Discuss long-term initiatives to encourage positive change

Assignment Help Computer Network Security
Reference no: EM131265743 , Length:

A Case Study in Cyber Security

CYBER SECURITY CASE STUDY - INDIVIDUAL REPORT

Cyber security is an essential tool for managing risks in today's increasingly dynamic and capable cyber threat landscape. Yet the market for cyber security remains small, and organizations are making only tactical investments in cyber security measures-one of the reasons why there has been an increase in cyber attacks. Evidence suggests that this trend will last for some time to come. However, the anticipation of an increasingly open and mobile enterprise should help refocus the spotlight on strategic investments in areas like cyber security. Cyber security professionals who wish to see cyber security move up in IT's priority queue should take immediate steps such as demanding secure software from suppliers and requiring rigorous acceptance tests for third-party code to help promote cyber security in the long run.

Because cyber security has a significant impact on vulnerability management, one could infer that the spotlight is only shifting to a different perspective and that commitment to cyber security may not have declined in the final analysis. Although viewed as a priority by many cyber security professionals, cyber security has not seen the appropriate commitment level reflected in IT's budget allocation.

For example, data breaches resulting from web application hacking are almost always accomplished through the exploitation of application vulnerabilities like SQL injection or cross-site scripting. If cyber security is not improved at a larger scale, the industry will continue to be plagued with security incidents that result in data breaches or other consequences that are even more disastrous. Changing the attitude toward cyber security, however, would require a culture shift, a shift that places importance on proactive risk management rather than immediate return of Investment (ROI). This shift won't happen overnight. In the meantime, cyber security professionals should follow these recommendations to implement a few immediate measures to effect positive changes:

- Demand software quality and security from suppliers.
- Perform stringent acceptance tests for third-party code.
- Disable default accounts from applications.
- Establish a secure operational environment for applications.
- Implement effective bug-reporting and handling.
- Perform risk assessments underpinned by strict Governance, risk and Compliance frameworks and legislations.

As the buyer side starts to demand secure cyber software, the power balance will start to shift toward more strategic approaches to managing cyber-level risks. Cyber security professionals can encourage this change by engaging in these longer-term initiatives:
- Work toward an industry certification program for secure development practices.
- Implement a cyber security program.
- Continue to drive awareness of the changing cyber threat landscape.

So, in order to improve cyber security, companies and cyber security professionals should work in a concerted fashion to cultivate a culture that values and promotes cyber security. To help usher in such a culture, cyber security professionals should:

- Do their part to promote a cyber security ecosystem.
- Use mobile proliferation as a catalyst for cyber security.

Cybercriminals from China have spent more than six years cautiously working to obtain data from more than 70 government agencies, corporations and non-profit groups. The campaign, named Operation Shady RAT (remote access tool) was discovered by the security firm McAfee.

While most of the targets have removed the malware, the operation persists. The good news: McAfee gained access to a command-and-control server used by the cyber attackers and has been watching, silently. U.S. law enforcement officials are working to shut down the operation. The Chinese government is denying that it sanctioned the cyber attack operation; although, configuration plans for the new DoD F-35 stealth figher were comprised by the cyber attackers. So, with the preceding in mind, the following are five things that came to light:

- Seventy-two (72) organizations were compromised.
- It was just not North America and Europe.
- When the coast was determined to be clear, the cyber attackers struck.
- This was a single operation by a single group (probably the Chinese).
- The only organizations that are exempt from this cyber threat were those that did not have anything valuable or interesting worth stealing, from a national security point of view.

The loss of this data represents a massive economic cyber threat not just to individual companies and industries, but to entire countries that face the prospect of decreased economic growth in a suddenly more competitive landscape; the loss of jobs in industries that lose out to unscrupulous competitors in another part of the world; not to mention, the national security impact of the loss of sensitive intelligence or defense information.

Yet, the public (and often the industry) understanding of this significant national cyber security threat is largely minimal due to the very limited number of voluntary disclosures by victims of intrusion activity compared to the actual number of compromises that take place. With the goal of raising the level of public awareness today, this is not a new cyber attack, and the vast majority of the victims have long since remediated these specific infections. Although, whether most victims realized the seriousness of the intrusion or simply cleaned up the infected machine without further analysis into the data loss remains an open question.

