Cyber Security Assignment: Mitigation Plan for Threat Report
Task: Context: Cyber security help organizations to mitigate threats/risks, reduce financial loss and safety violations, decrease unethical behaviour, improve customer satisfaction, and increase efficiency, as well as to maintain these improved results. Threats can be resolved by Risk Acceptance (doing nothing), Risk Transference (pass risk to an externality), Risk Avoidance (removing the feature/component that causes the risk) and Risk Mitigation (decrease the risk). This cyber security assignment gives you an opportunity to demonstrate your understanding of cybersecurity and your capability to explain Risk Mitigation strategies for such threats. Mitigations should be chosen according to the appropriate technology and resolution should be decided according to the risk level and cost of mitigation.
For this assessment, you are required to write a 2500 words mitigation plan for threat report based on knowledge you gained about threat types and key factors.
Area of the research on cyber security assignment: Cyber security is one of the useful strategies to stop intruder's attacks from the outside. According to the case scenario, Business and Communication Company has given their significant effort to identify the risk. STRIDE model will be set up in this report for identifying the attacker's profile. It will also develop a plan to maintain the IT resource in the market.
Key concept: A data flow diagram process will be mentioned in this report to develop a cyber security process in threat model analysis. A strategic framework will be introduced here for understanding the risk level of individual threats in this report. Different risk categories will be demonstrated here by providing some resolution of that task.
Reader’s expectation: The reader of this report will get an adequate idea about the cyber trends and cyber threats. It can also secure cyberspace by protecting personal information or important resources within the organization. A perfect mitigation plan will be introduced here by providing the road map and improvement process model. Readers can get adequate idea about the whole mitigation process of cyber crime in Business and communication Insurance Company.
Priorities of the risk: The report will analyze three categories of the cyber security risk. Ransom email will be the first priority to resolve the issue of cyber security threat. The risk category discussed in this report provides a significant idea about the depth of any risk.
Identified the risk categories:
Threats will be defined in the report to improve the negative effect. Threat systems are categorized here into three different formats. The first risk category is threatening via ransom mails. The main motto of the ransom emails or malware is to inject viruses within the system without any prior information about the IT resources (Alves et al., 2021). Business and communication company constantly getting ransom emails from outside of the network. In the present generation, most of the corporate communication happened with the help of ransom mail communication.
E-mail Security gap: Ransom emails constantly help to find out the weakness of different email services. Vulnerabilities or intruders are coming here to identify the gap and reveal this information in front of attackers. Personal information of the company has been leaked with the help of spoofing networks or phishing activity. E-mail service needs to be secure with the help of a strong network security system (Riesco et al., 2020).
Ransomware: E-mail service should be stronger and more encrypted from end to end. The specific behavior of the ransomware must be paid to analyze the process with the help of data encryption. A cybercriminal imitates the CEO by giving random phishing mail to his or her employees (Denning, 2019).
Identification of the threat:
Threat identification is one of the important activities to stop unauthenticated users within the business and communication company. It is also very important to identify the threat portfolio within a particular organization. An effective threat identification process has been made up here with maintaining the system vulnerability. This will also produce a risk management action plan to identify vulnerabilities in the system. Not only that but also developing a significant network layer to modify the data flow process. The main aim of such attackers is to change the overall code. This code will help to sent data into different memory segments (Lykou et al., 2020).
According to the e-forensic investigation report, Logfile creation is one of the processes to make blindfolds for all of the users. This investigation report helps to drive a car while wearing a blindfold service. Logfile helps the attacker to create a significant layer for identifying any attack. The backend team of the business and Insurance Company is getting confused with the company's user. It will view the data flowing gas and modify it to execute the whole system. Log files mainly help the attacker to identify the drawback of different users. Personal information of the company and employees' can easily be broadcast among the competitors in the market (Sornsuwit & Jaiyen, 2019).
Applying standard mitigation: In this report few methods have been taken to mitigate above mentioned risks. Those standard methods are namely, AV solution, Scanning and filtering tool and backup strategy whose resolution has been discussed below.
