Today, Cyber Security a Major Concern For Companies

  1. Home
  2. AllAssignmentHelp Samples
  3. Information Technology
  4. Today, Cyber Security a Major Concern For Companies
185 19 14 3517

Requirement

You are required to produce a security report ,highlighting the areas that you determine are vulnerable to the business within the given case study.The report will give an overview of the threats and risks and is to include recommendation as to how the risks can be removed or reduced.As part of this ,a selection of biometric systems are to be given as recommended solutionsb.

Solution

Introduction

Cyber security has become a major concern for companies. The changes that are happening in the cyber community are unbelievable. With the changes, there occur threats that are equally unbelievable. The Internet and cyber world are used by people for their personal gains, and hence they misuse it a lot("Senior executives fail to understand information security risks", 2012). This causes cyber-attacksand increases the rate of cyber-crimes. It is necessary to put cyber security in place if the companies want to protect their valuable assets  both in terms of physical assets like computers, files, etc. and non-physical assets like confidential  information, data, etc. The hackers in this world can be present anywhere without the knowledge of the company, its people or the security persons themselves. They can be your business rivals, neighbors, or anyone who makes use of the loopholes in software and hijacks the system through backdoors. They have the ways by which they gain access to the personal and confidential informationlike credit cards, security pins, passwords, etc. Sometimes the hackers use the computer for attacking other networks too(Nichol, 1999). There are internet scams and frauds too that are very rampant.A very common practice in this is phishing that deceives people for providing their bank details. Another common crime in the cyber world is cyber theft. Criminals steal information from computers, and this causes companies to lose a large amount of money as they suffer huge losses. Virus attacks occur too that slows down the computer and causes the systems to crash. It can come from unsecured websites, programs, etc. There is a computer program that gets installed in the computer automatically and tracks the personal information. This is spyware. It creates huge losses for the users as all the important information is stolen and can cause huge loss of the sum of money and data.

Writing Assignment and completing it on time is not an easy job. If you forget to write your assignment you can take urgent essay help from Allassignmenthelp.com. We are a team of professional assignment writers who are talented enough to deliver a plagiarism-free assignment within the given frame. On our website, the students can get information technology assignment help at a very affordable price.

Case

In this case, the lab in the Octagon building is used for Forensic Computing and tutorials for cyber security. The access to the lab is permitted via a biometric door that is located towards the rear of the lab. There is one more door which is available in case the biometric system fails. The biometric is a stand-alone system which is isolated from the rest of the network. The registration onto the system is carried out off-site at the local security company’s offices. There is a dedicated and isolated network of the lab. Twenty computers are there within a lab, and all of them are connected to the lab network. The internet access is controlled by a lecturer who accesses the central control server and turns the access on or off as per the requirements. Each computer has the required forensic and security software packages and the kit used during tutorials are in the lockable storage.The computers and software’s are regularly updated and are maintained by the technicians on-site. 

Assets within the organization that is vulnerable to attack

  • 1.    Twenty computers

  • 2.    Biometric door

  • 3.    Data in the systems

  • 4.    Internet access

  • 5.    Kit used during  tutorials 

  • 6.    Central server

Analysis of the risk of attack

Types of attacks:

  • 1.    Passive attack- the unencrypted traffic is monitored in this attack and clear text passwords and all the sensitive information is looked at it. Traffic analysis is included in it; unprotected communications are monitored, and it also captures authentic information like passwords. The adversaries are enabled to see the upcoming actions by passive interception of network operations. This attack causes disclosure of all the information and data files to the one who attacks and in this, the consent of user is not involved("Senior executives fail to understand information security risks", 2012). 

  • 2.    Active attack- here the person who come for attacking, tries to bypass or break the secured systems. He makes use of either stealth, viruses, worms or Trojans.  In this attempts are made to circumvent or break the protection featuresso that malicious code can be introduced and information can be stolen or modified. These attacks are generally mounted against the backbone of the network; it exploits information in transit. The result of these attacks is that the data files are disclosed and disseminated, or data is modified(Highland, 1995). 

  • 3.    Distributed attack- this type of attack requires adversary introduce code to software that is distributed later to the other companies and users(Highland, 1995). It causes malicious modification of hardware or software at the factory or during the distribution. Malicious code is introduced by these attacks like a back door to a product so that authorized access to information or system can be gained on a later date. Ks the network. 