The actual intrusion activity may have begun well before 2006, but that is the earliest evidence that was found for the start of the compromises. The compromises themselves were standard procedure for these types of targeted intrusions: a spear-phishing email containing an exploit is sent to an individual with the right level of access at the company, and the exploit when opened on an unpatched system will trigger a download of the implant malware. That malware will execute and initiate a backdoor communication channel to the web server and interpret the instructions encoded in the hidden comments embedded in the webpage code. This will be quickly followed by live intruders jumping on to the infected machine and proceeding to quickly escalate privileges and move laterally within the organization to establish new persistent footholds via additional compromised machines running implant malware; as well as, targeting for quick exfiltration the key data that the cyber attackers came for. In the end, one very critical question remains unanswered: Why wasn't the Department of Homeland Security (DHS) all over this cyber breach during the last 6 years when "Operation Shady Rat" was alive and well?? After all, isn't DHS supposed to be the security guardians of the cyber world?

If "Operation Shady Rat," wasn't bad enough, hackers are now using outfitted model planes/drones to hack into your wireless system. Built from an old Air Force target drone, the Wireless Aerial Surveillance Platform (WASP) packs a lot of technological power into a flying high-end cyber endurance package.

General guidance

Quality of ideas, evidence of literature review, demonstration of up to date knowledge, together with appropriate comprehensive referencing is of more importance than the precise length of submission. The ability to critically analyse a case-study and /or setting and ability to apply knowledge so as to identify solutions to potential problem is essential. Length of submission should be 1500 words.

CAUTION
You are required to copy the questions given below and provide the answers in your report ONLY! No need for additional text or reproduction of the case study in your final report.

Further Guidance: [100 marks available/pass mark = 40]

The dangers of getting the balance right as between security, easy access and reduction of risk in business contexts of use are to be the main focus of your response to the following tasks. All arguments presented are expected to be supported by evidence. You should answer each question in the order given below. Full citations (referencing) are needed for any information sources you identify.

a) In order to implement a few immediate measures to effect positive changes, what recommendations should cyber security professionals follow?

Discuss all available frameworks, legislation and regulatory requirements on which information security professionals can base their proposal(s). [750 words]

b) Critically discuss long-term initiatives to encourage positive change with regards to assessing security riskand maintain privacy in a corporate environment.

What kind of security risk assessment methodologies can be identified for better mapping of the threat landscape?Provide a detailed comparison of these methodologies with clear links to the case study. [750 words]

Verified Expert

This task is about security risk assessment methodologies. It is 1500 words task and it is MS- Word Report. In this report, recommendations for cyber security professionals for positive changes in security, security frameworks, legislation and regulatory requirements are discussed. Besides this security risk assessment methodologies for data privacy are also discussed. Harvard referencing is done.

Reference no: EM131265743

Questions Cloud

Contrast the population-based orientation of public health : Public health efforts and those of private medicine complement each other and together serve the spectrum of health service needs of American society. Why, then, has their relationship been sometimes contentious and have they not consistently work..
Multi-attribute evaluation tool using ms excel : Your manager has decided to reduce the number of suppliers for a critical subassembly from three to two. She has asked you to review the three current suppliers (A, B, and C) and to recommend which one to eliminate from the approved suppliers list..
Explain the effects of the transactions on her ratios : Cindy Green, owner of "Gardens for You" has questions regarding financial results of the company. The return on sales ratio is 25% and the gross margin ratio is 65%. She has read that others in this industry have higher ratio's and is concerned that ..
Explain role capitalism plays in corporate decision making : Explain the role capitalism plays in corporate decision making. Discuss if you believe it is possible for a company to cater to both its best interest and that of the consumer conjointly or if one always has to prevail. Justify your response.
Discuss long-term initiatives to encourage positive change : In order to implement a few immediate measures to effect positive changes, what recommendations should cyber security professionals follow -  Critically discuss long-term initiatives to encourage positive change with regards to assessing security ..
Legal aspects of health care administration : A survey of primary-care doctors conducted in 2009 finds that 42% of the 627 respondents believed the patients in their own practice were getting too much care. Just 6% of doctors believed their patients were getting too little care. (The rest tho..
Other costs associated with the machine : On March 1, Zane Company purchased a new stamping machine with a list price of $23,280. Other costs associated with the machine were: transportation costs, $1,270; sales tax paid, $1,680; installation costs, $450; routine maintenance during the first..
Identify motivating factors that prompted that development : Why, in the 1960s, were the health-related programs of Medicare, Medicaid, and Neighborhood Health Centers assigned to non-health federal agencies instead of the Public Health Service? Please provide two (2) examples.
Do you need to find a job within the next thirty days : What are your objectives? Do you need to find a job within the next thirty days, or are you more flexible?- Are there specific job activities that you would like to perform?

