Haleigh Duguay CYB 200 Project Three Milestone Decision Aid
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
200
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
9
Uploaded by MinisterDuckMaster1030
CYB 200 Project Three Milestone Decision Aid Template
Complete the template by filling in the blank cells provided.
I.
Detection
1. Describe the following best practices or methods for detecting a threat actor.
Awareness
Annual short-form computer based training is the best practice for awareness because they “
…offer a convenient and engaging way to provide employees with the essential security training they need in a format that allows them to complete training in small increments, making it easier to assign within the flow of work with minimal disruption (Your Security Awareness Program Can Do More than You Think: Fulfilling the Promise of “Training for All” | sans Institute, n.d.).”
Auditing
Auditing a computerized environment should be split into two areas; audit of operational computer systems and audit of systems under development. A data-oriented audit would look at processed transactions. Developmental audits can evaluate controls without observing results. In developmental audits, the auditor is ensuring that developmental procedures and standards are being followed (
Ruthberg, Z. G., Fisher, B. T., Perry, W. E., Lainhart IV, J. W., Cox, J. G., Gillen, M., & Hunt, D. B. (1988).
). Operational audits can be riskier because controls can receive actual negative results whereas developmental audits are not producing legitimate transactions.
Monitoring
A management network is a dedicated network to remotely control, monitor, and configure computer nodes in an HPC system. These systems can allow admins to remotely power on/off machines and install/uninstall operating systems. These can only be accessed by authorized system administrators (
Guo, Y., Chandramouli, R., Wofford, L., Gregg, R., Key, G., Clark, A., Hinton, C., Prout, A., Reuther, A., Adamson, R., Warren, A., Bangalore, P., Deumens,
E., & Farkas, C. (2023)
). These can give cybersecurity professionals access to any and all systems on the network from anywhere at anytime.
Testing
Code inspection by experts has been proven to be more successful over automatic testing. “
The presence of human adversaries makes penetration testing more of an art than science in
some areas of testing( Bryce, R., & Kuhn, R. (2014, February)
).” Sandboxing
Public Malware Sandbox Analysis Systems receives online submissions of possibly malicious activity from users and analyses their behavior by executing them in a testing environment. Then, an analysis reports back to the user( Yoshioka, K., Hosobuchi, Y., Orii, T., & Matsumoto,
T. (2010, July 1)
). By isolating the suspicious activity, it can allow cybersecurity professionals to determine intent of the threat and to shut it down without damaging accessibility.
Citations:
Your Security Awareness Program Can Do More Than You Think: Fulfilling the Promise of “Training for All” | SANS Institute. (n.d.). Www.sans.org. Retrieved September 30, 2023, from https://www.sans.org/blog/your-security-awareness-program-can-do-more-than-you-think-fulfilling-the-
promise-of-training-for-all/
Ruthberg, Z. G., Fisher, B. T., Perry, W. E., Lainhart IV, J. W., Cox, J. G., Gillen, M., & Hunt, D. B. (1988). Computer Science and Technology NBS Special Publication 500-153 Guide to Auditing for Controls and Security: A System Development Life Cycle Approach
. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nbsspecialpublication500-153.pdf
Guo, Y., Chandramouli, R., Wofford, L., Gregg, R., Key, G., Clark, A., Hinton, C., Prout, A., Reuther, A., Adamson, R., Warren, A., Bangalore, P., Deumens, E., & Farkas, C. (2023). NIST Special Publication NIST SP 800-223 ipd High-Performance Computing (HPC) Security: Architecture, Threat Analysis, and Security Posture Initial Public Draft. NIST Special Publication NIST SP 800-223 IPD
. https://doi.org/10.6028/NIST.SP.800-223.ipd
Bryce, R., & Kuhn, R. (2014, February). Software Testing [Guest editors’ introduction]. Ieeexplore.ieee.org. https://ieeexplore.ieee.org/document/6756758/citations?tabFilter=papers#citations
Yoshioka, K., Hosobuchi, Y., Orii, T., & Matsumoto, T. (2010, July 1). Vulnerability in Public Malware Sandbox Analysis Systems. IEEE Xplore. https://doi.org/10.1109/SAINT.2010.16
II.
