CYB_200_Project_Three_Milestone
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
200
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
7
Uploaded by DrTree1894
CYB 200 Project Three Milestone Decision Aid Template
Complete the template by filling in the blank cells provided.
I.
Detection
1. Describe the following best practices or methods for detecting a threat actor.
Awareness
Awareness involves being knowledgeable about what potential threats exist. It also means
identifying points of vulnerability and protecting sections of particularly sensitive data.
Auditing
Auditing involves performing scans of systems to detect potential threats or points of
vulnerability. An example of this is mal-ware or anti-virus software scans.
Monitoring
Monitoring is similar to auditing in that it involves searching the systems to identify potential
threats. Monitoring means watching for suspicious behaviors, ensuring protocols are being
followed and keeping logs.
Testing
Testing is one step beyond auditing and monitoring. It involves things like penetration testing
(ethical hacking) or fake phishing emails to test that employees are following security
protocols. This is essential in further identifying points of vulnerability.
Sandboxing
Sandboxing involves executing code in a contained environment so that if it does not
function properly, it doesn’t affect important systems. One example of this is using a virtual
machine to test new software.
Citations:
MITRE ATT&CK: Audit: https://attack.mitre.org/versions/v8/mitigations/M1047/
MITRE ATT&CK: Application Isolation and Sandboxing:
https://attack.mitre.org/versions/v8/mitigations/M1048/
Kral, P. The Incident Handlers Notebook (2011) (pp. 3-11)
https://sansorg.egnyte.com/dl/6Btqoa63at
Kim, D., & Solomon, M. G. (2021).
Fundamentals of information systems security
. Jones & Bartlett
Learning, LLC. Chapter 3 page 163
II.
Characterization
2. Briefly define the following threat actors.
Individuals
who are
“shoulder
surfers”
A shoulder surfer is a person seeking to glean information by reading someone else’s screen
over their shoulder. They might watch as someone enters their password and username or
just read sensitive information from the screen.
Individuals
who do not
follow policy
These are individuals who work for the company and do not follow security protocols, thus
creating security risks. They may write their passwords down or share them or click on
suspicious emails or leave their screens open when they leave their workstation. These
individuals need to be retrained to modify their behavior.
Individuals
using others’
credentials
Attackers may use the login credentials of other users to impersonate them. They may do
this to gain access to information that they are not authorized to access or to hide their
actions by pinning them on another user.
Individuals
who tailgate
A tailgater is someone who follows closely behind another person to sneak past a secure
door. They stay close behind someone who has access, wait for them to access the door and
then slip in behind them.
Individuals
who steal
assets from
company
property
These are individuals who remove data or physical property of the organization from their
appropriate locations. This could be in the form of physical property like laptops or hard
drives or digital media such as downloading information to a flash drive to take home.
Citations:
Kim, D., & Solomon, M. G. (2021).
Fundamentals of information systems security
. Jones & Bartlett
Learning, LLC. Chapter 3 page 178, 183
MITRE ATT&CK: Credential Access: https://attack.mitre.org/versions/v8/tactics/TA0006
3. Describe the following motivations or desired outcomes of threat actors.
Fraud
Fraud is intentionally falsifying, deceiving, or misrepresenting in service of personal gain,
usually at the expense of an institution or business. Essentially fraud is a criminal deception
to gain information that an individual could sell or use as leverage for personal or financial
gain.
Sabotage
Sabotage is intentionally causing the failure of a system. Usually this is done by someone on
the inside who already has access to critical systems of an organization. They may do this to
gain further access to sensitive data or cover up an outside attack.
Vandalism
Vandalism is similar to sabotage in that it is intentionally destroying data or property.
Vandalism is sometimes done at random to cause chaos.
Theft
Theft is when an attacker is able to gain access to sensitive information and intentionally
remove it from its rightful place. An example of this is a hacker gaining unauthorized access
to company financial information and downloading it to their own system for later use.
Citations:
https://www.merriam-webster.com/dictionary/fraud
Cebula, James J., Popeck, Mary, E., Young, Lisa R., A Taxonomy of Operational Cyber Security Risks
Version 2(2014) (pp. 4) https://resources.sei.cmu.edu/asset_files/TechnicalNote/2014_004_001_91026.pdf
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4. Identify the company assets that may be at risk from a threat actor for the following types of
institutions.
