CYB 200 Assignment 5
pdf
keyboard_arrow_up
School
East Carolina University *
*We aren’t endorsed by this school
Course
3556
Subject
Information Systems
Date
Jan 9, 2024
Type
Pages
10
Uploaded by JusticeBravery2669
1
Ahmed Deptto
5-3 Project Three Milestone: Decision Aid
Professor Franklin
CYB-200 Foundation of Cybersecurity
November 8
th
, 2023
1.
Detection
2
a)
Describe the following best practices or methods for detecting a threat actor.
Awareness - Detecting a threat actor before they can cause harm is crucial. Please let me know if you need any further assistance. One practical approach to mitigate risks is to provide awareness training to staff. Educating employees on possible threats and identifying those responsible can help organizations take proactive measures. Awareness is crucial in maintaining vigilance and recognizing potential threats. Therefore, all employees must comprehend security policies and procedures to ensure company safety. (Musthaler, 2008).
Auditing - Auditing is an excellent way for organizations to assess their cybersecurity policies and procedures. It helps them evaluate their security measures and identify areas needing improvement. Companies can use this process to analyze their operations, detect gaps in regulatory compliance, and enhance their overall performance.
Monitoring - Monitoring software tracks all user actions to detect malicious intent from internal users. Management can monitor and keep records of user actions to track work efficacy.
Testing - Controlled testing assesses the effectiveness of information security measures. This ensures that security measures function properly and identifies and addresses weaknesses.
Sandboxing - An isolated environment that allows safe usage of harmful programs.
Citations:
Musthaler, L. (2008, June 2). 13 best practices for preventing and detecting insider threats | Network World. Network World; www.networkworld.com
.
3
https://www.networkworld.com/article/2280365/13-best-practices-for-preventing-and-detecting-
insider-threats.html
Baybeck, B. P. (2018, October 18). Audits: The Missing Layer in Cybersecurity. Dark Reading;
www.darkreading.com. https://www.darkreading.com/endpoint/audits-the-missing-layer-in-
cybersecurity
Sandboxing Definition. (2016, July 8). Sandboxing Definition; techterms.com.
https://techterms.com/definition/sandboxing
2.
Characterization
a)
Briefly define the following threat actors.
Individuals who are “shoulders surfers” – Criminals can steal personal information by shoulder surfing or observing their victims while using their devices, like laptops, phones, or ATMs.
Individuals who do not follow policy – Attackers often target new and inexperienced employees who need to learn about security regulations and the company's structure.
Individuals using others’ credentials – Unauthorized access refers to using someone else's login credentials, password, or PIN without their permission, putting the user, system, and potentially other systems at risk.
Individuals who tailgate – A tailgater follows someone who enters without permission or escort.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
Individuals who steal assets from company property – If an employee or visitor intentionally takes the company's physical or intellectual property, they are committing theft.
Citations
Fundamentals of Information Systems Security, 3rd Edition. (n.d.). O’Reilly Online Learning; www.oreilly.com
. Retrieved April 29, 2022, from https://www.oreilly.com/library/view/fundamentals-ofinformation/
9781284116465/xhtml/ch03.xhtml
B) Describe the following motivations or desired outcomes of threat actors.
Fraud - Cyberfraud is widely acknowledged as one of the most pervasive and hazardous forms of fraud worldwide. In the 21st century, the internet has increased, and so has the number of cyber criminals constantly searching for new and innovative ways to access unsuspecting victims' personal and financial data. These hackers often use or sell stolen information for identity theft.
Sabotage – Cyber sabotage can be performed through a range of methods, including the manipulation of crucial systems. It can cause severe damage to the targeted entities. It can involve deleting or corrupting data, installing malware, creating system vulnerabilities, or using ransomware. Sabotage can be executed without implementation.
Vandalism – A cyber-attack on a vulnerable website without a clear motive is often done to showcase the hacker's skills.
5
Theft – Data theft is the illegal transfer or storage of personal, financial, or confidential information, including passwords, software code, algorithms, and proprietary technologies. Identity theft and data selling are common uses of stolen information.
Citations:
Google search engine.
4) Identify the company assets that may at risk from a threat from a threat actor for the following types of institutions. (Remember: Each company will react differently in terms of the type of assets it is trying to protect.)
Financial – Given its operations' sensitive and critical nature, the financial sector is a highly targeted area for cybercriminals. Major cyber threats to these institutions include ransomware, phishing, malware, digital fraud, vulnerability exploitation, supply chain issues, and DDoS attacks.
Medical – Cybercriminals often target the healthcare industry with ransomware attacks to extort sensitive data for money. In light of the COVID-19 pandemic, cybercriminal activity surged as attackers sought access to vaccine information to sell on illegal markets.