  • 4.    Insider attack- in this someone from inside like employee who may be disgruntledattacks the network. It can either be malicious or not be malicious(Nichol, 1999). If it is malicious, then the insiders eavesdrop intentionally, they steal or may damage the information. They also use the information in a fraudulent manner and denies access to other users who are authorized. 

  • 5.    Close-in attack- in this someone attempts to get physically close to network components, data, and systems.  Individuals attain close proximities to systems, networks and facilities if they have to modify, gather or deny access to information.  Social engineering is a type of close-in attack where the attacker compromises the network or system through social interaction with the person via e-mail or phone, and he uses various tricks to get the information from the person.  

  • 6.    Phishing Attack- here, a fake website is created that looks like any famous site like some bank’s website or some insurance company’s website. The hacker tries to trick the user in this by sending an e-mail to him or by using any other tactic so that as so as the user clicks the link sent by him, the user is lead to a fake website. When the user login to that fake website and gives his personal information like usernames, passwords, etc. The hacker records it and then uses it for incorrect purposes("Using big data to reduce security risks", 2012).  

  • 7.    Hijack attack- suppose a session is running between a user and another individual, the hacker in between tries to take over that session and disconnects the communication between the two. The user believes that he is still communication with the original party, but he is not. In this process he sends his private information to the hacker by mistake and the information is incorrectly used by him. He can use it for stealing money, taking confidential information, etc.  

  • 8.    Spoof attack- here the source address of the packet is modified by the hacker. The address or details mentioned on the packet is modified, and it appears to be coming from someone else. This attempt is carried out to bypass the firewall rules.

  • 9.    Buffer overflow- in this, more than expected data is sent to an application. The attacker gains the administrative access to the system in a shell or command prompt.

  • 10.    Exploit attack- a security problem is known by the attacker in an operating system or a piece of software. This exploits the vulnerability of leveraging the knowledge. 

  • 11.    Password attack- the passwords are attempted to be cracked in this that is stored in the network account databases or in a file that is password protected. Password attacks may be of three types. One is a dictionary attack where a word list file is used that contains a list of potential passwords. Another is a brute force attack where the attacker tries all possible combination of characters. 

Identification of risk-

The possible risks to the lab are:

  • 1.    Ransomware: It is a type of malware which has the potential to restrict the access to the lab by infecting biometric systems, access the data in computers or it may target the central server. It is a sophisticated method to risk the security of Lab and its data. The variants of ransomware can manage to evade the security software that is installed in systems, and it can specifically target the endpoints which are subscribed to cloud-based storage solutions like Google Drive, Dropbox, etc. If it infects the end point, then it can exploit the stored credentials and can infect all the backed up cloud storage data. Hence, biometric can stop working, and tutorial data can be stolen. When ransomware attacks, the data is encrypted and backed up data cannot be restored. 

  • 2.    Internet of things: The devices in the Lab are interconnected. The number of connected devices is potential risk to the Lab. Like data is linked to the internet, biometric may be linked to the systems, etc. The risk of security increases when the connections increase(McGraw, 2002). When the problem in any one node occurs, everything else is affected. For example, the internet is attacked by a virus, so data is difficult to obtain, or if the central server is affected, all biometrics stops working, data can't be reached, the internet is disrupted, etc.

  • 3.    Cyber-espionage: This a powerful weapon to hinder the successful running of the lab. The money and assets can be stolen, and normal functioning can be disrupted. With this, there is a risk that the biometric doors can be opened, and all the assets in thelab can be stolen or disrupted("Senior executives fail to understand information security risks", 2012).

  • 4.    Cyber theft: The lab uses tutorials, and it takes money for that. Also. For other services too, the lab charges some money and all the payment information may be kept by the lab at one place including its bank details, etc. The financial information of lab is at risk too. Secure payments can be affected by cyber criminals(Nichol, 1999). 

  • 5.    The passwords: of the lab are at risk too. The biometrics can be cracked, and anyone can enter the lab. Also, the kit used for tutorials can be stolen by rivals, and they can use that data for their growth. If the hacker is able to crack the biometric, then he can steal all computers too, which is abig risk. Earlier people did not have means to crack the password but now the mechanisms for recovering the passwords are flawed in themselves, and anyone can easily know the passwords.

