User Account

All Pages

Implement a cyber security program

Assignment Help Other Subject
Reference no: EM131272442 , Length:

Assignment Details

A Case Study in Cyber Security - INDIVIDUAL REPORT

Instructions to Student:

Please note: Work presented in an assessment must be the student's own. Plagiarism is where a student copies work from another source, published or unpublished (including the work of a fellow student) and fails to acknowledge the influence of another's work or to attribute quotes to the author. Plagiarism is an academic offence.

Work presented in an assessment must be your own. Plagiarism is where a student copies work from another source, published or unpublished (including the work of another student) and fails to acknowledge the influence of another's work or to attribute quotes to the author. Plagiarism is an academic offence and the penalty can be serious. The University's policies relating to Plagiarism can be found in the regulations at

https://www.luton.ac.uk/livingandstudying/qa/documents

Assessment Criteria:

Read the following case study and then answer the questions that follow. Be sure to directly relate your answers to the specific details given in the case study. You are asked to produce a written report. It is vital that in the composition of this report, you supplement any arguments you make with appropriate references.

Make sure you provide a full and comprehensive list of references.

CYBER SECURITY CASE STUDY - INDIVIDUAL REPORT

Cyber security is an essential tool for managing risks in today's increasingly dynamic and capable cyber threat landscape. Yet the market for cyber security remains small, and organizations are making only tactical investments in cyber security measures-one of the reasons why there has been an increase in cyber attacks. Evidence suggests that this trend will last for some time to come. However, the anticipation of an increasingly open and mobile enterprise should help refocus the spotlight on strategic investments in areas like cyber security. Cyber security professionals who wish to see cyber security move up in IT's priority queue should take immediate steps such as demanding secure software from suppliers and requiring rigorous acceptance tests for third-party code to help promote cyber security in the long run.

Because cyber security has a significant impact on vulnerability management, one could infer that the spotlight is only shifting to a different perspective and that commitment to cyber security may not have declined in the final analysis. Although viewed as a priority by many cyber security professionals, cyber security has not seen the appropriate commitment level reflected in IT's budget allocation.

For example, data breaches resulting from web application hacking are almost always accomplished through the exploitation of application vulnerabilities like SQL injection or cross-site scripting. If cyber security is not improved at a larger scale, the industry will continue to be plagued with security incidents that result in data breaches or other consequences that are even more disastrous. Changing the attitude toward cyber security, however, would require a culture shift, a shift that places importance on proactive risk management rather than immediate return of Investment (ROI). This shift won't happen overnight. In the meantime, cyber security professionals should follow these recommendations to implement a few immediate measures to effect positive changes:

- Demand software quality and security from suppliers.
- Perform stringent acceptance tests for third-party code.
- Disable default accounts from applications.
- Establish a secure operational environment for applications.
- Implement effective bug-reporting and handling.
- Perform risk assessments underpinned by strict Governance, risk and Compliance frameworks and legislations.

As the buyer side starts to demand secure cyber software, the power balance will start to shift toward more strategic approaches to managing cyber-level risks. Cyber security professionals can encourage this change by engaging in these longer-term initiatives:
- Work toward an industry certification program for secure development practices.
- Implement a cyber security program.
- Continue to drive awareness of the changing cyber threat landscape.

So, in order to improve cyber security, companies and cyber security professionals should work in a concerted fashion to cultivate a culture that values and promotes cyber security. To help usher in such a culture, cyber security professionals should:

- Do their part to promote a cyber security ecosystem.
- Use mobile proliferation as a catalyst for cyber security.

Cybercriminals from China have spent more than six years cautiously working to obtain data from more than 70 government agencies, corporations and non-profit groups. The campaign, named Operation Shady RAT (remote access tool) was discovered by the security firm McAfee.

While most of the targets have removed the malware, the operation persists. The good news: McAfee gained access to a command-and-control server used by the cyber attackers and has been watching, silently. U.S. law enforcement officials are working to shut down the operation. The Chinese government is denying that it sanctioned the cyber attack operation; although, configuration plans for the new DoD F-35 stealth figher were comprised by the cyber attackers. So, with the preceding in mind, the following are five things that came to light:

- Seventy-two (72) organizations were compromised.
- It was just not North America and Europe.
- When the coast was determined to be clear, the cyber attackers struck.
- This was a single operation by a single group (probably the Chinese).
- The only organizations that are exempt from this cyber threat were those that did not have anything valuable or interesting worth stealing, from a national security point of view.

The loss of this data represents a massive economic cyber threat not just to individual companies and industries, but to entire countries that face the prospect of decreased economic growth in a suddenly more competitive landscape; the loss of jobs in industries that lose out to unscrupulous competitors in another part of the world; not to mention, the national security impact of the loss of sensitive intelligence or defense information.

Yet, the public (and often the industry) understanding of this significant national cyber security threat is largely minimal due to the very limited number of voluntary disclosures by victims of intrusion activity compared to the actual number of compromises that take place. With the goal of raising the level of public awareness today, this is not a new cyber attack, and the vast majority of the victims have long since remediated these specific infections. Although, whether most victims realized the seriousness of the intrusion or simply cleaned up the infected machine without further analysis into the data loss remains an open question.
The actual intrusion activity may have begun well before 2006, but that is the earliest evidence that was found for the start of the compromises. The compromises themselves were standard procedure for these types of targeted intrusions: a spear-phishing email containing an exploit is sent to an individual with the right level of access at the company, and the exploit when opened on an unpatched system will trigger a download of the implant malware. That malware will execute and initiate a backdoor communication channel to the web server and interpret the instructions encoded in the hidden comments embedded in the webpage code. This will be quickly followed by live intruders jumping on to the infected machine and proceeding to quickly escalate privileges and move laterally within the organization to establish new persistent footholds via additional compromised machines running implant malware; as well as, targeting for quick exfiltration the key data that the cyber attackers came for. In the end, one very critical question remains unanswered: Why wasn't the Department of Homeland Security (DHS) all over this cyber breach during the last 6 years when "Operation Shady Rat" was alive and well?? After all, isn't DHS supposed to be the security guardians of the cyber world?

If "Operation Shady Rat," wasn't bad enough, hackers are now using outfitted model planes/drones to hack into your wireless system. Built from an old Air Force target drone, the Wireless Aerial Surveillance Platform (WASP) packs a lot of technological power into a flying high-end cyber endurance package.

Assessment Criteria:

General guidance

Quality of ideas, evidence of literature review, demonstration of up to date knowledge, together with appropriate comprehensive referencing is of more importance than the precise length of submission. The ability to critically analyse a case-study and /or setting and ability to apply knowledge so as to identify solutions to potential problem is essential. Length of submission should be 1500 words.

You are required to copy the questions given below and provide the answers in your report ONLY! No need for additional text or reproduction of the case study in your final report.

The dangers of getting the balance right as between security, easy access and reduction of risk in business contexts of use are to be the main focus of your response to the following tasks. All arguments presented are expected to be supported by evidence. You should answer each question in the order given below. Full citations (referencing) are needed for any information sources you identify.

a) Critically discuss long-term initiatives to encourage positive change with regards to assessing security risk and maintain privacy in a corporate environment. What kind of security risk assessment methodologies can be identified for better mapping of the threat landscape? Provide a detailed comparison of these methodologies with clear links to the case study.

Verified Expert

The task is about security risk assessment. it is 750 words task and it is MS-Word Report, In this report, long term initiatives to maintain security and privacy of data and security risk assessment methodologies are discussed in detail. Harvard referencing is done..

