DebPramanik-Lab-1 - Current Events-10302023
docx
keyboard_arrow_up
School
University Of Arizona *
*We aren’t endorsed by this school
Course
515
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
2
Uploaded by DrFlower11387
Lab-1: Current Events
From the many feeds, I selected 5 current event items that deal with information security or have
implications to information security or national information security. They can be among any
item listed in the feeds. For each of the 5 current events:
1.
Locating Security News Feeds:
There are many cyber security related feeds available. From the list of potential information
security type feeds listed in “Lab-1-Current-Events.pdf” instruction, I located one feed and found
news releases or incidents that I can use for analysis.
GovInfoSecurity is a multi-media
website
published by Information Security Media Group,
Corp. (ISMG), a company specializing in coverage of information security, risk management,
privacy and fraud.
2.
Choose and Analyze Feeds:
From the many feeds in GovInfoSecurity
website
, I selected 5 current event items that deal with
information security or have implications to information security or national information
security.
3.
My First and Last Name: Debsankar Pramanik
4.
Date: 11/10/2023
5.
Name of the Lab
: Lab-1.
6.
For each of the 5 current event, I provided:
A.
Current Event 1:
a. The
link
to the current event:
https://www.govinfosecurity.com/cisas-new-sbom-
guidance-faces-implementation-challenges-a-23579
b. A brief
summary
of the event: Many Organizations Lack Resources to Develop
Adequate SBOM (Software Bill of Materials
)
Consumption Processes. The guidance
includes best practices for developing SBOM generation and consumption processes. But
it seems to be a huge challenge, as many organizations lack the tools required to manage
SBOMs.
c. My
analysis
of the CIA triangle issues:
c1 – Confidentiality: The different government organizations depict a guideline to
its customers about the new policy but mentioned that use of new software’s would be
stopped until the SBOM is implemented fully.
c2 – Integrity: No breaches in integrity were reported.
c3 – Availability: Availability was not affected since the existing customers were
using all the existing software.
d. either the proposed
resolution
or, if not available, what I think should be done:
There would be detailed training, given to all government end users, stressing the
importance of the SBOM guidance they needed to understand when a vulnerability is
disclosed that they have the intelligence to move to action more quickly or in the future,
automatically.
B.
Current Event 2:
a. The
link
to the current event:
https://www.govinfosecurity.com/state-maine-confirms-
impact-in-global-moveit-cyberattack-a-23576
b. A brief
summary
of the event: State of Maine Confirms Impact in Global MOVEit
Cyberattack.
c. My
analysis
of the CIA triangle issues:
c1 – Confidentiality: The ransomware group used an injection flaw vulnerability
to breach the software file transfer tool. The system would be down until the security
issue was resolved.
c2 – Integrity: No breaches in integrity were reported.
c3 – Availability: Availability was affected for 1 day. The company recommended
the individuals to review their online accounts for suspicious activity and to order credit
reports and contact law enforcement.
d. either the proposed
resolution
or, if not available, what I think should be done:
They implemented a workaround solution. They should identify the root cause of the
attack and fix it with utmost priority.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help