Remember: Each company will react differently in terms of the type of assets it is trying to protect.
Financial
Tax records, budgets, financial assets, credit card or social security numbers, account
numbers
Medical
Patient medical records, dates of birth, financial records, addresses and other contact
information of patients and/or employees, doctor’s licensing information, DEA numbers,
state licenses etc.
Educational
Student and teacher personal information. If it’s a university there could be financial
records, or loan information
Government
Critical defense intel and infrastructure, classified intel, knowledge of legislative
functions, social security numbers, medicaid/medicare information, tax records, income
information, voter registrations
Retail
Financial records, credit card transactions, account numbers
Pharmaceutica
l
Proprietary research, financial records, shipments of opioids or other controlled
substances if its related to a retail pharmacy there could be patient records, dates of birth,
address and other contact info and personal protected health information.
Entertainment
Artistic intellectual property, copyright information, financial records
Citations:
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-60v1r1.pdf
Kim, D., & Solomon, M. G. (2021).
Fundamentals of information systems security
. Jones & Bartlett
Learning, LLC. Chapters 3, 6 and 8
III.
Response
Choose a threat actor from Question 2 to research for the response section of the decision aid:
Threat Actor
Individual using others’ credentials
5. Describe three potential strategies or tactics that you would use to respond to and counter the threat
actor you chose.
Hint: What are the best practices for reacting to this type of threat actor?
Strategy 1
Strategy 2
Strategy 3
Check logs files for information on
which users accessed the systems
and when. Review traffic for
suspicious activity to identify the
culprit.
Speak with employees about if they
have seen any suspicious activity, if
they have been keeping their
passwords safe and determine if the
credentials were intentionally
shared or if they were stolen and
how.
Identify the stolen credentials
and lock down all access from
that user temporarily until the
threat can be assessed. Then
have the rightful user of the
credentials change all their
passwords.
Citations:
Kim, D., & Solomon, M. G. (2021).
Fundamentals of information systems security
. Jones & Bartlett
Learning, LLC. Chapter 6
6. Describe three potential strategies or tactics that you would employ to reduce the likelihood of a
similar threat occurring again.
Hint: What are the best practices for proactively responding to this type of threat actor?
Strategy 1
Strategy 2
Strategy 3
Implement two factor
authentication where users not only
need their username and password
but also need a second form of
authentication such as a code sent to
an email, text or authentication
device.
Implement a quarterly training
course on security. Train employees
on keeping their passwords safe,
changing them often and ensuring
they know what to do if they
suspect their credentials have been
stolen or otherwise used by an
unauthorized person.
Setup a system for monitoring
and reviewing log files regularly
to audit them for suspicious
activity.
Citations:
Kim, D., & Solomon, M. G. (2021).
Fundamentals of information systems security
. Jones & Bartlett
Learning, LLC. Chapter 6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7. Explain your reason for determining the threat actor you chose to research. Why are the strategies
you identified appropriate for responding to this threat actor? Justify your tactics to proactively and
reactively respond to this threat actor.
Individuals using others’ credentials is a major threat because the amount of information they would have
access to is much greater than anything they could get from just stealing a few physical files or reading over
someone’s shoulder. Depending on whose credentials were stolen they may have access to an entire system.
This is a problem that requires engagement from all employees not just those in IT. That is why my tactics
focus on involving all employees in the process of credential protection. I would start by focusing on a quick
containment method which is why I suggested shutting down access from the stolen set of credentials.
However, to do that you would need to know which credentials were stolen. That is why it is important to do
things like check log files or interview employees about suspicious activity. Preventing future threats also
involves everyone. That is why I suggest involving every employee at all levels in security training. Having
every user set up two factor authentication provides an extra step that an attacker would have to get through
to gain access. I also believe that things such as two factor authentication are a way of social engineering that
reminds people that security is important. Since they have to take that second step to access their workstations
it’s one more reminder that the system they’re accessing is private and needs to stay secure.