






Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
In order to guide the IT department in managing the situation and educate upper management and stakeholders on how the system is defended, a course of action table was developed based on the kinds of attacks the organization has been subjected to. This section describes how the security countermeasures protect each of these components: systems, operations, and personnel. uman Services (HHS), 2020)
Typology: Essays (university)
1 / 11
This page cannot be seen from the preview
Don't miss anything!







In order to guide the IT department in managing the situation and educate upper management and stakeholders on how the system is defended, a course of action table was developed based on the kinds of attacks the organization has been subjected to. This section describes how the security countermeasures protect each of these components: systems, operations, and personnel. Education campaigns are designed to educate individuals within an organization about cybersecurity best practices and how to identify and prevent potential threats. For example, an organization may conduct regular training sessions or distribute educational materials to employees to help them recognize phishing emails or use strong passwords (NIST, 2020). Ongoing/specific training: This refers to ongoing training or specific training sessions that are designed to help individuals within an organization understand and identify potential cybersecurity threats and how to prevent them. For example, an organization may conduct training sessions on identifying and preventing phishing attacks or using security software (NIST, 2020). Incident response simulations: These are designed to help organizations practice and prepare to respond to a cybersecurity incident. For example, an organization may conduct a simulated cyber-attack and then have employees practice responding to the simulated attack as if it were real (NIST, 2020). Legal/regulatory requirements: These are laws or regulations that require organizations to implement certain cybersecurity measures. For example, the Health Insurance Portability and Accountability Act (HIPAA) requires organizations that handle protected
Consistent patching: Patching refers to the process of installing updates or fixes to software to address vulnerabilities or bugs. Consistently patching software can help prevent attackers from exploiting those vulnerabilities (NIST, 2020) Firewalls: A firewall is a system that controls the incoming and outgoing network traffic based on predetermined security rules. Firewalls can help prevent unauthorized network access and can be configured to block certain ports or restrict access to them (NIST, 2020). Privileged access oversight : limit admin access, Privileged access refers to the ability to perform tasks or access resources that are not available to regular users. Limiting the number of individuals with privileged access, and carefully controlling and monitoring their actions, can help prevent unauthorized access and misuse of sensitive data. Encryption of all at-risk data: Encryption is the process of encoding data so that someone with the appropriate decryption key can only access it. Encrypting data can help protect it from unauthorized access, especially if it is stored on a device that could be lost or stolen (NIST, 2020). Regular backups and DR testing of the restore process: Backing up data regularly helps ensure that it is available during a disaster or cybersecurity incident. It is also essential to regularly test the restore process to ensure that backups can be successfully restored if needed (NIST, 2020). Pen testing : Pen testing (short for "penetration testing") is the process of simulating a cyber-attack on a system or network to identify vulnerabilities that an attacker could
exploit. Pen testing can help organizations identify and address potential vulnerabilities before attackers can exploit them. (NIST, 2020). Sandboxes: A sandbox is an isolated environment used to test and observe the behavior of potentially malicious software, such as malware, without exposing the rest of the system to risk. Cybersecurity researchers often use sandboxes to analyze the behavior of unknown or untrusted code and understand how it works. Sandboxes can be created using various technologies, such as virtual machines or containers, and can be configured to simulate different operating environments or network configurations. The goal of a sandbox is to provide a safe and controlled environment in which to run and observe the behavior of potentially malicious code without exposing the rest of the system to risk. There are many benefits to using a sandbox for cybersecurity research. Sandboxes allow researchers to safely test unknown or potentially malicious code behavior without exposing the rest of the system to risk. They also provide a convenient way to study the behavior of malware and other types of malicious software, helping researchers to understand how it works and develop effective countermeasures. SIEM (Security Information and Event Management): is a security management system that combines security information management (SIM) and security event management (SEM). It is a tool used by organizations to monitor and analyze security events and log data from various sources, such as network devices, servers, and applications. Such as using Splunk and Data dog tool are essential (TechTarget, 2021). Some of the possible countermeasures that can be implemented using SIEM include:
Network segmentation : is a security technique that involves dividing a network into smaller, isolated segments, or "zones." This can help to improve the security of an organization's network by limiting the spread of malware and other threats, as well as controlling access to sensitive data and systems (TechTarget, 2021). An IDS (Intrusion Detection System) is a security tool that monitors a network or system for malicious activity or policy violations. It analyzes network traffic, system logs, and other data sources to identify potential security threats and alert administrators to potential issues (SANS Institute, n.d.). SYSTEMS IMPACT The security team will spend most of its time researching and analyzing data during the initial phases of an incident, reviewing system logs and traffic data. By conducting these investigative efforts, the team will locate the ingress traffic that raises suspicion and the associated IP address. It will begin taking steps to resolve the issue. Further research into the IP address may need to be conducted to find a motive behind the attack and reconfigure the firewall to address the traffic type and ports used. Ensure that these measures are documented as always to maximize the effectiveness of the countermeasures. In cases of corrupted or compromised system parts, it is common to pull those parts offline for quarantine and analysis. The OS may need to be wiped and reinstalled to eradicate any malware actively residing on a system. Only those parts of the system that require it are offline during this countermeasure, ensuring operations do not suffer. It is also feasible to add a SIEM solution to the system to monitor it more thoroughly and to update or maintain an IDS/IPS. Penetration
testing and other vulnerability scans may be used to evaluate these countermeasures' effectiveness. OPERATIONS IMPACT Maintaining functionality at all times is the goal of operations; backup/secondary servers can save a significant amount of time and system backups. As mentioned in the Course of Action Table, a countermeasure provides a secondary method to continue operations while the investigation is conducted on the initial system or account. It is possible to maintain a position's functionality by providing a replacement workstation and unique credentials for an account that has been compromised. A substitute workstation can also be provided if both workstations have been compromised. Adding accounts, removing unnecessary accounts, and removing accounts that may be abused can also assist in maintaining operations. To reduce the negative impacts on organizational operations, we will develop and implement incident response plans to ensure that we are prepared to quickly and effectively respond to any cyber incidents that may occur. This will involve establishing clear roles and responsibilities for responding to incidents and regular training and drills to ensure that all personnel is familiar with their roles in the incident response process. In addition, we implement several maintenance-related countermeasures that impact operations, such as patch cycles and system updates, carrying out regular inventory assessments, and encrypting stored data as required. It's critical for financial institutions handling sensitive customer data to maintain compliance with industry standards. PERSONNEL IMPACT
National Institute of Standards and Technology (NIST). (2020). Cybersecurity framework: Overview. Retrieved from https://www.nist.gov/cybersecurity-framework/overview U.S. Department of Health and Human Services (HHS). (2020). HIPAA for professionals: Security rule. Retrieved from https://www.hhs.gov/hipaa/for-professionals/security/index.html. Kaspersky Lab. (n.d.). What is a Sandbox? Retrieved from https://usa.kaspersky.com/resource- center/definitions/sandbox. SANS Institute. (n.d.). Security Information and Event Management (SIEM). Retrieved from https://www.sans.org/security-resources/idfaq/security-information-and-event-management- siem/.
Federal Emergency Management Agency. (n.d.). Business Continuity and Disaster Recovery. Retrieved from https://www.fema.gov/business-continuity-disaster-recovery. TechTarget. (2021). Network segmentation. Retrieved from https://searchnetworking.techtarget.com/definition/network-segmentation. TechTarget. (2021). Security Information and Event Management (SIEM). Retrieved from https://searchsecurity.techtarget.com/definition/Security-Information-and-Event-Management- SIEM. SANS Institute. (n.d.). Intrusion Detection Systems (IDS). Retrieved from https://www.sans.org/security-resources/idfaq/intrusion-detection-systems-ids/