




































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Security - Assignment 1 - 1618 - Grade D
Typology: Assignments
1 / 44
This page cannot be seen from the preview
Don't miss anything!





































Qualification BTEC Level 5 HND Diploma in Computing Unit number and title Unit 5: Security Submission date 22/04/2023 Date Received 1st submission Re-submission Date Date Received 2nd submission Student Name Student ID Class Assessor name Ha Trong Thang Student declaration I certify that the assignment submission is entirely my own work and I fully understand the consequences of plagiarism. I understand that making a false declaration is a form of malpractice. Student’s signature Grading grid
Grade: Assessor Signature: Date: Lecturer Signature:
As technology advances along with the use of Internet, the information system between organizations and business complexity also grows dramatically. Furthermore, many businesses require Internet connection to share information, which exposes vulnerabilities and may be attacked by a hacker. Therefore, it is essential to understand which of the company’s resources must be protected and control system access. This assignment will assist junior staff members to understand system security, demonstrate the methods for identifying and evaluating IT security risks, as well as the organizational policies to protect business critical data and equipment. Task 1 - Identify types of security threat to organizations. Give an example of a recently publicized breach and discuss its consequences (P1)
1. Define Threat A threat refers to any activity that has the potential to damage an asset. Information systems are exposed to different types of threats caused by both natural and human factors. For example, flood, earthquake or severe storms are threats caused by nature which require to plan ahead to ensure business operation can keep going and organization can recover. Computer systems are also vulnerable to human-caused threats such as viruses, malicious code, and unauthorized access. They are thread that can cause damage to a system, an application or data which can introduce error and loss of valuable data. These are the threats that can harm an individual, business, or organization. (2018, David Kim) Examples of physical threats include: Natural events (floods, earthquakes, and tornados) Other environmental conditions (extreme temperatures, high humidity, heavy rains, and lightning) Intentional acts of destruction (theft, vandalism, and arson) Unintentionally destructive acts (equipment broken down, overloaded electrical outlets, and bad plumbing) Examples of non-physical threats include: Loss or corruption of system data Disrupt business operations that rely on computer systems Loss of sensitive information Illegal monitoring of activities on computer systems Cyber Security Breaches
While not a cyber-attack, these occurrences can have a similar impact on your ability to conduct business. If you are unable to access your offices, data centers, or files saved in the cloud, you are still experiencing a data disaster, and this must be considered. 2.7 Corporates (competitors, partners) Although it is evident that the potential of a competitor stealing your intellectual property exists, we are increasingly collaborating with numerous partner organizations to bridge skill and resource gaps or to merely offer services. Depending on their intentions, these partner companies might steal or expose your intellectual property or the personal information you are storing.
3. List type of threats that organizations will face A security threat is a malicious act that aims to corrupt or steal data or disrupt an organization’s systems or the entire organization. A security event refers to an occurrence during which company data or its network may have been exposed. And an event that results in a data or network breach is called a security incident. As cybersecurity threats continue to evolve and become more sophisticated, enterprise IT must remain vigilant when it comes to protecting their data and networks. To do that, they first have to understand the types of security threats and potential attacks they’re up against. 3.1 Insider threats An insider threat arises when people affiliated with an organization who are granted permission to access its network unintentionally or intentionally misuse that access to harm the organization’s vital information or systems. Insider threats are created by negligent employees that don’t follow the business norms and regulations of their firms. For instance, individuals might unintentionally click on phishing links in emails, disclose their login information with others, or email consumer data to other parties. Other insider dangers come from vendors, partners in business, and contractors. Some insiders purposefully evade security precautions out of convenience or inane attempts to increase productivity. Malicious insiders purposefully circumvent cybersecurity measures in order to destroy data, steal data to sell or exploit later, disrupt business operations, or do other harm. 3.2 Viruses and worms