  • 6.    Human factor: The employees of the company have access to all the channels, mediums, and passwords of the lab. They may have some hidden motives that can trigger risky behavior for the lab. When they into the system all day long, they have the potential to hinder the activities of the lab. For example, an employee may steal the important data of lab or the bank details etc. There are several reasons for doing the same like to inflict damage to the lab, for financial gains, out of curiosity or for taking revenge of something, etc. There is a risk that the lab may lose its confidential data, property, reputation, system disruptions, future revenues, customer, etc.

Prioritize the risk

The greatest risk to the lab is ransomware. It can infecting biometric systems, access the data in computers or it may target the central server. If it infects the end point, then it can exploit the stored credentials and can infect all the backed up cloud storage data. Hence, biometric can stop working, and tutorial data can be stolen. When ransomware attacks, the data is encrypted and backed up data cannot be restored. All the major assets of the lab can be infected by it. If biometrics are cracked then, anyone can enter the lab, steal the computers, switch on the computers and can change the passwords, or stela the data in the systems.
Then the second biggest risk is of Cyber-espionage as it can hinder the successful running of a lab. The money and assets can be stolen, and normal functioning can be disrupted. With this, there is a risk that the biometric doors can be opened, and all the assets in the lab can be stolen or disrupted.
The third biggest risk is of the internet of things as if the problem in any one node occurs everything else is affected, and the functioning of the lab will be stopped. 
The fourth biggest risk is of cyber theft as financial information of lab is at risk; secured payments can be affected by cyber criminals.
The fifth biggest risk is the human factor in the lab as the employees of the company have access to all the channels, mediums, and passwords of the lab. They may have some hidden motives that can trigger risky behavior for the lab. When they into the system all day long, they have the potential to hinder the activities of the lab.
The sixth biggest risk is of the passwords of the lab which give access to all important information and data. If they are not secured properly, then they can cause huge losses to the lab.

Security policy

Once the risks are identified and are prioritized, it is necessary to establish a security policy for the lab. The confidential information about the lab like passwords, accessibility means, etc. should be kept secured with the use of a dedicated storage like the file servers and not kept in hard disks that are local. Then an additional layer of defense has to be put in place in the form of file or disk encryption. The access to confidential information should be granted only to authorize people(McGraw, 2002). The users of the data and systems will be authentic in terms of their identity, the passwords they use, etc. All the policies regarding the use of internet, kit, data, biometric will be defined clearly and implemented properly. Wherever necessary, the additional forms of authentication will be considered. The records of the lab will be kept for six months or longer for the potential investigation to take place. All the users of the data, systems, security, biometric, server, etc. will be security vetted in line with the existing policy. All the physical assets of the lab like computer, doors will be monitored time to time so that no unauthorized person can access them. The things where there is a requirement of remote access, there will be a secured access control protocol that will be put in place using the appropriate level of encryptions. All the confidential information like the kit used in tutorials will have multiple copies on the portable devices or media, or there will be hard copies that will be maintained. They will be timely deleted and destroyed when not in use as hard copies are not secured too. A locked cupboard will be bought so that all the copies can be physically secured. Proper procedure to dispose of the confidential information will be followed so that nobody can recover the data. There are media files in the systems which can grant unauthorized access. So procedures will be put in place to remove those media files. Before the clearance or disposal, the data or the files and passwords will require the permission of the owner. Satisfaction of owner will be needed before any confidential information is taken off site. In the case of personal data like in the biometric doors, all the portable devices and media should be encrypted as the loss of this type of data can cause huge damage or distress to employees and people. A lot of communication in lab happens via e-mail. Controls will be implemented to make sure that it is suitably protected from unauthorized use and access. The security policy will make sure that e-mail is sent only to the trusted recipient and owner of the information has granted permission to send the information("Using big data to reduce security risks", 2012). In this policy, the procedures will be put in place to support the use of cryptographic techniques and to make sure that only the authorized personnel have the access to confidential information. Timely risk assessment has to be carried out in the lab so that all the systems and processes stay protected, and all the confidential information gets stored properly. It has to be incorporate as a periodic exercise in the lab. Backup is important to maintain for the safe recovery of all data and password and systems too. All the copies of important information will be taken and will be regularly tested in accordance with the policy regarding backup. A protective marking of documents will be carried out, and they will be marked as ‘confidential' or ‘sensitive' that will depend on the system for classification that the lab will adopt. Proper locking of the lab will be carried out("Using big data to reduce security risks", 2012). Lastly, but most important thing to be done is that anti-viruses and firewalls will be installed in all systems and central servers so that it gets protected from malware, viruses, hackers, etc.