Specific resolution in each category:
Resolution for ransom email:
According to the ransom email table, the risk tolerance level is too high than any other cyber threat. Therefore, it is very important to resolve the issue as soon as possible. In this portion, all issues will be resolved by useful technologies.
AV solution: According to the detailed analysis of assessment 2, the Business and Communication insurance company constantly invoke the current antivirus solution. A solid antivirus helps to monitor the individual file and prevent the file from different virus attacks (Luh & Yen, 2020). A solid antivirus system is very important for any organization to restrict the service of different intruders’ within the market (Lees et al., 2018).
Scanning and filtering tool: The scanning tool and filtering tool continuously helps to identify the different ransomware or junk mail before entering any user's account. Therefore, it is very important to install such kind of pre-scanning tool for checking the inbox of different users' regular content scanning, email filtering systems strengthening the first line of defense. The social engineering process helps to stop the junk email to enter in the user's inbox.
Backups strategy: All of the important information or useful information needs to be restored first. This is one of the useful approaches to safe business-critical data and information. Structured, unstructured, and applications are required to be back up for meeting the RPO standard. This can also define the gesture of prioritizing data (Khrustalev & Kostyurin, 2019).
Resolution for identifying the threat:
Threat intelligence: Threat intelligence is one of the useful processes to identify the signature of a previous attack. It must be compared with the existing enterprise data to identify different threat processes. It can also provide information about the previous threat detecting process. Threat intelligence made up a great effect on Security information and event management system.
User behavior analytics:
User behavior analytics helps to provide a baseline understanding of the behavior of the normal employee. This system might be able to provide sufficient information about the employees of the Business and communication insurance company. Not only that but also log on time and places are measured here by the constant security analysis process (Allodi & Massacci, 2017).
Resolution for log files creation:
Log injection or software security attack is mainly processed when data is entered here from undefined or untrusted sources. Therefore, the authentication access needs to be restricted in business and communication insurance companies with the help of a knowledgeable backend IT team. Vulnerable web application, injection of XSS attack should be restricted here. Web application code highly attempts to read different integer values. Corrupted log files are required to remove from the attacker's attack.
Significance of each category:
Ransomware email removal process:
A detailed analysis of the risk level matrix ransomware attack is present in the top position of the timetable. According to the risk tolerance level, the e-mail removal technique is adopted in this section.
1. A few steps need to be incorporated in this section to prevent the attack of ransomware and malware. First step is to make the operating system up to date without entering any vulnerability within the user’s system. Antivirus is very important to download any unknown software within the system. The second thing is an administrative privilege for understanding the work function of different software.
2. Antivirus software is also very helpful to detect any malicious file which can be arrived from the malicious software. Unauthorized applications should be strictly prohibited by this antivirus software system. It will come to the first place within the system.
3. Backup and storage of important files are also very important to get access after the ransomware attacks. The system needs to be saved automatically or frequently for getting back the important information after the damage. Business and communication insurance companies should implement authenticate antivirus and efficient employees to restrict the loss of data or information from the system.
Resolution of identifying different threats:
Regular examination of the IT security system helps to compromise the capacity of this system. This is the main key factor for improving an organization's risk management plan. Business and communication companies should give the priority to system vulnerabilities. A proper risk management process helps to find detailed information about the organization. Regular assessing the type of vulnerability provides sufficient information about the type of security breach. The risk identification table helps to minimize the harmful event. Risk managers and different C-level staff are engaged here to identify new threats in this process. The risk manager of the company should have an adequate idea about the worst scenario so that future risk can be avoid. It can also help to identify the risk. Employees’ feedback can also help to identify the different risks into day to day activity. Insufficient training can place the staff at different risks of injury as a result sufficient information of security threats has come out.
Processing of log file creation:
Log files can create different delivery software and networks for maintaining the traffic. Attackers are mainly creating log files to give a huge impact on the intruder’s attack. Business and communication insurance companies should maintain adequate network activity to restrict the creation of log files.
Corrupted files are the main resource for the hackers to enter into the system and stealing various information of the company. Therefore, it is very much important to stop this process from the root level and restrict the intruders' attack within the system.