Reference no: EM131272442

Questions Cloud

Smokers and the obese need not apply : Almost every organization in the United States recognizes that it's imperative to have healthy employees. Given the significant cost increases in health insurance coverage for employees (see Chapter 12), employers have looked at a number of ways t..
What are the main responsibilities of the president : What are a few of his or her accomplishments and goals? Has the U.S. Representative or U.S. Senator that you chose to discuss worked with or against President Barack Obama on a particular issue during his presidency? Explain your response in detai..
Describe the action of the motor : Describe the action of the motor and how the circuit accomplishes the task. If one were to move the pin from Q12 to Q11 or Q13, what would be the result? Try this and describe your results.
Different forms of motivation : What are different forms of motivation and what will they help you do and when to use each?
Implement a cyber security program : Critically discuss long-term initiatives to encourage positive change with regards to assessing security risk and maintain privacy in a corporate environment. What kind of security risk assessment methodologies can be identified for better mapping..
Discuss challenges faced by leaders in the article : Outline the type of operating budget utilized by the chosen agency, Discuss challenges faced by leaders in the article in working through the budget issues and Summarize how you as a criminal justice leader would work through the specified budgetary ..
Explain brazil intentions and actions : Use the theories of international trade and investment to help explain Brazil's intentions and actions regarding the international information technology sector.
What legal recourse does cc have against national : As Jaiden entered, he slipped and fell in the rainwater that had accumulated on the floor. Michelle, the manager, knew of the weather conditions but had not posted any sign to warn customers of the water hazard. Jaiden injured his back as a resul..
Sale of violent video games to young people : The state of California attempted to ban the sale of violent video games to young people. If the federal government attempted to do the same thing, what provisions of the constitution might allow that regulation?

Reviews

len1272442

11/10/2016 1:55:46 AM

Outstanding/Excellent quality of ideas arguments. Very good grasp of technical aspects such as information security management frameworks, operational security aspects and strong critical analysis. Fully referenced submission. Clear and consistent demonstration of ability to relate arguments to the specifics of the case-study.You are required to copy the questions given below and provide the answers in your report ONLY! No need for additional text or reproduction of the case study in your final report.

Write a Review

Other Subject Questions & Answers

  Professional lying and a professional withholding the truth

I need an explanation for this topic please? There is no moral difference between a professional lying and a professional withholding the truth.

  Identify specific future strategy actions and recommendation

Examine and critically incorporate peer and Faculty Member feedback offered during the Shared Activity to modify and improve your general ecosystem and stakeholder analysis work.

  How were these ideas applied to us foreign policy

Explain Manifest Destiny and American exceptionalism. How were these ideas applied to U.S. foreign policy at the turn of the 20th century? What do you see as the positives and negatives of American Imperialism?

  The chinese exclusion act

The Chinese Exclusion Act:

  Cost-pricing-scheduling and control

Suppose that you have been asked to price an 8-month external project. Direct labor is estimated at $100,000 per month, plus a 100% overhead rate.

  What is the disability being discussed

What types of prejudice and discrimination has the person experienced - be as specific as possible. What impact has this had on the individual? How do your interviewee's experiences parallel or differ from what you have read and discussed about dis..

  Critically discuss the variety of personality measures

Identify and critically discuss the variety of personality measures available to managers. Your response should consider the purpose of this testing from an organisational perspective.

  Write an essay 750-1000 words describing sociological

write an essay 750-1000 words describing sociological forces that have generated the controversy over same-sex

  Describe frances and al leadership styles

Based on the information provided, describe Frances's and Al's leadership styles. What are the important factors that the leaders of Willard and Eastern must consider in order to be effective

  Dexit- a marketing opportunity

Dexit seems likely to appeal to two main groups or end-consumers. First, it should do well among businesses whose employees incur frequent, small ticket expenses. Who is the second likely end consumer?

  Nanotechnology for technology-society and culture course

Research paper on Nanotechnology for a Technology, Society and Culture Course. This only needs to be two pargraphs or less. Examine an emerging technology, as nano-technology, and evaluate its future prospects via cultural and social factors.

  Comparison of the prevalence of hypertension

Create at least two maps that allow a comparison of the prevalence of hypertension/high blood pressure and median family income at the census tract level in Houston, TX

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd