User Account

All Pages

1 potential malicious attacksthree specific potential

Assignment Help Computer Networking
Reference no: EM13375766

1. Potential Malicious Attacks

Three specific potential malicious attacks that could be carried out against the organization network structure could be a passive attack, active attack and a phishing attack. The passive attack would monitor traffic that is unencrypted and look for sensitive information and passwords which are clear text, so that the acquired information can be used for further attacks. This attack would analyze traffic, monitor unprotected communications, decrypt the traffic which is weakly encrypted, and acquire the authentication data such as passwords. The active attack against the organization's network infrastructure would try to break into secure systems (using worms, viruses, etc.) to circumvent the features that protect the network in an attempt to modify or steal information, or introduce malicious code (Shabtai et al, 2012). The phishing attack would create a fake internet web site that would appear similar to a well-known website and send a message or e-mail to try to trick the user to visit the site using a dialog box and record the username and password if user attempts to log on.

2. Potential Impact of Malicious Attacks

Using a passive attack, a hacker could record the authentication data of users (i.e. passwords) and disclose data files or other private information of the user without the user's knowledge or consent. The active attack could result into the dissemination or disclosure of data files or the modification of data. Moreover, the phishing attack could lead to the disclosure of the account information like username and password (Shabtai et al, 2012). Thus, malicious attacks would highly impact the end users of organization's network structure.

3.  Security Controls

In order to protect the organization's network infrastructure from malicious attacks, the organization has to design a safer network. Now days, anyone can attack the network structure just through downloading software from internet. The availability of this software has substantially increased the number of attacks on network structure of organization. The easiest way to protect the organization's network infrastructure is by closing the network completely from the external world. A better and adequately closed network would provide connectivity only to internal employees (Phua, 2013). Moreover, the network should allow the employees to only visit sites related to their job so they do not visit web sites which may harm the organization's network infrastructure.

4. Concerns for Data theft and Data Loss

The three potential concerns for data theft and data loss that may exist in the organization network structure include unauthorized use of applications, misuse of corporate systems, and misuse of passwords (Ouellet, 2012). Most IT professionals believe that the use of unauthorized applications or programs is the main reason behind the data loss incidents in an organization. The use of personal email is an example of such unauthorized use. Social network sites (also banned), are also commonly used within organizations. Other unauthorized applications include instant messaging, online shopping, and online banking applications or web sites. The misuse or sharing of corporate computer systems without authorization or supervision can also lead to data loss or disclosure of the privacy of organization. Additionally, deliberate infiltration of the corporate system by employees to alter settings of the corporate system can lead to data theft or loss (Ouellet, 2012). Some restricted activity includes watching/downloading porn, online gambling, paying bills and downloading music or movies. These actions of internal employees disclose the computer systems to hackers who take advantage through phishing or other methods. The sharing of passwords is another reason behind data loss incidents. Usernames and passwords are provided to each employee so corporate systems are secure and can be monitored, but when employees share their information with others it leaves the company at risk.  A large number of employees engage in these actions, so it is the responsibility of organization to make them employees aware of these potential dangers and enforce compliance to standards. 

5. Potential Impact of Data Loss

There are various types of data involved in organizational operations. These include client data, internal process data, customer accounting data, customer relationship data, marketing materials, and correspondence data. The main potential impact of data loss or data theft is privacy loss. Every organization has its own confidential information, which may include authenticated username or passwords, private marketing strategies, recipes of products, or information about the various stakeholders. The loss of sensitive data can also create a feeling of distrust in the minds of stakeholders and decrease the profitability and reputation of an organization (Ouellet, 2012). The data theft or data loss can also lead the organization to its end as privacy, at times is the only thing that separates the company from its competitors or rival companies.

6. Security Controls

The security controls for preventing the data theft or data loss are similar to that of preventing malicious attacks on an organization's network infrastructure. However the organization can also prevent data loss through adequate management, monitoring and protection standards. Organization have to put forth policies regarding data usage so that end users properly use the network and don't violate the standards which may lead to data loss or data theft. The issue of data loss should not be just considered as a technological issue but also a policy management issue. Employees engage in the unauthorized actions, thus it is the responsibility of organization to make the employees aware of the security issue so that they act accordingly and the privacy of organization is maintained (Phua, 2013). The sensitive or private data within an organization include client data, internal process data, customer accounting data, customer relationship data, marketing materials, and correspondence data. The data usage policies of an organization should be able to address the fundamental issues so that the access of data is authenticated for each employee. The functionalities of end users have to be efficiently managed so that in the situation of data loss, it is reported as soon as possible. The sensitivity of organizational private data is to be properly ensured. The use of private data of organizations is to be correctly monitored so that the organization has visibility upon the same. The organization also has to inspect the network communications properly so that if any violation occurs, they can act accordingly. Effective monitoring refers to the overview of the use of CDs, Pen drives or downloads. Monitoring is necessary as internal employees may also be responsible for data theft and data loss in an organization. Finally the security policies of an organization need to be enforced strictly. The strict enforcement of policies ensures the prevention of the loss of privacy or private data (Phua, 2013). The organization can achieve this by using automatic protection software which safeguards private data or information across the storage systems, networks and endpoints. Moreover, restricting the downloading, moving, accessing, copying, saving and printing of sensitive data can ensure the privacy of organizational data and reduce the cases of data theft or data loss in an organization.

