CYB 420 4-2 Project 1 Anthony Velotti (1)
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
420
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
8
Uploaded by avelotti1592
Project One
CYB 420
ANTHONY VELOTTI
The ACME company is in the process of transitioning into a new market. This evolution will allow for ACME to pick up contracts with the federal government over the next seven years. A change of infrastructure is needed to grow external confidence in the organization’s security posture. Performing these assessments will allow for company leadership to plan for how they will meet future compliance and create a budget for the expense of new technology or processes that may need to be introduced. Looking to implement a multi-layer approach to security, I have been tasked as a security analyst to perform an assessment by referencing the inventory of organization hardware and the current organization infrastructure diagram which have been provided. Threat Assessment
The assessment will focus on the threats of people, process, and technology. Within the risk domain of people, vulnerabilities that need to be addressed are access controls. Every employee needs access to the network with the mindset that the network remains secured from outside threats. Creating a unique username for all employees followed by a complex password for each employee will keep threat actors from easily accessing the network. In addition to usernames and passwords, following the principle of least privileged will keep employees from accessing data within the network that does not focus on their job duties. Least privilege access is used when configuring roles and permissions by restricting access rights to the minimum required for each user to perform their job (What is Least Privilege Access?, n.d.)
The next vulnerability within the risk domain of people is the remote employees. Laptops
can connect to public wi-fi which leaves the network open for an attack. Remote employees will need VPN on the laptops to connect to the internal server. The employees will have credentials with a complex password to access the network. This will prevent threat actors from accessing
the network through public wi-fi, adding the protection the network needs, and allowing for employees to remain remote. The process risk domain has vulnerabilities that need addressing. When entering the office, we can see the public record server is out in the open and easily accessible. There are two main concerns that can occur with the public record server out in the open. The data can be easily
accessed, and the data can become corrupt. To solve this problem the public record server can be placed in the closet door locked. A secondary biometric screening can be performed to gain access to the server. This will secure all the data on the server preventing threat actors from accessing the data. The next risk domain in the process is how the network is designed. If a breach occurs within the network the threat actor can access any part of the network. It is important to segment the network. This aligns with the principle of least privileged, as the network will only allow access to the areas in which one needs to complete their job duties. If a password were to be stolen the threat actor can only access the information to which that individual employee had access to. Within the risk domain of technology, the vulnerabilities that need to be addressed are how the technology is connected and the lack of locked doors within the organization. Currently the first floor has three separate departments, each connected to a switch which is connected to the next switch until it reaches the main switch. This allows for each switch to communicate with
each other allowing for complete access to the network. This leaves the door open on the network for risks for threats to occur. By segmenting each switch and having it connect directly to the main switch you are limiting the access if the network were to be accessed by a threat actor.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
The last risk of technology will investigate lack of security within the office. The front door has open access along with all servers being out in the open. To protect the technology the front door needs to be secured with access through key cards for each employee. This will prevent unauthorized access into the office. Putting all servers inside locked closet doors and adding bio-metric screening for access will keep from unauthorized access. The vulnerabilities have now been identified and remedies to resolve the vulnerabilities have been presented. It is important that we implement the changes immediately to protect the network from any type of threats. This will begin our compliance with regulations to acquire the contracts from the government and meet compliance requirements.
Adversarial Mindset
Adversarial thinking requires understanding the technological capabilities of potential hackers and being able to anticipate where, when, and how they might attack (Adversarial Thinking for Cybersecurity, n.d.). When assessing vulnerabilities within the risk domain of people, using an adversarial mindset can help understand the how, where, and why of an attack within the organization. These attacks can generate through social engineering, phishing attacks, or even by human error. Using this mindset, you can determine if you were a threat actor, where you can gain access where to attack. Once you have determined where the problems can arise from you can implement the necessary changes. Using an adversarial mindset within the risk domain of process can be used to determine vulnerabilities within the organization’s operations and objectives. This type of thinking will allow you to determine potential threats and attack vectors for each process, allowing you to prioritize the risks and implement mitigations for each process.
The risk domain of technology can also be viewed using an adversarial mindset. Understanding what assets are valuable to the organization allows you to know what a threat actor would be going after first. Using this information, you can prioritize what needs to be mitigated first. In addition to assets, using this mindset you can understand how weak passwords,
outdated software, unpatched systems, and misconfigured setting can be a weak access point and needs to be updated. Infrastructure Diagram
Old Diagram
New Diagram
Two appropriate controls to address identified vulnerabilities in people are to provide cyber security training for all employees so they have a better understanding of this risk and threats that can occur throughout day-to-day operations. In addition to training, implementing multi-factor authentication to all accounts and systems will add an additional level of protection throughout the network. Two appropriate controls to address identified vulnerabilities in process would be to implement a patch management system allowing the systems to stay up to date with the latest security patches. The next vulnerability to be address would be to implement a vulnerability scanner. This scanner will automatically detect and report potential weaknesses in the system, application, and networks. These changes will identify vulnerabilities before exploited by a threat actor. Vulnerabilities within technology are network segmentation and patch management. Network segmentation blocks lateral movement by controlling access to applications, devices, and databases. It also contains data breaches to the segmented network not allowing the threat actor full access to the network. Patch management includes identifying, testing, deploying, and verifying patches. It can be used to track and document patch status of all assets.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Organizational Protection
Implementing the changes within the risk domain of people, organizations can help reduce the human element. There is no perfect solution but providing cyber security training and implementing access controls within the network to reduce threats. It is important to continuously monitor the network and conduct yearly training sessions to keep the staff up to date with the latest cyber attacks that could occur. When implementing changes in the risk domain of process we are reducing the surface area of which an attack can occur. Breaking down the network into segments with constant monitoring the network, an attack can be reduced and eliminated before the entire network is affected. When looking at the bigger picture you can find multiple vulnerabilities throughout the risk domain of people, process and technology. The changes implemented will have a positive effect on the organization, but it can’t stop there. It is crucial for continued security that the network is constantly monitored. The landscape will constantly change and staying ahead of the latest type of attacks and keeping staff in the loop will continue to provide an effective defense against attacks.
References What Is Least Privilege Access?
(n.d.). Palo Alto Networks. https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access#:~:text=What
%20Is%20Least%20Privilege%20Access%3F%201%20Least%20Privilege
Adversarial Thinking for Cybersecurity
. (n.d.). Cedarville University. https://www.cedarville.edu/insights/post/adversarial-thinking-for-cybersecurity