Characterization
2. Briefly define the following threat actors.
Individuals
who are
“shoulder
surfers”
People who are potential attackers that observe other people’s private screens. This can be
done to maliciously gain access to confidential information for misuse (
Abdarabou, Y. 2022
).
Individuals
who do not
follow policy
Employees not following policy can put the organization at risk with easy to guess passwords and negligence when handling data could put it in the wrong hands. Positive attitudes revolving around cybersecurity leads to positive behavior like strong passwords, not writing passwords down, less frustration with authentication procedures, and better overall security (Choong et al., 2015).
Individuals
using others’
credentials
Individuals using others’ credentials can pose as a threat by having unauthorized personnel
gain access to information they should not have access to. This can cause data leaks and could affect the integrity of data.
Individuals
who tailgate
Tailgating is following someone closely with intentions of gaining access to a secure area (
Kim, D., & Solomon, M. G. 2021
)
Individuals
who steal
assets from
company
property
Stealing assets from company property is called embezzlement. This usually occurs when an employee wants financial gain from ideas or physical property within their place of employment.
Citations:
Abdarabou, Y. (2022). Understanding Shoulder Surfer Behavior Using Virtual Reality. Ieeexplore.ieee.org. https://ieeexplore.ieee.org/document/9757404
Choong, Y.-Y., Theofanos, M., Tryfonas, T., & Askoxylakis, I. (2015, August 2). What 4,500+ People Can Tell You: Employees’ Attitudes Toward Organizational Password Policy Do Matter. Csrc.nist.gov; Springer. https://csrc.nist.gov/pubs/conference/2015/08/02/what-4500-people-can-tell-you-employees-
attitudes/final
Kim, D., & Solomon, M. G. (2021). Fundamentals of information systems security. Jones & Bartlett Learning, LLC
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
3. Describe the following motivations or desired outcomes of threat actors.
Fraud
Cyber fraud is the use of technology to commit a crime. Examples include; phishing, malware, ransomware, DdoS attacks, and social engineering scams. There are all done in attempt to deceive systems for financial or personal gain
(mimecast, 2023).
Sabotage
Sabotage includes deliberate actions to harm and organization’s physical or virtual infrastructure
(CISA, 2023). This could be done by a competitor or angry ex-employee or angry current employee that wants to see the organization fail.
Vandalism
Vandalism is deliberate and malicious destruction of property. In the cyber world this usually
targets websites and other tech products, but it can also target individuals or institutions. Threat actors will delete files, take over accounts, and send spam and viruses to achieve vandalism
(
What Is Cyber Vandalism and How to Avoid It
, 2022)
.
Thef
Theft involves stealing money or intellectual property
(CISA, 2023). Theft is done for financial
gain or gain or intellectual property to claim as their own. Intellectual property can also be used for financial gain
Citations:
CISA. (2023). Defining Insider Threats | CISA. Cybersecurity and Infrastructure Security Agency CISA. https://www.cisa.gov/topics/physical-security/insider-threat-mitigation/defining-insider-threats
What is Cyber Vandalism and How to Avoid It. (2022, December 19). IT Companies Network. https://itcompanies.net/blog/cyber-vandalism#:~:text=Cyber%20vandalism%20is%20the%20deliberate
mimecast. (2023). What is Cyber Fraud?
Mimecast. https://www.mimecast.com/content/cyber-fraud/
4. Identify the company assets that may be at risk from a threat actor for the following types of
institutions.
Remember: Each company will react differently in terms of the type of assets it is trying to protect.
Financial
Bank accounts, trading accounts, purchasing accounts, corporate credit cards, and other direct sources of money or credit (
Kim, D., & Solomon, M. G., 2021).
Medical
Social security numbers, birthdays, full names, addresses, phone numbers, or any other personal information that can be used to successfully commit identity theft.
