CYB 250 7-1 Final Project David Obi

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

250

Subject

Information Systems

Date

Feb 20, 2024

Type

docx

Pages

9

Uploaded by JusticeRain3195

Report
7-1 Final Project Cody Taylor Obi, David SNHU
I. Personnel or Human Factor Trend Human factors can lead to errors happening and this could be the first problem when it comes to securing an organization’s system. Humans are being used to creating a system and if they’re too lazy or not aware of any lacking components then the security system will not be up to par when dealing with any attacks. A trend that would benefit this company would be awareness. Establishing user awareness for both the cybersecurity team and the rest of the company’s employees would lessen or mitigate any possible attacks that could happen. The company is set to release a new smart headset that will more than likely have important documents stored within them. Each employee (technician) that is assigned with these new headsets should have a great sense of awareness of when and where they should use them. If these headsets are lost inside or outside of the organization’s main office, then they can fall into the wrong hands and more than likely will be exploited. User awareness can be taught by cyber security members and other instructors that the company could hire. I believe that would be a much- needed event for the company to set up just to ensure its employees are aware of the horrors that their own actions could produce for themselves and the company. Human error has resulted in 95 percent of data breaches thus user awareness training would be a great way to lessen this percentage not only for the organization, but also their employees and personnel. This training will help combat against lazy habits employee would such as leaving your computer, or the new headset device unlocked and unattended. There are company documents and important bits of information on these devices which could result in them being
targeted for financial gain. The best way to keep these devices away from prying eyes and attackers would be to keep them locked away from others and attended to when they’re on and unlocked. This is what the user awareness would be used for to avoid any troubles that could happen in the future. The only risk I could see happening from this trend would be the employees and/or company becoming too comfortable with their user and system security. Yes, the employees will be properly trained when it comes to user awareness, but mistakes will still happen regardless because no HUMAN or SECURITY SYSTEM is perfect. The benefits of this training would be that the employees will be more aware and vigilant of their surroundings and how they safeguard their workplace and devices. Even if the devices aren’t issued by the company, they will need this training to ensure their own phones and personal computers aren’t falling into the wrong hands because you’ll never know if their password credentials are saved on their own devices as well. One of the bigger cyber security trends that I have recently seen has been machine learning (ML). Machine learning is the result of data being fed to the machine which enables it to learn how to fight against a multitude of different cyber- attacking scenarios. This method can help prevent future attacks from happening and it will reduce the time needed for cyber security team members to perform their routine tasks. ML can also save business money because they can automate repetitive and time-consuming tasks, thereby reducing the need for manual labor and associated costs. I would highly recommend this method to the organization
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
due to the immense number of benefits it could provide that will not only protect but reduce the budget the company will need to run its business. II. Data Protection Strategy or Technology Employees and other company personnel will have to use Wi-Fi access to connect their devices such as PCs, phones, and laptops. Having an unsecured Wi-Fi access point could put the company at risk of being attacked by hackers that want to access the company’s data or employee information. Passwords, personal data, and financial information can be compromised by Man in the Middle attacks performed by hackers. The best way to defend against these types of attacks would be to use Wi-Fi Protected Access 2 (WPA2). WPA2 was designed to use encryption technology to scramble data so it’s indecipherable to hackers. WPA2 uses what is a called an Advanced Encryption Standard (AES). AES used a one key algorithm that encrypts and decrypts data. The data is not only going to become encrypted, but it will be put through several rounds of substitution, transposition, and mixing so that it is harder to decode and compromise. The main risk with using WPA2 is allowing a device with a pre shared password to join the network. A hacker that is in use of that device could hack into the network traffic and could hijack connections and release their own content into the network traffic stream. Again, this is only an issue if a hacker has a skeleton key, or someone has given them access to the WPA2 Wi-Fi password. The encryption process will possibly slow internet speeds to a small degree and network devices
(routers too) need to stay up to date security wise. Aside from those problems WPA2 completely wipes out the vulnerabilities of WEP to hacker attacks such as ‘man-in-the-middle’, authentication forging, replay, key collision, weak keys, packet forging, and ‘brute–force/dictionary’ attacks”. Technicians that will be in use of the headset while on the WPA2 network should also turn off their Bluetooth when their headset is not in use. Keeping the headsets connectivity on could leave it exposed to hackers that can intercept its Bluetooth connectivity and view the data and information stored within the devices. Two-factor authentication (2FA) and strong passwords should be mandatory for all company employees and personnel to use. Simple passwords provide easy entry access for hackers, and this is a huge NO if you want to keep the organization up and running for a very long time. Establishing a policy for both 2FA and stronger passwords that are longer have more unique characters could keep employee accounts safe from any vigilant attackers. Passwords should also be changed around every month or so to avoid multiple accounts from being compromised just in case of a breach. A high number of breaches (80 percent) are caused by stolen weak, weak, or reused passwords (LastPass, 2021) and by establishing these policies we could lower this high frequency of breaches. III. System Protection Endpoint detection and response tools (EDR) can be another great cyber security tool that the organization could use to identify and respond to external and internal threats. Every endpoint within the network’s infrastructure will be continuously monitored and this can range from employee laptops, desktops, mobile phones, and tablets. An intrusion
detection system (IDS), application control tools, antivirus software, and firewalls will need to be installed to establish this endpoint security protection for all the devices within the organizations walls. The new Bluetooth headset will have a more safeguarded connection if these security tools are well established within the company. Cyber security team members will have greater visibility of the company’s network infrastructure as well as the traffic flow. This will allow them to fluidly monitor what is always going inside and outside of the network infrastructure. Email phishing attacks are at an all-time high and have affected numerous amounts of organizations around the globe. The great thing about using the EDR tools is that it will eliminate these types of malware attacks from happening. If an employee were to open a phishing email and click the attachment inside the EDR would have already identified the malware, contained the threat, it and will send an alert to the cyber security team/admin to confiscate and delete the email. The organization could also look towards reduced costs as well because the cyber security team does not have to expend time and resources to identify false threats. Security updates can also be performed automatically through the system. One of the only disadvantages when it comes to using the end point detection system would be the possibilities of false positives occurring. If this situation were to arise then it would cost the organization time and resources to identify the problem. Due to the EDR system being so large and continuously running it will require a decent amount of processing power and memory to keep it running at an optimal speed. The results of maintaining the speed of the system will obviously cost the company some money but it will be put to good use by keeping their system up to date and running at full capacity.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Another drawback is that the endpoint system collects tons of data and information which leaves a big red target on its back. This will be the focal point for any hacker to attempt to try and access the system and if they’re successful in doing so then they’re in for a big payout. In all, establishing the EDR would be a great addition for the company if they want to establish a great end point connection security system and reduce the cost of maintaining their organization’s security system. An up-and-coming advanced technology called “blockchain” is being used to provide secure and reliable data transmission between companies and individuals. The name derives from data being kept inside each block and the chain gets larger as it moves between owners that feed the blocks more data. The information that is stored within these blocks will more than likely not be tampered with because of an agreed consensus mechanism that validates the accuracy of the information. Information that is viewed by individuals who use blockchains will receive the information in real time making it easy for them to track assets or transactions. Blockchains are DDos proof because their DNS can remove their focal point (Ip address), and this will eliminate the attack from commencing. Data privacy policies are very strict and allow the blockchains to be viewed only through trusted networks that follow the guidelines of the established policy. My last recommendation would be that the Bluetooth headsets would greatly benefit from the security of blockchain if the communication between the devices was secured incorporating it within our system of communications. By using blockchain we could establish a communication protocol that could create a secured channel between two Bluetooth devices. Only authorized devices will be able to communicate within these channels and all communication between these devices will be encrypted and
authenticated. This will eliminate any attacks that could occur during any Bluetooth communication connections. REFERENCES: Center, I. (2023, May 16). How Blockchain Can Prevent Bluetooth Attacks . Infilock Blog. https://infilock.io/blog/how-blockchain-can-prevent-bluetooth-attacks/ The Role of Cybersecurity in Blockchain Technology | UpGuard . (n.d.). Www.upguard.com. https://www.upguard.com/blog/the-role-of- cybersecurity-in-blockchain-technology 139 password statistics to help you stay safe in 2023 - Norton . (n.d.). Us.norton.com. https://us.norton.com/blog/privacy/password-statistics#:~:text=More %20than%2080%25%20of%20confirmed Jr, R. S. (2022, December 30). Benefits of Endpoint Detection and Response (EDR) Services . ClearNetwork, Inc. https://www.clearnetwork.com/benefits-of- endpoint-detection-and-response-edr-services/
Komando, K. (n.d.). Leaving your phone’s Bluetooth on is a bigger risk than you think. Here’s what you need to know. USA TODAY. Retrieved December 18, 2023, from https://www.usatoday.com/story/tech/columnist/komando/2023/02/26/leavi ng-your-phones-bluetooth-24-7-can-major-security-risk/11308150002/ #:~:text=Hackers%20and%20scammers%20need%20to Stanham, L. (2023, November 3). Machine Learning in Cybersecurity: Benefits and Use Cases | CrowdStrike . Crowdstrike.com. https://www.crowdstrike.com/cybersecurity-101/machine-learning- cybersecurity/ Ghimiray, D. (2022, May 10). What Is WPA2 (Wireless Protected Access 2)? What Is WPA2 (Wireless Protected Access 2)? https://www.avg.com/en/signal/what- is-wpa2
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Ex. 2.2 Create database.docx
Procurement ICE.docx
PracticeQuestions_Information Security Overview Pt1.docx
Spd556 T1DQ1.docx
ALICIA G.LAB2.pdf
BIOS255 Lab Week5.docx
Getting to know the Cyber Range LessonExercise_Fall2020.docx
CYB 250 5-3 Final Project Milestone David Obi.docx
Assignment3.docx
NDT Assignment 4.docx
Copy_of_Unit_3_Homework_Assignment_Think_Big_
Copy_of_Unit_5_Homework_Calling_an_Auditable