Reviews

inf1265743

11/7/2016 8:30:46 AM

In question one; you have define the steps of response incident, legal & compliance which relate to the case study and in second question; you have define a long term security, comprising with different methodologies which relate to data privacy and define the suitable methodology with clear justification ... all you answers should be relate to the case study which is (Shady RAT). Look forward to see your report by tomorrow. Kindly acknowledge you need to brief explain some legal agencies such as DHS, IRS, etc on declaration of breach. No NIST methodology needed in first question. Question 2 long term initiatives are missing Methodologies evaluation has no references. NIST, ISO consider as methodologies which you only mentioned one methodology (NIST). we need to compare methodology with proper reference base of the case study.

inf1265743

11/7/2016 8:28:35 AM

I asked for 2nd questions then DR answered that the methodologies which you going compare should focus on data breaching, data stealing & disclosing the steeled data to outsiders, you should not write methodology which relate to application or hardware or something,etc ... Hence the expert should use only methodologies relate to data breaching, data stealing & disclosing the steeled data to outsiders, And pick the suitable methodology which fit the case study. The methodologies which you need to do comprising are on data privacy methodologies and pick the best among them or suitable with justification of why it's suitable. As promised this report should be delivered by tomorrow. Please i hope you have understood the questions very clearly as they quite not street forward.

inf1265743

11/4/2016 6:00:06 AM

Just want to bring to your attention that the requirement of second question is to explain in breif multi risk methodologies and select the right methodology which suit the case and why its suitable. All your answer should be linked to the case study even when doing the comprising of methodologies need to be link to the case study. Regard the first question, need to talk about process, legal, response or incident response plan as security professional need to be done during then attack or breach of Shady RST, all need to be linked to the case study provided. Look forward to see your report, hopeful it would be as I expected.

inf1265743

11/4/2016 5:59:56 AM

Thank you and i have done the payment. However I please request you to complete it before the deadline so it will give me time to review it and as you mentioned below the Assignment with no plagiarism, and it must contains reference. Last question, what if i'm not happy with the report? Please note: the reviewer does not want any introduction or conclusion. The reviewer expect the answer of the two questions in the Assignment with the total wording of 1400 words. References also must to present. Hence please make sure to not write any or include any introduction or conclusion, he just need the answer of the questions which is relate to the case study. Please make any references to legal, regulatory requirements, or a process which professional security should follow assuming the breaching is taking place and most import is to linked to the case study exclusively. Also the reviewer expeciting to minimizing as much as possible about technical process

len1265743

11/4/2016 5:15:39 AM

The attached case study is about security breach done by a group called Shady RAT. The assignment has two questions what professional security would do during the attack and second question is to compare risk methodology and pick the best which suit the case study. Please note: The answer of both questions should be relate to the case study

len1265743

11/4/2016 5:15:14 AM

Outstanding/Excellent quality of ideas arguments. Very good grasp of technical aspects such as information security management frameworks, operational security aspects and strong critical analysis. Fully referenced submission. Clear and consistent demonstration of ability to relate arguments to the specifics of the case-study.Read the following case study and then answer the questions that follow. Be sure to directly relate your answers to the specific details given in the case study. You are asked to produce a written report. It is vital that in the composition of this report, you supplement any arguments you make with appropriate references.

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd