CYB_200_5-3_Emily_DeWitt
docx
keyboard_arrow_up
School
Southern New Hampshire University *
*We aren’t endorsed by this school
Course
200
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
7
Uploaded by ConstableTeamTurtle216
CYB 200 Project Three Milestone Decision Aid Complete the template by filling in the blank cells provided.
I.
Detection
1. Describe the following best practices or methods for detecting a threat actor.
Awareness
Foster a culture of cybersecurity awareness among employees. Regularly educate and train them to recognize phishing attempts, social engineering, and other suspicious activities. Encourage reporting of any unusual incidents promptly.
Auditing
Implement regular system audits to review logs, configurations, and user activities. Analyze audit trails to identify anomalies, unauthorized access, or unusual patterns that may indicate a potential security threat.
Monitoring
Employ continuous network and system monitoring using intrusion detection systems (IDS) and security information and event management (SIEM) solutions. Monitor for unusual traffic, unauthorized access, or deviations from baseline behavior.
Testing
Conduct regular penetration testing and vulnerability assessments to proactively identify weaknesses in the network, applications, and systems. Test the organization's resilience to various cyber threats and address vulnerabilities promptly.
Sandboxing
Implement sandboxing technology to analyze and execute suspicious files or programs in an isolated environment. This allows for the safe observation of potential threats without compromising the organization's core systems.
Citations:
The Benefits of Cybersecurity Awareness Training https://microage.ca/the-benefits-of-cybersecurity-awareness-training/
NIST’s Guide to Cyber Threat
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-150.pdf
II.
Characterization
2. Briefly define the following threat actors.
Individuals
who are
“shoulder
surfers”
"Shoulder surfers" are individuals who engage in unauthorized visual observation of screens, keyboards, or other sensitive information to gather confidential data. They exploit physical proximity to users to gain access to sensitive information without the victim's knowledge.
Individuals
who do not
follow policy
Individuals who do not follow policy are employees or users who knowingly or unknowingly violate established security policies and protocols. This non-compliance can lead to increased vulnerability and potential exploitation of organizational assets.
Individuals
using others’
credentials
Individuals using others' credentials engage in identity theft or unauthorized access by leveraging stolen or compromised login credentials. This threat actor exploits weaknesses in authentication processes to gain access to systems, data, or networks.
Individuals
who tailgate
Tailgaters are unauthorized individuals who gain physical access to secured areas by closely following an authorized person. By exploiting the trust established with the authorized person, tailgaters circumvent physical security controls, posing a potential threat to the organization.
Individuals
who steal
assets from
company
property
Individuals who steal assets from company property are internal or external actors who engage in theft of physical assets, such as equipment, intellectual property, or sensitive documents, from the organization. This type of threat actor poses a direct risk to the organization's tangible and intangible assets.
Citations:
3. Describe the following motivations or desired outcomes of threat actors.
Fraud
Motivated by financial gain, threat actors engaging in fraud aim to deceive or manipulate systems, processes, or individuals to obtain money, assets, or services dishonestly. This may include activities like identity theft, financial fraud, or unauthorized access for monetary purposes.
Sabotage
Threat actors driven by sabotage seek to disrupt or impair the functionality, integrity, or availability of systems, networks, or information. Their goal is to cause harm, chaos, or hinder an organization's operations for various reasons, including revenge, competition, or ideological motives.
Vandalism
Motivated by a desire to deface, damage, or destroy digital or physical assets, threat actors engaging in vandalism aim to leave a visible mark or impact. Vandalism in cyberspace may involve altering data, defacing websites, or disrupting online services to create chaos or convey a message.
Theft
Threat actors motivated by theft aim to unlawfully acquire valuable assets, including intellectual property, sensitive information, or physical objects. The goal is to gain unauthorized access to resources that can be exploited for financial gain, competitive advantage, or other nefarious purposes.
Citations:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4. Identify the company assets that may be at risk from a threat actor for the following types of
institutions.
Remember: Each company will react differently in terms of the type of assets it is trying to protect.
Financial
Medical
Educational
Government
Retail Pharmaceutical
Entertainment
Citations:
III.
Response
Choose a threat actor from Question 2 to research for the response section of the decision aid:
Threat Actor
5. Describe three potential strategies or tactics that you would use to respond to and counter the threat
actor you chose.
Hint: What are the best practices for reacting to this type of threat actor?
Strategy 1
Strategy 2
Strategy 3
Citations:
6. Describe three potential strategies or tactics that you would employ to reduce the likelihood of a
similar threat occurring again.
Hint: What are the best practices for proactively responding to this type of threat actor?
Strategy 1
Strategy 2
Strategy 3
Citations:
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7. Explain your reason for determining the threat actor you chose to research. Why are the strategies you
identified appropriate for responding to this threat actor? Justify your tactics to proactively and reactively
respond to this threat actor.