Educational
Tablets, printers, laptops, projectors, transportation, school supplies, and soft assets such as different softwares used for projects and assignments
(
How to Manage the 4 Main Types of Education Assets?
, 2019)
.
Government
Buildings, roads, military equipment, and software(
(
Government Fixed Assets | U.S. Bureau of Economic Analysis (BEA)
, 2023)
)
Retail Cash, cash equivalents, investments, account receivables, inventory, company vehicles
Pharmaceutical
Inventory, computers, pill counters, shelving, reputation, patient data (
What Are Your Pharmacy’s Most Valuable Assets?
, 2021).
Entertainment
Patents, inventions, designs, patterns, copyrights, trademarks, trade names, franchises, licenses, contracts, programs, systems, studies (
Intangible Assets in the Media and Entertainment Industries: In Depth Analysis
, 2014).
Citations:
How to Manage the 4 Main Types Of Education Assets? (2019, May 8). EZO.io. https://ezo.io/ezofficeinventory/blog/education-assets/
Kim, D., & Solomon, M. G. (2021). Fundamentals of information systems security. Jones & Bartlett Learning, LLC
Government Fixed Assets | U.S. Bureau of Economic Analysis (BEA). (2023). Bea.gov. https://www.bea.gov/data/government/fixed-assets#:~:text=Buildings%2C%20roads%2C%20military
%20equipment%2C
What Are Your Pharmacy’s Most Valuable Assets? (2021, January 28). PBA Health. https://www.pbahealth.com/elements/what-are-your-pharmacys-most-valuable-assets-2/
Intangible assets in the media and entertainment industries: In depth analysis. (2014, February 18). ITR. https://www.internationaltaxreview.com/article/2a6a1rtfrvu75mlt86fi8/intangible-assets-in-the-media-
and-entertainment-industries-in-depth-analysis
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
III.
Response
Choose a threat actor from Question 2 to research for the response section of the decision aid:
Threat Actor
Individuals who tailgate
5. Describe three potential strategies or tactics that you would use to respond to and counter the threat
actor you chose.
Hint: What are the best practices for reacting to this type of threat actor?
Strategy 1
Strategy 2
Strategy 3
Wipe all access to stolen devices. Including but not limited to; keycards, hardware, etc.
Investigate – ask bystanders and witnesses what occurred and what the attacker may have gained from receiving the access.
Mandatory employee retraining
on not holding doors open for ANYONE, including coworkers. Retraining on cybersecurity topics that involves tailgating.
Citations:
NA, original thoughts.
6. Describe three potential strategies or tactics that you would employ to reduce the likelihood of a
similar threat occurring again.
Hint: What are the best practices for proactively responding to this type of threat actor?
Strategy 1
Strategy 2
Strategy 3
Employees should have physical keycards with photo identification on them to gain access to locked doors. Keycards should be monitored and deactivated when an employee resigns or is terminated. Keycard access should only be given to those with a business need.
Surveillance cameras are necessary around locked door/areas that require restricted access. This way, the traffic to and from the area can be monitored not only by key swipes, but by security professionals 24/7.
Employees should be trained to never allow coworkers access. It
is important that every single employee that gains access is logged into the system via a card swipe. Violators of this policy will be denied access, suspended, or terminated depending on severity and intent.
Citations:
NA, original thoughts.
7. Explain your reason for determining the threat actor you chose to research. Why are the strategies you
identified appropriate for responding to this threat actor? Justify your tactics to proactively and reactively
respond to this threat actor.
It is especially important to be proactive about cybersecurity threats. For tailgating, it is important that employees are trained to never give their access to anyone else. This includes opening locked doors and lending out their hardware or sharing passwords. With this training, employees should be given keycards or individual passcodes to enter restricted areas. This way, we can identify who is accessing the data, how often, and when. This way, we can identify if there is suspicious activity occurring such as; accessing data beyond work hours, multiple people entering a door with one key swipe, etc.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help