Implementation of defenses

By carrying out the above security policy, the lab can be protected from potential threats of theft, loss of data, information, losses, etc. The lab can grow and function properly if the risk of security is controlled. By following the above-mentioned procedures, the lab can protect its confidential information so there will be no fear of the competitor stealing the important information. The biometric doors will be more secured so no unauthorized person could enter the lab and steal its valuable assets(McGraw, 2002). Also, the central server and internet will be protected by the installation of anti-virus software and firewalls which will ensure continuity in the functioning of the lab and its systems so no work will be hindered by the threat of viruses or other attacks on the cyber security of lab. The kit for tutorials could also be protected, and the lab can carry out its core business without any hindrance and disturbance. The control of all the security of lab will be with authorized people and owner only and whenever required this control will be tightened or loosened as per the wish of those people. 

Place Order For A Top Grade Assignment Now

We have some amazing discount offers running for the students

Place Your Order

Conclusion

The compliance with above policy measures can help the lab in combating the threats to cyber security. It becomes difficult for organization to put in place even the basic safeguards to protect their systems hence it is important for organizations to have a security policy that can give a proper procedure and guidance to the organization and its people about how they can reduce the potential threats to their systems and carry out their operations successfully, without thy unnecessary hindrances. 

References

  • Nichol, S. (1999).Internet security.Computers & Security, 18(4), 339-340. http://dx.doi.org/10.1016/s0167-4048(99)90734-4

  • Senior executives fail to understand information security risks. (2012). Computer Fraud & Security, 2012(3), 3.http://dx.doi.org/10.1016/s1361-3723(12)70048-9

  • Using big data to reduce security risks.(2012). Computer Fraud & Security, 2012(8), 3.http://dx.doi.org/10.1016/s1361-3723(12)70080-5

  • McGraw, G. (2002). Managing software security risks.Computer, 35(3), 99-101. http://dx.doi.org/10.1109/2.993782

  • McGraw, G. (2002). Managing software security risks.Computer, 35(4), 99-101. http://dx.doi.org/10.1109/mc.2002.993782

  • Highland, H. (1995). Internet sniffer attacks. Computers & Security, 14(7), 610.http://dx.doi.org/10.1016/0167-4048(96)81684-1

  • McClure, B. (1998). The firewall behind the firewall.Computers & Security, 17(4), 325.http://dx.doi.org/10.1016/s0167-4048(98)80013-8

  • Xu, D. & Yu, C. (2013).Automatic Discovery of Malware Signature for Anti-Virus Cloud Computing.AMR, 846-847, 1640-1643. http://dx.doi.org/10.4028/www.scientific.net/amr.846-847.1640

  • Governments warn of cyber-security. (2011). Network Security, 2011(11), 1-2. http://dx.doi.org/10.1016/s1353-4858(11)70112-x

  • Cyber-security.(2014). Network Security, 2014(1), 4.http://dx.doi.org/10.1016/s1353-4858(14)70003-0

  • Unger, W. (2011).Cyber Security.Strategie Und Sicherheit, 2011(1). http://dx.doi.org/10.7767/sus.2011.2011.1.189


 

AllAssignmentHelp Logo

Give your grades a boost

Just share your requirements and get customized solutions on time.

  • 1,168,768 Orders
  • 4.9/5 Overall Rating
  • 5,052 Experts
Citation Generator

Best Online Citation Generator Tool

Eliminate writing errors with AllAssignmentHelp

Try Now

Grammar Checker

Instant Grammar Checker

Check Spell & Sentence Correction with AllAssignmentHelp

Try Now

Plagiarism Checker

Plagiarism Detection

Check Your writing for plagiarism and correct grammar.

Try Now

Word Counter

Word Counter

Stay within the word limits of your homework

Try Now

Get Quality Assignment Without Paying Upfront

Hire World's #1 Assignment Help Company

Place Your Order