Malicious software such as viruses and worms are designed to harm a company’s systems, data, and network. A computer virus is a piece of malicious software that spreads by copying itself onto a host file, system, or other application. It does not propagate until it is intentionally or unintentionally activated, without the knowledge or consent of a user or system administrator. 3.3 Botnets A botnet is a collection of Internet-connected devices, such as PCs, mobile devices, servers, and IoT devices, that are infected with and controlled remotely by a common type of malware. Typically, botnet malware searches the internet for vulnerable devices across the internet. The threat actor who creates a botnet’s goal is to infect as many connected devices as possible, using the computing power and resources of those devices for automated tasks that are generally hidden from the devices’ users. The threat actors who control these botnets, who are often cybercriminals, use them to send email spam, engage in click fraud campaigns, and generate malicious traffic for distributed denial-of-service attacks. 3.4 Drive-by download attacks In a drive-by download attack, malicious code is downloaded from a website without the user’s permission or knowledge using a browser, application, or integrated operating system. A user doesn’t have to click on anything to activate the download. Simply visiting or browsing a website can initiate a download. Drive-by downloads can be used by cybercriminals to inject banking Trojans, steal and collect personal information, and introduce exploit kits or other malware to endpoints. 3.5 Phishing attacks Phishing attacks are a type of information security threat that uses social engineering to trick users into violating normal security practices and disclosing sensitive information such as names, addresses, login credentials, Social Security numbers, credit card information, and other financial information. Most of the
attack kits, and malware toolkits. These toolkits are used by cybercriminals to exploit system vulnerabilities in order to distribute malware or engage in other malicious activities such as stealing corporate data, launching denial-of-service attacks, or constructing botnets. 3.9 Advanced persistent threat attacks A targeted cyberattack in which an unauthorized intruder penetrates a network and remains undetected for an extended period of time is known as an advanced persistent threat (APT). An APT attack’s goal, rather than causing damage to a system or network, is to monitor network activity and steal information to gain access, including exploit kits and malware. APT attacks are typically used by cybercriminals to steal data from high-value targets such as large enterprises and nation-states over a long period of time. 3.10 Malvertising Malvertising is a method by which cybercriminals inject malicious code into legitimate online advertising networks and web pages. Typically, this code directs users to malicious websites or installs malware on their computers or mobile devices. Even if users do not click anything to initiate the download, their machines may become infected. Malvertising can be used by cybercriminals to distribute a variety of money-making malware, such as crypto mining scripts, ransomware, and banking Trojans.
4. What are the recent security breaches? List and give examples with dates? Discuss the consequences of this breach, s uggest solutions to organizations Date Organization Data breach Impact of data breach Solution February 4, 2015 Anthem, Inc.: Blue Cross Blue Shield customer database Criminal hackers had broken into its servers and potentially stolen from servers over 37.5 million records that contain personally identifiable information. 20 days later, the number of victims raise to 78. million people whose personal information was affected. The data breach extended into multiple brands Anthem uses to market its health care plans, including Anthem Blue Cross, Anthem Blue Cross and Blue Shield, Individuals whose data was stolen could have problems resulting from identity theft for the rest of their lives. Anthem had a $ million insurance policy covering cyberattacks from American International Group One.
Blue Cross and Blue Shield of Georgia, Empire Blue Cross and BlueShield, Amerigroup, Caremore, and UniCare. regulators, as well as steps to contain and mitigate the breach. September 15, 2015 Experian Information Solutions, Inc., and T-Mobile USA, Inc.: Database of T-Mobile customers applying for credit Experian discovered that attackers had breached one North American business unit server containing the personal data of about 15 million T-Mobile customers who had applied for credit. T-Mobile shared this information with Experian to process credit checks or provide financing. Social Security and credit card information was compromised. The Internal Revenue Service (IRS) has confirmed that 13,673 U.S. citizens have been victimized through the filing of $65 million in fraudulent individual income tax returns as a result of this data breach. T-Mobile is suffering reputational and financial damage because of the actions of a third-party partner and not its own, notwithstanding the carrier’s choice of business partners.
