Since Many Organizations Adopt Cyber Attacks
Reply for below 4 posts with 75-100 words each
For this final week of discussion, we are asked to examine the broad subject of response. When researching this category, there are two main differences in this approach. According to our text, these categories fall into pre-attack response and post-attack response (Amoroso, 2012). Simply put, these categories distinguish between responses to known attacks and resources configured to collect the necessary information and data to respond, and reactive measures taken against threats that are unknown. The text outlines these as Front end loaded prevention and back end recovery processes (Amoroso, 2012). Each category has its place within the security posture and is usually determined by the amount of resources and capitol an organization has available.
The text continues to discuss the importance of National infrastructure warnings and indicators and how they may differ between the specific needs of each agency and environment (Amoroso, 2012). It is clear from this research that a clear definition between the two categories is essential for securing the Nation’s critical infrastructure. Each scenario is unique, and it is the role of security stakeholders to develop robust, strategic policies and procedures to combat both known and unknown attack vectors (Johnson, 2019). Understanding how to protect and respond to known threats as well as how to identify and categorize unknown threats can make the difference between losing critical assets and successfully deterring attacks. To continue to support the text’s research on incident response teams, research from a journal on incident response team creation, supports the evaluation of how to create the proper incident response team. According to the author Johnson, The computer security incident response teams (C.S.I.R.T.) function is to react in a timely fashion, to intrusions, types of theft, denial of service attacks and many other events that have yet to be to executed or considered against their company (Johnson, 2014). The role of this team is extended to encompass many duties across the organization relating to threats. The team can be called into action in response to a particular threat or during a discovery of an unknown threat. The research continues to outline the following recommendations for successful incident response:
• Provide a comprehensive view of attack methods, vulnerabilities, and the impact of attacks on information systems and networks; provide information on
incidents and vulnerability trends and characteristics
• Build an infrastructure of increasingly competent security professionals who respond quickly to attacks on Internet-connected systems and are able to
protect their systems against security compromises
• Provide methods to evaluate, improve, and maintain the security and survivability of network systems
• Work with vendors to improve the security of as-shipped products
The main theme of this research revolves around defining the proper mission statement and understanding how to communicate effectively (Johnson, 2019.
In respect to the knowledge gained in this chapter as well as the entire course, the research and material provided within this course has equipped me to better understand threats on various levels. Whether I am developing software for the Federal government or working with third party vendors to facilitate development processes, the tools and understanding have helped me to identify areas where there is a need for concern. In respect to National Infrastructure, this course has helped me to understand security policies on a larger platform and how they might affect the Nation as a whole. Throughout my educational career, a main theme that has helped my studies and applies directly to each category of business is knowledge. Learning the concepts and being equipped with the knowledge to understand the major themes has increased my ability to use expanded themes in the real world. I especially enjoyed the topics surrounding the EPA as I work directly for this agency but have not been exposed to the larger security policies surrounding this agency.
In response to the learning platform and discussion board, I believe that the online learning platform is a great way to learn and expand on topics. Diversity is key to understanding difficult subject matter, and the diversity within this course and platform allows for various perspectives that come from all walks of life. The research provided to our posts in the discussion boards allows a topic to be dissected and transformed into detailed subject matter. The only pitfall I see is that you get out of this style of learning what you put in. It takes extra effort to add valid research and expand on the critical subjects discussed throughout the course.
I have enjoyed this course greatly and I thank all members of the class for their participation. I also thank Dr. McFarland for his guidance throughout this course.
Amoroso, E. (2012). Cyber Attacks: Protecting National Infrastructure, STUDENT EDITION. Amsterdam, Netherlands: Elsevier.
Johnson, L. R. (2014). The Security Incident Response Team Members. Computer Incident Response and Forensics Team Management, 37-46. doi:10.1016/b978-1-59749-996-5.00004-2
Johnson, L. R. (2019). Information technology. Security techniques. Information security incident management. doi:10.3403/30268878
Threats and Countermeasures for Cyber-Attack
In the weekly reading, I learned about various means in which one can mitigate threats in the systems in case of a cyber-threat. These processes are essential as they will help me protect my organization’s greatest asset, which is information. When data from the organization is well protected from the outsiders, an organization can conduct its daily business effectively leading to better business performance.
I learned about situational awareness. This a process that will help me able to detect the various threats across my organization systems. Thus, situational awareness will help me in decision making regarding matters of cybersecurity (Rajivan & Cooke, 2017). The procedure would help me achieve better outcomes through prioritizing cybersecurity thus provision of reliable security and performance. For instance, if I am a data analyst in a certain organization, my obligation would be harnessing data from both external and internal systems. I will be able to accomplish this through the use of situational awareness.
Also, I learned about the most common attacks in the organization’s systems. They include illiteracy among my work colleagues in matters related to cybersecurity, phishing, web-based attacks, malicious insiders, viruses, malware among others (Bendovschi, 2015). When search activities are subjected to the organization systems it is likely to be affected leading to poor organizational performance. Thus, the knowledge I gained from the weekly readings will enable me to counter such activities that can lead to my organization’s downfall.
Lastly, I gained knowledge about cybersecurity policies that I can use in the organization to better information and data protection. This includes training the employees in digitalized companies. This ensures that they understand the cybersecurity risks and ways to avoid them.
Bendovschi, A. (2015). Cyber-attacks–trends, patterns, and security countermeasures. Procedia Economics and Finance, 28, 24-31.
Rajivan, P., & Cooke, N. (2017). Impact of team collaboration on cybersecurity situational awareness. In Theory and Models for Cyber Situation Awareness (pp. 203-226). Springer, Cham.
It is very difficult for organizations to plan effectively and to understand the type of responsiveness to cybersecurity incidents they need or the level of support they need. Since many organizations adopt different perspectives in practice, there is no common understanding of what a cybersecurity incident is, with a wide variety of interpretations without a common definition. This increases both the efficiency and effectiveness of your efforts to respond to incidents while avoiding common mistakes; because it can dramatically increase the negative impact of an incident because companies face many pitfalls that help them manage a cybersecurity incident. Each incident is unique and complex to provide comprehensive advice on response and recovery; while these tricks and high-level practices can help manage a crisis. It significantly reduces the impact of a major cybersecurity incident about your business and deters opportunistic threats and slow down determined opponents; when the preparation and execution of a well-planned response, the operational cost of an attacker may increase. Administrative access to enterprise computer systems is compromised by the management of a major incident of cybersecurity for organizations that integrate the plans/recovery after exercise existing disaster; because an incident can range from a minor impact to a major incident that affects the confidentiality, integrity, or availability of the organization’s information resources and assets. When the CISO and CTO are informed, the response plan to incidents of violation of privacy is activated, as indicated by the details of the potential violation; it conducts a preliminary analysis of the facts and assesses the situation to determine the nature of the incident (info.microsoft.com, 2019).
Fraud or identity theft for a customer or an employee of our organization can result in harm or inconvenience to the person; because that incident response plan describes the steps that our organization will undertake during the discovery of unauthorized access to personal information about an individual. It provided that personal information would not be used or subject to subsequent unauthorized disclosure of data; because the personal information provided by an employee or agent of our company for commercial purposes does not constitute a violation. An incident demands IT service desk applications to enable incident response plans in case of an alleged violation of privacy; because in case of breach of confidentiality affecting the personal information of an employee who has been activated for a data breach of an individual. All organizations should consider using the services of one or more third-party providers specialized in responding to cybersecurity incidents for at least some activities; because, in the current design of the network, there may be an unmanageable amount of attacking surface when it comes to virtually managing a sophisticated cybersecurity attack. This has a significant impact on the company’s business with a growing number of cybersecurity incidents occurring regularly; because organizations of all types are struggling to effectively manage cybersecurity incidents (media.kasperskycontenthub.com, 2019).
info.microsoft.com. (2019). INCIDENT RESPONSE REFERENCE GUIDE. Retrieved from, https://info.microsoft.com/rs/157-GQE-382/images/EN-US-CNTNT-emergency-doc-digital.pdf
media.kasperskycontenthub.com. (2019). Incident Response Guide. Retrieved from, https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07171449/Incident_Response_Guide_eng.pdf
Emerging threats and countermeasures short semester help me to learn about various advanced threats and vulnerabilities in this cyber world. I had exposed to different cybersecurity measures to be taken in this course study.
Confidentiality, Integrity, Availability, and Accountability are the standard security attributes of emerging threats and vulnerabilities caused in Information technology and critical infrastructures. Confidentiality refers to restriction towards confidential information of organizations. Integrity ensures valid data and can be accessed or modified through authorization. Availability refers to accessibility all the time to the system and information through cloud technology. Accountability is the monitoring and tracing the activities on the system includes tracking of erased data and denial (Alwakeel, 2019).
I gained much knowledge from the situational awareness class. Internet of things (IoT) the system is becoming a part of every technology which are connected to computer devices and data transfers through the internet. Cyber attacks through IoT networks are increased in various industries in information technology, critical infrastructure, and healthcare industries. Threats identification stages include identifying the threat model, Identifications of possibilities of the attack, Intrusion identification scenario, vulnerability scenario computation, Decision making. Situational awareness should be developed in the individual and employees of the organization. Awareness of the latest threats and protective measures should be known and decision-making capabilities should be developed to mitigate the threats (Park, 2019).
Cyber physical system with IoT increased security for SCADA systems. SCADA is a process of collecting data and monitoring the automation process. Different types of attacks like Man-in-Middle attacks, replay attacks, Denial of service (DoS) attacks are increased on SCADA. Authentication and encryption, ownership, risk management, data integrity and privacy technologies are developed to mitigate cyber-attacks (Sajid, 2016).
Online class discussions help me to learn effectively through participation every week with enough timeline to go through the video classes and participate in discussions. Responding to the others post make me learn more things and comments to my post developed me to write effectively and follow the APA formatting throughout the course.
Alwakeel, A. M., Alnaim, A. K., & Fernandez, E. B. (2019, April). Analysis of threats and countermeasures in NFV use cases. In 2019 IEEE International Systems Conference (SysCon) (pp. 1-6). IEEE.
Park, M., Oh, H., & Lee, K. (2019). Security Risk Measurement for Information Leakage in IoT-Based Smart Homes from a Situational Awareness Perspective. Sensors, 19(9), 2148.
Sajid, A., Abbas, H., & Saleem, K. (2016). Cloud-assisted IoT-based SCADA systems security: A review of the state of the art and future challenges. IEEE Access, 4, 1375-1384.