The automatic scanning process of the websites or integrated approach of artificial intelligence can diver a useful result for the business and communication insurance company. Hacking or testing is defined as another component by the utilization of different IT specialists provides a significant result into the upcoming future. Log injection can be easily removed with the help of a manual testing process. Union selections of 1, 2,3,4,5 within the URL are directly pointing out towards the SQL injection properties. ?
Recommendation to mitigate the risk:
The figure explains above the techniques to mitigate the threat about the case study. Risk appetite, risk tolerance, risk level has been mentioned before in the point of risk categories. According to that, Researcher has chosencyber security map technique in order to mitigate the risk.
Figure1: Cybersecurity roadmap
According to the detailed analysis of cybercrime, risk appetite, risk tolerance can be removed by a proper risk management plan. Email threats, log file creations, identification of threats such risk is managed in a sequential manner. This is actually defined as a risk management plan which helps to mitigate the risk. Technique also involved the E-mail assessment, firewall security, and cyber security awareness programs that are needed to include in this section to mitigate any risk.
E-mail threatening assessment: Firewall security and antivirus software installation is the main strategy to detect any malware attack in the backend system of the company. A rapid increment of a cyber attack through an e-mail system helps to assess threat assessment. The unidirectional gateway can help to consider the ransomware to enter into the system. Firewall gates way prevent intruders or vulnerabilities to enter the system(Nagurney & Shukla, 2017).
Firewall security is restricting to enter the malicious file within the system. Firewall security helps to give a wide perception of which traffic needs to allow or enter into the device or not. Window and Mac OS have their Firewall security system which is named Windows and MAC OS. The router or bandwidth network of the Business and communication company must install their firewall security system. As a result, It can help in the future to identify authenticate access (Lee et al., 2018). Cyber security awareness program: Cyber security is one of the important strategies to improve the condition of a firewall system. It is also determined as a cost-effective strategy. A quality educational program helps all of the employees within the business and communication insurance company to understand the mechanism of the cyber security process. Cyber security educational programs should be distributed among all of the employees from top to down of the company. Regular training and assessment of the cyber security attack make aware the security infrastructure of the firewall system.
Incidental response program:
Every organization has its plan to mitigate all the risks of cyber threats assessment. The Incident response plan should be tested in a periodical manner. There are few interconnected steps included in this IR response program like plan, policy, process, and procedures. This IR program simulates the data from the grassroots level. All these processes are needed to be incorporated into this system to reduce the negative impact of malware attacks.IR process is given a brief idea about the continuous improvement model (Malomo et al., 2018).
Social engineering attempts: Social engineering is one of the useful events to manipulate a person for getting under advantage. The identity of any person can be leaked easily with the help of the social engineering method. Phishing system mainly helps the attacker to get access all the personal information of the employees within any fixed organization. Therefore, employees of the company should not reply to those emails that may ask for any personal information, sending money back. Corporate companies or renowned organizations have never asked for money or the personal information of any employees.
Recommendation process by including improvement model and roadmap:
The CEO can conduct the risk management plan in this section by implementing above mentioned techniques. It can also help to eradicate cyber attacks in the future within the company. The key issues that are involved in the process along with the road map are explaining the figure to mitigate the threat within the case study.
Figure 2:Continuous improvement model
The roadmap mainly helps to invest in people, processes, and technology by restricting the risk factors within any project (Jardine, 2020).Firewall security is one of the important technology utilized here to accomplish the task.In the time of cyber security crisis few potential scenarios, legal obligation, spoke personare required to develop the communication strategy. Identifying the whole strategy, the company requires at least 69 days of timeline to remove the intruders and restrict unauthorized entry within the organization. In the below section some techniques will be discussed to mitigate the above mentioned risks.
Iterative program strategy: A proper roadmap is not completed with the help of a single-person project. It is determined as an iterative program strategy by maintaining the operation cycle. The plan of the threats needs to be evaluated regularly to understand the organization's priority by providing a regulatory landscape of the system. The process needs to be repeated regularly. After completing the whole process, it is also very important to align the effort with a particular objective.
Inclusive journey: Stakeholders, IT management team, HR, business unit leaders must be engaged in this project for understanding the organization security and objective of the business. A regular discussion with different departments of the business and communication insurance company provides a comprehensive visibility about the security of the company.
