CYB 200 Project Three Milestone
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
200
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
7
Uploaded by DrTree1894
CYB 200 Project Three Milestone Decision Aid Template
Complete the template by filling in the blank cells provided.
I.
Detection
1. Describe the following best practices or methods for detecting a threat actor.
Awareness
Awareness involves being knowledgeable about what potential threats exist. It also means
identifying points of vulnerability and protecting sections of particularly sensitive data.
Auditing
Auditing involves performing scans of systems to detect potential threats or points of
vulnerability. An example of this is mal-ware or anti-virus software scans.
Monitoring
Monitoring is similar to auditing in that it involves searching the systems to identify potential
threats. Monitoring means watching for suspicious behaviors, ensuring protocols are being
followed and keeping logs.
Testing
Testing is one step beyond auditing and monitoring. It involves things like penetration testing
(ethical hacking) or fake phishing emails to test that employees are following security
protocols. This is essential in further identifying points of vulnerability.
Sandboxing
Sandboxing involves executing code in a contained environment so that if it does not
function properly, it doesn’t affect important systems. One example of this is using a virtual
machine to test new software.
Citations:
MITRE ATT&CK: Audit: https://attack.mitre.org/versions/v8/mitigations/M1047/
MITRE ATT&CK: Application Isolation and Sandboxing:
https://attack.mitre.org/versions/v8/mitigations/M1048/
Kral, P. The Incident Handlers Notebook (2011) (pp. 3-11)
https://sansorg.egnyte.com/dl/6Btqoa63at
Kim, D., & Solomon, M. G. (2021).
Fundamentals of information systems security
. Jones & Bartlett Learning,
LLC. Chapter 3 page 163
II.
Characterization
2. Briefly define the following threat actors.
Individuals
who are
“shoulder
surfers”
A shoulder surfer is a person seeking to glean information by reading someone else’s
screen over their shoulder. They might watch as someone enters their password and
username or just read sensitive information from the screen.
Individuals
who do not
follow policy
These are individuals who work for the company and do not follow security protocols, thus
creating security risks. They may write their passwords down or share them or click on
suspicious emails or leave their screens open when they leave their workstation. These
individuals need to be retrained to modify their behavior.
Individuals
using others’
credentials
Attackers may use the login credentials of other users to impersonate them. They may do
this to gain access to information that they are not authorized to access or to hide their
actions by pinning them on another user.
Individuals
who tailgate
A tailgater is someone who follows closely behind another person to sneak past a secure
door. They stay close behind someone who has access, wait for them to access the door
and then slip in behind them.
Individuals
who steal
assets from
company
property
These are individuals who remove data or physical property of the organization from their
appropriate locations. This could be in the form of physical property like laptops or hard
drives or digital media such as downloading information to a flash drive to take home.
Citations:
Kim, D., & Solomon, M. G. (2021).
Fundamentals of information systems security
. Jones & Bartlett Learning,
LLC. Chapter 3 page 178, 183
MITRE ATT&CK: Credential Access: https://attack.mitre.org/versions/v8/tactics/TA0006
3. Describe the following motivations or desired outcomes of threat actors.
Fraud
Fraud is intentionally falsifying, deceiving, or misrepresenting in service of personal gain,
usually at the expense of an institution or business. Essentially fraud is a criminal deception
to gain information that an individual could sell or use as leverage for personal or financial
gain.
Sabotage
Sabotage is intentionally causing the failure of a system. Usually this is done by someone on
the inside who already has access to critical systems of an organization. They may do this to
gain further access to sensitive data or cover up an outside attack.
Vandalism
Vandalism is similar to sabotage in that it is intentionally destroying data or property.
Vandalism is sometimes done at random to cause chaos.
Thef
Theft is when an attacker is able to gain access to sensitive information and intentionally
remove it from its rightful place. An example of this is a hacker gaining unauthorized access
to company financial information and downloading it to their own system for later use.
Citations:
https://www.merriam-webster.com/dictionary/fraud
Cebula, James J., Popeck, Mary, E., Young, Lisa R., A Taxonomy of Operational Cyber Security Risks Version
2(2014) (pp. 4) https://resources.sei.cmu.edu/asset_files/TechnicalNote/2014_004_001_91026.pdf
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4. Identify the company assets that may be at risk from a threat actor for the following types of
institutions.
Remember: Each company will react differently in terms of the type of assets it is trying to protect.
Financial
Tax records, budgets, financial assets, credit card or social security numbers, account
numbers
Medical
Patient medical records, dates of birth, financial records, addresses and other contact
information of patients and/or employees, doctor’s licensing information, DEA numbers,
state licenses etc.
Educational
Student and teacher personal information. If it’s a university there could be financial
records, or loan information
Government
Critical defense intel and infrastructure, classified intel, knowledge of legislative
functions, social security numbers, medicaid/medicare information, tax records, income
information, voter registrations
Retail
Financial records, credit card transactions, account numbers
Pharmaceutical
Proprietary research, financial records, shipments of opioids or other controlled
substances if its related to a retail pharmacy there could be patient records, dates of
birth, address and other contact info and personal protected health information.
Entertainment
Artistic intellectual property, copyright information, financial records
Citations:
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-60v1r1.pdf
Kim, D., & Solomon, M. G. (2021).
Fundamentals of information systems security
. Jones & Bartlett Learning,
LLC. Chapters 3, 6 and 8
III.
Response
Choose a threat actor from Question 2 to research for the response section of the decision aid:
Threat Actor
5. Describe three potential strategies or tactics that you would use to respond to and counter the threat
actor you chose.
Hint: What are the best practices for reacting to this type of threat actor?
Strategy 1
Strategy 2
Strategy 3
Citations:
6. Describe three potential strategies or tactics that you would employ to reduce the likelihood of a
similar threat occurring again.
Hint: What are the best practices for proactively responding to this type of threat actor?
Strategy 1
Strategy 2
Strategy 3
Citations:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7. Explain your reason for determining the threat actor you chose to research. Why are the strategies you
identified appropriate for responding to this threat actor? Justify your tactics to proactively and reactively
respond to this threat actor.