Educational – Storing Personal Identifiable Information (PII) in schools can result in various cyberattacks, such as data breaches through phishing, ransomware attacks, distributed denial of
6
service (DDoS) attacks, hacktivism through “zoom-bombing,” “meetings invasions,” and email spamming.
Government – The Government Advisory Office (GAO) has identified vulnerabilities in systems that monitor and control sensitive processes and physical functions supporting the nation's critical infrastructures. Malicious individuals can take advantage of these vulnerabilities and similar weaknesses, which can have serious consequences.
Retail – Retailers are at a high risk of cyber-attacks, including ransomware, point-of-sale hacks, and supply chain attacks, due to the sensitive financial and consumer data they handle.
Pharmaceutical – General Cardon identified three fundamental cybersecurity threats facing the pharma and biotech industries:
3.
Nation-state hackers are behind advanced persistent threats (APTs).
4.
Ransomware is typically a criminal activity.
5.
Insider threats refer to individuals who have access to or are authorized to access an organization's sensitive information and systems. These individuals may be aware or unaware of the damage they can cause to the organization.
Entertainment – As the entertainment industry shifts from traditional broadcasting and physical media sales to online content and streaming, the risk of cyberattacks and potential damage increases daily. Familiar threats like stolen credit card credentials and malware coexist with industry-specific risks like pirated movies and hacktivism.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
7
Citations:
Fundamentals of Information Systems Security, 3rd Edition. (n.d.). O’Reilly Online Learning;
www.oreilly.com. Retrieved April 29, 2022, from https://www.oreilly.com/library/view/fundamentals-ofinformation/
9781284116465/xhtml/ch03.xhtml
3. Response
Choose a threat actor from Question 2 to research for the response section of the decision aid:
Threat actor Vandalism
5. Describe three potential strategies or tactics that you would use to respond to and counter the threat actor you chose. (Hint: What are the best practices for reacting to this type of threat actor?)
Strategy 1 Implementing an intrusion detection system and monitoring network traffic for any unauthorized access or suspicious activity is essential. Implementing a policy that mandates solid and complex passwords and requires employees to change them regularly is necessary. This will help to ensure the security of sensitive information and safeguard against potential security breaches. Using password managers and enabling multi-factor authentication (MFA) is highly recommended to enhance your accounts' security.
Strategy 2
8
Create regular backups of critical data on and off-site for quick recovery during cyber-attacks.
Strategy 3
Regularly updating all software, including operating systems, antivirus programs, and firewalls, is essential to ensure that the latest security patches are installed.
Citations:
https://www.attentus.tech/it-services-blog/what-is-cyber-vandalism
6. Describe three potential strategies or tactics that you would employ to reduce the likelihood of a similar threat occurring again. (Hint: What are the best practices for proactively responding to this type of threat actor?)
Strategy 1 Secure any areas related to the breach, lock them up, and change the access codes to ensure they are safe and inaccessible to unauthorized individuals. To ensure a safe resumption of operations, consulting with experts and law enforcement is advisable. Please ensure to take appropriate measures as required.
Strategy 2
To prevent further data loss, it is crucial to mobilize your breach response team quickly. It is essential to have a team specialized in data forensics and to seek advice from legal experts.
9
Strategy 3
To ensure adequate response to a breach, it is recommended to interview individuals who detected the breach, have a communications plan in place, and verify network segmentation.
Citations:
https://www.ftc.gov/business-guidance/resources/data-breach-response-guide-business
7. Explain your reason for determining the threat actor you chose to research. Why are the strategies you identified appropriate for responding to this threat actor? Justify your tactics to proactively and reactively respond to this threat actor.
I researched vandalism, which seems to be a common threat in many workplaces. It is essential to secure and lock all areas to prevent physical damage to equipment. This involves ensuring secure passwords and locking computer screens when not in use. Additionally, implementing intrusion detection systems and monitoring network traffic for signs of unauthorized access or suspicious activity is crucial. It's difficult to predict the extent to which a malicious attacker might resort to vandalism to destroy a company's files and irreplaceable data. That's why it's essential to maintain updated software, including operating systems, antivirus programs, and firewalls, to ensure the latest security patches are in place. This can help to reduce the access options available to the hacker. Creating regular backups of your critical data on and off-site is essential. This practice can help you ensure that your business can quickly recover during a cyber vandalism attack. In such an attack, you should mobilize your breach response team to prevent further data loss. It is
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
10
essential to meet with the data forensics team to identify the exact location of the breach and assess the extent of the damage. In addition, it's necessary to consult with legal counsel to ensure compliance with all policies and procedures. Taking these proactive steps can significantly contribute to a company's long-term success.
Awareness