prevent the transfer of data it finds unsecure. The team will engage in such action if it finds that the data is being used in such a way that puts the company or its employees at risk. Procedure Non-Compliance or Deviation Failure to comply with the password procedures may, at the full discretion of the organization, result in the suspension of any or all technology use and connectivity privileges, disciplinary action, and possibly termination of employment. Anti-Virus Procedure Purpose: This procedure will provide best practices and guidelines as it pertains to the installation and continued support of anti-virus software installed on all devices connected to the organization data network to ensure effective virus detection and prevention exists on all systems. Scope: This procedure applies to all devices that connect to the organization data network. Procedure: All devices connecting to the organization data network that are capable of running a reputable anti-virus software, must have anti-virus software installed and scheduled to scan the system at regular intervals. In addition, the anti-virus software and the virus pattern files must be kept up-to-date. Virus-infected devices must be removed from the network until they are verified as virus-free. The organization system administrators are responsible for creating procedures that ensure anti-virus software is run at regular intervals for company owned devices, and devices are verified as virus-free. Any activities with the intention to create and/or distribute malicious programs in or on the organization data network (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.) are prohibited. Company Owned Devices (Faculty, Staff, and Computer Labs) All company owned devices are required to have a managed anti-virus solution installed. Virus definition updates must be configured to install automatically. The anti-virus software configuration and status may only be changed by IT department personnel. Configuration changes by a system level user (limited user) are prohibited. Removing or disabling the anti-virus software by users other than approved IT department personnel is prohibited. Non- Company Owned Devices (Customers and Visitors)
Email is intended for communication between individuals and clearly designated groups of individuals and should not be used for mass broadcasting or the wide distribution of large attachments. Only authorized users may send email to all faculty and staff. The company may send official correspondence to members of its community via email. Employee, faculty, and staff are expected to check their company email account regularly. Company employees are expected to use their company email account for all company-related communications. User Responsibilities Use electronic mail in a responsible manner consistent with other business communications (e.g., phone, correspondence). Safeguard the integrity, accuracy and confidentiality of company electronic mail. Only use mail accounts assigned to them. Remove mail from their mailbox consistent with company, departmental or electronic mail administrator message retention policies and standards. Unacceptable User Behavior Sending any unsolicited mail or materials that are of a fraudulent, pornographic, defamatory, harassing or threatening nature. Posting materials that violate existing laws or company codes of conduct, are inconsistent with the company mission, or are commercial advertisements or announcements on any electronic bulletin boards. Forwarding any other form of unnecessary mass mailing (such as chain letters) to company or external electronic mail users. Using electronic mail access to unlawfully solicit or exchange copies of copyrighted software. Use Standards Individuals are prohibited from using an electronic mail account assigned to another individual to either send or receive messages. If it is necessary to read another individual’s message forwarding should be requested from the electronic mail administrator. Company electronic mail users are encouraged to use these communications resources to share knowledge and information in furtherance of the company’s missions of instruction, research and public service. Occasional and incidental social communications using electronic mail are not prohibited; however, such messages should be limited and not interfere with an employee’s job function.
Individuals with email ids on company computer systems are prohibited from sending messages which violate existing laws or Company codes of conduct or policies; are inconsistent with the College mission; or are advertisements or announcements for a commercial business. Authorized users should not “rebroadcast” information about significant issues obtained from another individual in respect to that individuals’ reasonable expectation of confidentiality. Authorized users are prohibited from sending, posting or publicly displaying or printing unsolicited mail or materials that is of a fraudulent, defamatory, harassing, abusive, obscene or threatening nature on any company system. The sending of such messages/materials will be handled according to current company codes of conduct, policies and procedures. The company accepts no responsibility for the content of electronic mail received. If an employee receives electronic mail that they consider harassing, threatening or offensive, they should contact for assistance. Task 2.1 - Propose a method to assess and treat IT security risks (M1)
1. Discuss methods required to assess security threats? A cybersecurity risk assessment can be split into many parts, but the five main parts are scoping, risk identification, risk analysis, risk evaluation and documentation. 1.1 Determine the scope of the risk assessment A risk assessment starts by deciding what is in scope of the assessment. It is vital to have the full support of all stakeholders whose activities are within the scope of the assessment as their input will be essential to understanding which assets and processes are the most important, identifying risks, assessing impacts and defining risk tolerance levels. A third-party specializing in risk assessments may be needed to help them through what is a resource-intensive exercise. 1.2 Identify security risks 1.2.1 Identify assets This part primary focus is to identify and create an inventory of all physical and logical assets that are within the scope of the risk assessment. Creating a network architecture diagram from the asset inventory list is a great way to visualize the interconnectivity and communication paths between assets and processes as well as entry points into the network, making the next task of identifying threats easier. 1.2.2 Identify threats Threats are the tactics, techniques, and methods used by threat actors that have the potential to cause harm to an organization’s assets. To help identify potential threats to each asset use a threat library like the MITRE ATT&CK Knowledge Base and resources from the Cyber Threat Alliance, which both provide
It’s important to document all identified risk scenarios in a risk register. This should be regularly reviewed and updated to ensure that management always has an up-to-date account of its cybersecurity risks. It should include: Risk scenario Identification date Existing security controls Current risk level Treatment plan – the planned activities and timeline to bring the risk within an acceptable risk tolerance level along with the commercial justification for the investment Progress status – the status of implementing the treatment plan Residual risk – the risk level after the treatment plan is implemented Risk owner – the individual or group responsible for ensuring that the residual risks remain within the tolerance level A security risk assessment is a large and ongoing undertaking, so time and resources need to be made available if it is going to improve the future security of the organization. As new cyber threats emerge and new systems or activities are implemented, it will need to be repeated. However, if it is done well the first time, it will provide a repeatable process and template for future assessments, decreasing the likelihood that a cyber-attack which will negatively impact business objectives.
2. What is the current weakness or threats of an organization? Unauthenticated protocols: Any computer on the network can send commands to alter the physical process when an ICS protocol does not require authentication. This could lead to faulty process operation, product damage, plant equipment breakdowns, personnel accidents, or environmental deterioration. Weak user authentication: In classic control systems, passwords that are easily detected, saved in easily recoverable formats, and encrypted passwords communicated in text are frequently used for user authentication. Once an attacker has obtained this password, they have complete control over the process. Unknown third-party relationship: Organization may be unaware of the third-party components they employ in their ICS systems, making it harder for them to warn customers of vulnerabilities. As a result, hackers who are aware of this reliance can target software that the industrial business is unaware of. Weak file integrity check: Code signing is a solution for software developers who want to ensure the integrity of their product from the moment it is compiled until the user installs it on their computer or mobile device. Due to the lack of Code Signing, attackers can trick users into giving them permission to replace legitimate files with malicious ones.
Using outdated hardware: Hardware for ICS is built to last for decades. This hardware might not have enough processing power or memory to handle the threat environment created by contemporary network technologies, or it might be too simple to use. Using vulnerable Windows operating systems: Unpatched Microsoft Windows operating systems are widely used in industrial systems, which exposes known vulnerabilities.
3. What tools will you propose to treat IT security risks? One method has been introduced to assess security threats is The Operationally Critical Threat, Asset, and Vulnerability EvaluationSM^ (OCTAVESM) which is a framework for identifying and managing information security risks. It defines a comprehensive evaluation method that allows an organization to identify the information assets that are important to the mission of the organization, the threats to those assets, and the vulnerabilities that may expose those assets to the threats. By putting those together, the organization can understand what information is at risk which will assist in design and implement a protection strategy to reduce the overall risk exposure of its information assets. (1999, Christopher J. Alberts) OCTAVE examines organizational issues and technology issues to assemble a comprehensive picture of the information security needs of an enterprise. It contains the following phases: Phase 1, Build Enterprise-Wide Security Requirements Phase 2, Identify Infrastructure Vulnerabilities Phase 3, Determine Security Risk Management Strategy Each phase of OCTAVE is designed to produce meaningful results for the organization. During phase 1, information assets and their values, threats to those assets, and security needs are identified using standard information catalogs and staff knowledge from multiple organizational levels. For instance, known threat profiles and good organizational and technical practices are used to probe staff members for their knowledge of the organization’s assets, threats, and current protection strategies. This information can then be used to establish the security requirements of the enterprise, which is the goal of the first phase of OCTAVE.