Success rate: It is also very important to measure the success of the company by understanding the outcome of any impressive project. Regular communication about the value of the project gives enough idea about the success rate of this organization.
Information of any MNC or corporate sector is determined as one of the assets within any organization. Nowadays cyber threats have become a common issue. The report has illustrated the idea or concept of the cyber security threat by injecting malicious files into the system. Here Business and communication companies introduced the idea of email-threatening assessment, cyber security awareness programs to eradicate the virus from the system software. A well-designed roadmap was made to improve the idea of cyber security threat protection.
Allodi, L., & Massacci, F. (2017). Security events and vulnerability data for cybersecurity risk estimation. Risk Analysis, 37(8), 1606–1627. https://doi.org/10.1111/risa.12864
Alves, F., Bettini Aure?lien, Ferreira, P. M., & Bessani, A. (2021). Processing tweets for cybersecurity threat awareness. Information Systems, 95, 101586–101586. https://doi.org/10.1016/j.is.2020.101586
Denning, D. (2019). Is quantum computing a cybersecurity threat? American Scientist, 107(2), 83–83. https://doi.org/10.1511/2019.107.2.83
Jardine, E. (2020). The case against commercial antivirus software: risk homeostasis and information problems in cybersecurity. Risk Analysis, 40(8), 1571–1588. https://doi.org/10.1111/risa.13534
Khrustalev, E. Y., & Kostyurin, G. A. (2019). Cybersecurity threats: triggers and prevention recommendations. National Interests: Priorities and Security, 15(6), 1185–1194. https://doi.org/10.24891/ni.15.6.1185
Lee, S., Lee, S., Yoo, H., Kwon, S., & Shon, T. (2018). Design and implementation of cybersecurity testbed for industrial IoT systems. Cyber security assignmentThe Journal of Supercomputing : An International Journal of High-Performance Computer Design, Analysis, and Use, 74(9), 4506–4520. https://doi.org/10.1007/s11227-017-2219-z
Lees, M. J., Crawford, M., & Jansen, C. (2018). Towards industrial cybersecurity resilience of multinational corporations. Ifac Papers online, 51(30), 756–761. https://doi.org/10.1016/j.ifacol.2018.11.201
Luh, F., & Yen, Y. (2020). Cybersecurity in science and medicine: threats and challenges. Trends in Biotechnology, 38(8), 825–828. https://doi.org/10.1016/j.tibtech.2020.02.010
Lykou, G., Anagnostopoulou, A., & Gritzalis, D. (2018). Smart airport cybersecurity: threat mitigation and cyber resilience controls. Sensors (Basel, Switzerland), 19(1). https://doi.org/10.3390/s19010019
Malomo, O. O., Rawat, D. B., & Garuba, M. (2018). Next-generation cybersecurity through a blockchain-enabled federated cloud framework.
The Journal of Supercomputing : An International Journal of High-Performance Computer Design, Analysis, and Use, 74(10), 5099–5126. https://doi.org/10.1007/s11227-018-2385-7
Nagurney, A., & Shukla, S. (2017). Multifirm models of cybersecurity investment competition vs. cooperation and network vulnerability. European Journal of Operational Research, 260(2), 588–600. https://doi.org/10.1016/j.ejor.2016.12.034
Riesco, R., Larriva-Novo, X., & Villagra, V. A. (2020). Cybersecurity threat intelligence knowledge exchange based on blockchain: proposal of a new incentive model based on blockchain and smart contracts to foster the cyber threat and risk intelligence exchange of information. Telecommunication Systems, 73(2), 259–288. https://doi.org/10.1007/s11235-019-00613-4
Sornsuwit, P., & Jaiyen, S. (2019). A new hybrid machine learning for cybersecurity threat detection based on adaptive boosting. Applied Artificial Intelligence, 33(5), 462–482. https://doi.org/10.1080/08839514.2019.1582861
Sornsuwit, P., & Jaiyen, S. (2019). Human-as-a-security-sensor for harvesting threat intelligence. Cybersecurity, 2(1), 1–15. https://doi.org/10.1186/s42400-019-0040-0