Identifying Potential Risk, Response, and Recovery

A videogame development company recently hired you as an Information Security Engineer. After viewing a growing number of reports detailing malicious activity, the CIO requested that you draft a report in which you identify potential malicious attacks and threats specific to your organization. She asked you to include a brief explanation of each item and the potential impact it could have on the organization.

After reviewing your report, the CIO requests that you develop a follow-up plan detailing a strategy for addressing all risks (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance) identified in Assignment 1. Further, your plan should identify controls (i.e., administrative, preventative, detective, and corrective) that the company will use to mitigate each risk previously identified.

Write a four to five (4-5) page paper in which you:

1. For each of the three or more malicious attacks and / or threats that you identified in Assignment 1, choose a strategy for addressing the associated risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). Explain your rationale.

2. For each of the three or more malicious attacks and / or threats identified in Assignment 1, develop potential controls (i.e., administrative, preventative, detective, and corrective) that the company could use to mitigate each associated risk.

3. Explain in detail why you believe the risk management, control identification, and selection processes are so important, specifically in this organization.

4. Draft a one page Executive Summary that details your strategies and recommendations to the CIO (Note: The Executive Summary is included in the assignment's length requirements).

5. Use at least three (3) quality resources in this assignment (no more than 2-3 years old) from material outside the textbook.

Verified Expert

Reference no: EM13375766

Questions Cloud

1 i give you 1000 you put it in a bank collection 5 : 1 i give you 1000. you put it in a bank collection 5 interest. how much money will you have after 5 years?2 now instead
Suppose a firm has two factories with marginal costs given : suppose a firm has two factories with marginal costs given byfactory 1 mc1 20qfactory 2 mc2 40qthe firm faces a
Two companies company a and company b are deciding whether : two companies company a and company b are deciding whether each should implement a new pricing strategy which may or
As trade blocks continue to develop for example the eu and : as trade blocks continue to develop for example the eu and nafta what will be the impact on american business in terms
1 potential malicious attacksthree specific potential : 1. potential malicious attacksthree specific potential malicious attacks that could be carried out against the
Question 1 a using appropriate data sources to be cited : question 1 a using appropriate data sources to be cited correctly make a reasonably accurate sketch or graph of a
The warehouse company supplies spare parts for its two : the warehouse company supplies spare parts for its two plants plant a and plant b. plant a and plant b do not have any
Question 1 a what are minerals sketch different types of : question 1 a what are minerals? sketch different types of mineral crystal forms and list different types of rock
You must prepare a formal 10-12 page research paper on a : you must prepare a formal 10-12 page research paper on a topic of your choice related to a major air cargo operator or

Reviews

Write a Review

Computer Networking Questions & Answers

  Networking and types of networking

This assignment explains the networking features, different kinds of networks and also how they are arranged.

  National and Global economic environment and ICICI Bank

While working in an economy, it has a separate identity but cannot operate insolently.

  Ssh or openssh server services

Write about SSH or OpenSSH server services discussion questions

  Network simulation

Network simulation on Hierarchical Network Rerouting against wormhole attacks

  Small internet works

Prepare a network simulation

  Solidify the concepts of client/server computing

One-way to solidify the concepts of client/server computing and interprocess communication is to develop the requirements for a computer game which plays "Rock, Paper, Scissors" using these techniques.

  Identify the various costs associated with the deployment

Identify the various costs associated with the deployment, operation and maintenance of a mobile-access system. Identify the benefits to the various categories of user, arising from the addition of a mobile-access facility.

  Describe how the modern view of customer service

Describe how the greater reach of telecommunication networks today affects the security of resources which an organisation provides for its employees and customers.

  Technology in improving the relationship building process

Discuss the role of Technology in improving the relationship building process Do you think that the setting of a PR department may be helpful for the ISP provider? Why?

  Remote access networks and vpns

safekeeping posture of enterprise (venture) wired and wireless LANs (WLANs), steps listed in OWASP, Securing User Services, IPV4 ip address, IPV6 address format, V4 address, VPN, Deploying Voice over IP, Remote Management of Applications and Ser..

  Dns

problems of IPV, DNS server software, TCP SYN attack, Ping of Death, Land attack, Teardrop attack, Smurf attack, Fraggle attack

  Outline the difference between an intranet and an extranet

Outline the difference between an intranet and an extranet A programmer is trying to produce an applet with the display shown in Figure 1 below such that whenever one of the checkboxes is selected the label changes to indicate correctly what has..

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd