User Account

All Pages

1 potential malicious attacksthree specific potential

Assignment Help Computer Networking
Reference no: EM13375766

1. Potential Malicious Attacks

Three specific potential malicious attacks that could be carried out against the organization network structure could be a passive attack, active attack and a phishing attack. The passive attack would monitor traffic that is unencrypted and look for sensitive information and passwords which are clear text, so that the acquired information can be used for further attacks. This attack would analyze traffic, monitor unprotected communications, decrypt the traffic which is weakly encrypted, and acquire the authentication data such as passwords. The active attack against the organization's network infrastructure would try to break into secure systems (using worms, viruses, etc.) to circumvent the features that protect the network in an attempt to modify or steal information, or introduce malicious code (Shabtai et al, 2012). The phishing attack would create a fake internet web site that would appear similar to a well-known website and send a message or e-mail to try to trick the user to visit the site using a dialog box and record the username and password if user attempts to log on.

2. Potential Impact of Malicious Attacks

Using a passive attack, a hacker could record the authentication data of users (i.e. passwords) and disclose data files or other private information of the user without the user's knowledge or consent. The active attack could result into the dissemination or disclosure of data files or the modification of data. Moreover, the phishing attack could lead to the disclosure of the account information like username and password (Shabtai et al, 2012). Thus, malicious attacks would highly impact the end users of organization's network structure.

3.  Security Controls

In order to protect the organization's network infrastructure from malicious attacks, the organization has to design a safer network. Now days, anyone can attack the network structure just through downloading software from internet. The availability of this software has substantially increased the number of attacks on network structure of organization. The easiest way to protect the organization's network infrastructure is by closing the network completely from the external world. A better and adequately closed network would provide connectivity only to internal employees (Phua, 2013). Moreover, the network should allow the employees to only visit sites related to their job so they do not visit web sites which may harm the organization's network infrastructure.

4. Concerns for Data theft and Data Loss

The three potential concerns for data theft and data loss that may exist in the organization network structure include unauthorized use of applications, misuse of corporate systems, and misuse of passwords (Ouellet, 2012). Most IT professionals believe that the use of unauthorized applications or programs is the main reason behind the data loss incidents in an organization. The use of personal email is an example of such unauthorized use. Social network sites (also banned), are also commonly used within organizations. Other unauthorized applications include instant messaging, online shopping, and online banking applications or web sites. The misuse or sharing of corporate computer systems without authorization or supervision can also lead to data loss or disclosure of the privacy of organization. Additionally, deliberate infiltration of the corporate system by employees to alter settings of the corporate system can lead to data theft or loss (Ouellet, 2012). Some restricted activity includes watching/downloading porn, online gambling, paying bills and downloading music or movies. These actions of internal employees disclose the computer systems to hackers who take advantage through phishing or other methods. The sharing of passwords is another reason behind data loss incidents. Usernames and passwords are provided to each employee so corporate systems are secure and can be monitored, but when employees share their information with others it leaves the company at risk.  A large number of employees engage in these actions, so it is the responsibility of organization to make them employees aware of these potential dangers and enforce compliance to standards. 

5. Potential Impact of Data Loss

There are various types of data involved in organizational operations. These include client data, internal process data, customer accounting data, customer relationship data, marketing materials, and correspondence data. The main potential impact of data loss or data theft is privacy loss. Every organization has its own confidential information, which may include authenticated username or passwords, private marketing strategies, recipes of products, or information about the various stakeholders. The loss of sensitive data can also create a feeling of distrust in the minds of stakeholders and decrease the profitability and reputation of an organization (Ouellet, 2012). The data theft or data loss can also lead the organization to its end as privacy, at times is the only thing that separates the company from its competitors or rival companies.

6. Security Controls

The security controls for preventing the data theft or data loss are similar to that of preventing malicious attacks on an organization's network infrastructure. However the organization can also prevent data loss through adequate management, monitoring and protection standards. Organization have to put forth policies regarding data usage so that end users properly use the network and don't violate the standards which may lead to data loss or data theft. The issue of data loss should not be just considered as a technological issue but also a policy management issue. Employees engage in the unauthorized actions, thus it is the responsibility of organization to make the employees aware of the security issue so that they act accordingly and the privacy of organization is maintained (Phua, 2013). The sensitive or private data within an organization include client data, internal process data, customer accounting data, customer relationship data, marketing materials, and correspondence data. The data usage policies of an organization should be able to address the fundamental issues so that the access of data is authenticated for each employee. The functionalities of end users have to be efficiently managed so that in the situation of data loss, it is reported as soon as possible. The sensitivity of organizational private data is to be properly ensured. The use of private data of organizations is to be correctly monitored so that the organization has visibility upon the same. The organization also has to inspect the network communications properly so that if any violation occurs, they can act accordingly. Effective monitoring refers to the overview of the use of CDs, Pen drives or downloads. Monitoring is necessary as internal employees may also be responsible for data theft and data loss in an organization. Finally the security policies of an organization need to be enforced strictly. The strict enforcement of policies ensures the prevention of the loss of privacy or private data (Phua, 2013). The organization can achieve this by using automatic protection software which safeguards private data or information across the storage systems, networks and endpoints. Moreover, restricting the downloading, moving, accessing, copying, saving and printing of sensitive data can ensure the privacy of organizational data and reduce the cases of data theft or data loss in an organization.

