01 PM.png
Prepare Data For Exploration Course Challenge (Part 1).docx
Prepare Data For Exploration Course Challenge (Part 2).docx
Prepare Data For Exploration Course Challenge (Part 3).docx
Netlab 3.docx
Netlab2.docx