Identifying Potential Risk, Response, and Recovery

A videogame development company recently hired you as an Information Security Engineer. After viewing a growing number of reports detailing malicious activity, the CIO requested that you draft a report in which you identify potential malicious attacks and threats specific to your organization. She asked you to include a brief explanation of each item and the potential impact it could have on the organization.

After reviewing your report, the CIO requests that you develop a follow-up plan detailing a strategy for addressing all risks (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance) identified in Assignment 1. Further, your plan should identify controls (i.e., administrative, preventative, detective, and corrective) that the company will use to mitigate each risk previously identified.

Write a four to five (4-5) page paper in which you:

1. For each of the three or more malicious attacks and / or threats that you identified in Assignment 1, choose a strategy for addressing the associated risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). Explain your rationale.

2. For each of the three or more malicious attacks and / or threats identified in Assignment 1, develop potential controls (i.e., administrative, preventative, detective, and corrective) that the company could use to mitigate each associated risk.

3. Explain in detail why you believe the risk management, control identification, and selection processes are so important, specifically in this organization.

4. Draft a one page Executive Summary that details your strategies and recommendations to the CIO (Note: The Executive Summary is included in the assignment's length requirements).

5. Use at least three (3) quality resources in this assignment (no more than 2-3 years old) from material outside the textbook.

Verified Expert

Reference no: EM13375766

Questions Cloud

1 i give you 1000 you put it in a bank collection 5 : 1 i give you 1000. you put it in a bank collection 5 interest. how much money will you have after 5 years?2 now instead
Suppose a firm has two factories with marginal costs given : suppose a firm has two factories with marginal costs given byfactory 1 mc1 20qfactory 2 mc2 40qthe firm faces a
Two companies company a and company b are deciding whether : two companies company a and company b are deciding whether each should implement a new pricing strategy which may or
As trade blocks continue to develop for example the eu and : as trade blocks continue to develop for example the eu and nafta what will be the impact on american business in terms
1 potential malicious attacksthree specific potential : 1. potential malicious attacksthree specific potential malicious attacks that could be carried out against the
Question 1 a using appropriate data sources to be cited : question 1 a using appropriate data sources to be cited correctly make a reasonably accurate sketch or graph of a
The warehouse company supplies spare parts for its two : the warehouse company supplies spare parts for its two plants plant a and plant b. plant a and plant b do not have any
Question 1 a what are minerals sketch different types of : question 1 a what are minerals? sketch different types of mineral crystal forms and list different types of rock
You must prepare a formal 10-12 page research paper on a : you must prepare a formal 10-12 page research paper on a topic of your choice related to a major air cargo operator or

Reviews

Write a Review

Computer Networking Questions & Answers

  Explain data communications and network infrastructure

Explain the data communications and network infrastructure which Dell must put to manage its internal communications and external communications with Intel.

  Explain about backbone networks

Discuss the advantages and disadvantages of each approach and describe an example of a situation where a switched backbone would be preferred.

  What is tcp hijacking and how is it done

What is TCP hijacking and how is it done? What are some defenses against it?

  Identify at least two software change management products

Use the Internet to identify at least two software change management products. Contrast their features and costs.

  Write characteristics of smtp-pop3-tcpprotocols

There is an alphabet soup of protocols in TCP/IP - HTTP,FTP,SMTP,POP3,TCP,UDP,IP,ARP,ICMP, and others. What are the characteristics of these protocols? What are they used for?

  What types of cable work to make connection in front office

Although loading dock is nowhere near shop floor, dock is 1100 feet from front office. What types of cable will work to make this connection? What type would you select and why?

  How long does b takes to acknowledge

Assume that no packet or acknowledgement are dropped. Assume that A sends a packet to C and waits for its acknowledgement to come back from C. How long does it take until A gets that acknowledgement?

  Case study individual report and template of

case study individual report and template of submissiondescription of assignmentstudents will prepare a 4000-4500 word

  Explain workstation to decode each received frame

It takes 56 milliseconds for workstation to decode each received frame and display it on screen. Will this workstation display video stream successfully? Why or why not?

  How mpls of long-haul ethernet to connect two offices

Louisiana, also must be connected to both Memphis and Laramie at a rate of 512 kbps? Which solution is cheaper now? How about considering an MPLS over IP solution or a form of long-haul Ethernet?"

  What is the transmission rate of ethernet lans

List six access technologies. Classify each one as residential access, company access, or wide-area wireless access.

  Determine performance of upgraded processor

If 30% of instructions need one memory access and another 5% need two memory accesses per instruction, determine the performance of upgraded processor with compatible instruction set.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd