ENGR8762 Computer Networks and Cybersecurity
Threat Categories
• Loss of intellectual property
• Software piracy
• Theft of information (hacker)
• Theft of information (employee)
• Web site defacement
• Theft of equipment
• Viruses, worms, Trojan horses
• Elevation of privilege
• Fire/Flood
Answer
Introduction
This report is describing various types of Control programs which should be used in an organisation for effective operation. The main challenge for any organization is to define the correct set of information and personnel security controls, that if get implemented and defined to be effective in their application, mitigate the impact of each found threat. Additionally, for each specified security class, a range of controls are essential for a complete and strong security frame (Legg et al., 2015).
Moreover, the chief factor that will affect the selection of threat controls is a risk-based cost or profit analysis (The Economic Times, 2018). Another factor includes ease of use, compatibility with present controls, and transparency to operators. Thus, controls finding action is an organizational wide exercise, which explains the protection necessities for the diverse classes of info. However data as well as info owners are eventually accountable persons for the accurate working of information security controls (Wall, 2018).
Controlling threats to computer system security of an organization
Type of controls
Three main types express the key goals of operative security implementation:
Physical Controls Security (PCS): control procedures, devices, and ways to control physical entree to a definite system structure
Technical Controls Technology (TCT): control measures to control analytical access to sensitive data
Administrative Controls: control policies, methods, and business processes to describe and guide operator actions as well as restrictions while dealing with sensitive data
Moreover, above control actions can be further categorized into following:
Preventive controls limit the possibility of a threat by preventing intended or unintended and unauthorized exposure of sensitive info.
Detective controls identify and report tried unauthorized attempts by anyone
Corrective controls counter security violation incidents and end harmful happenings or minimize their destruction.
Threat Category |
Control |
Description |
Classification |
Type |
|
Accidental corruption of information |
Online backup through Cloud |
A strategic method of data protection, as data can be stored as well as backed up online |
administrative |
prevent |
|
Repair and Recovering lost files tool |
A data repair tool that can repair corrupt data files and hence recover lost data or metadata like tables, indexes, and keys. For an example: Stellar Phoenix SQL Database Repair |
product |
correct | |
|
Offline backup |
System files can be backed up offline through a local equipment like an external hard-drive (Smith, 2014) |
administrative |
prevent | |
|
Software Assurance |
Ensuring the reliability of developed or externally purchased software help in protecting data from corruption. |
administrative |
prevent | |
|
Backup and restore |
An administrative data backup as well as restore procedure is executed to copy manufacture data pre-emptively for repair purposes in the case of emergency (Taylor, 2018) |
administrative |
correct | |
|
Disaster Recovery/ Business Continuity Planning |
To recover business processes when processes disrupt unexpectedly. Useful for minimizing ?nancial loss, mitigating legal effects of the disruption and maintaining on-going operations. |
administrative |
prevent | |
|
|
Data security using machine learning |
All data requests be it incoming or outgoing are scanned for ensuring their trusted sources |
product |
prevent |
Threat Category |
Control |
Description |
Classification |
Type |
|
Loss of intellectual property (IP) |
Tracking outgoing data tool |
A data loss prevention tool to present and track data leaving the system as well as record its destination for an example Google analytics, and Chartbeat. (Behr & Slater, 2017) |
product |
detect |
|
User profiling tool |
Help in detecting actions that can show an internal threat or an external spell, for an example Global web index, and Tropical. |
product |
detect | |
|
Train employees about IP |
employee awareness as well as training |
administrative |
prevent | |
|
Securing IP physically as well as digitally
|
Lock the places where sensitive info is stored through highly secured passwords (Behr & Slater, 2017) |
administrative |
prevent | |
|
Protect patents, design rights, trademarks, trade secrets , and trade dress |
Digital protection to protect design rights, trade secrets and patents as well as copyrights (Ismail, 2017) |
administrative |
prevent | |
|
Employing an efficient security consultancy to provide support before and after |
Team includes management, legal, IT, business, marketing or PR and other important departments’ professionals (Data resolve, 2018) |
physical |
Correct and prevent |
Threat Category |
Control |
Description |
Classification |
Type |
|
Software piracy
|
Technical measures like tamper-proofing, and obfuscation |
It is software based ways to prevent software piracy |
product |
Prevent |
|
Technical measures like CD-ROM, expansion card and dongle |
It is hardware based ways to prevent software piracy |
physical |
prevent | |
|
Awareness of allowable software licenses |
Compare the software license inventory to company license agreements and remove all illegal software |
administrative |
prevent | |
|
MetaSPD |
Tool to analyse automatic software piracy detection |
product |
detect | |
|
watermarking |
Through this tool, the copyright document can be mined from the program to find the owner of the copyright of the software
|
Product |
correct | |
Threat Category |
Control |
Description |
Classification |
Type |
|
Theft of information (hacker)
|
Authorized downloading |
Download software only from certified, legal and authorized sources |
administrative |
prevent |
|
Adopt confidentiality |
Keep passwords and login info confidential as well as hard to predict |
administrative |
prevent | |
|
Hacking detection Tools and Software |
detect violations, record doubtful activities as well as potential attack tactics and report them to company administrator, example: Suricata and Snort |
Product |
detect | |
|
Crisis communication |
a special wing that deals with the reputation of the organization as well as the individuals |
administrative |
correct | |
|
Preparing prevention and control guide |
Formation of a catalogue of actions to avoid a recurrence of a hacking attack |
administrative |
correct | |
Threat Category |
Control |
Description |
Classification |
Type |
|
Theft of information (employee)
|
Keep smart eye on Employees |
By supervising employees, conducting informal audits, managing inventory |
administrative |
prevent |
|
Restrict entree to computer terminals as well as records |
It controls generation of cash receipts, and installing computer security measures is done |
administrative |
prevent | |
|
Strong post theft action taken by the company |
Identify the theft responsible employee, dismiss their employment and take further legal action (Webroot Smarter Cybersecurity, 2016) |
administrative |
correct | |
|
forensic accountants and investigators |
To legally counsel the employees as well as company management |
physical |
correct | |
|
i-Sight Investigation Software |
Establishing an Anonymous reporting system or hotline to detect employee fraud |
Product |
detect | |
Threat Category |
Control |
Description |
Classification |
Type |
|
Web site defacement |
web site defacement detection tools |
To monitor websites incoming and outgoing data for its better security, Example: SUCURI tool |
Product |
detect |
|
Regular security audits and penetration testing |
evaluating the security of an IT infrastructure, and better protecting the system |
|
| |
|
technical incident response team |
Team include the security manager, web masters or web developers as well as web server team |
physical |
correct | |
|
Defender programs |
Protection against Cross-Site Scripting (XSS) attacks, and SQL injection attacks |
Product |
prevent | |
Threat Category |
Control |
Description |
Classification |
Type |
|
Theft of equipment
|
Identification markings |
Stamping, engraving, etching, use of acid pens and sandblasting on company’s equipment can stop theft. |
physical |
prevent |
|
Physical restraints |
To lock important machines or systems, and laptops through mechanical locking systems |
Physical |
prevent | |
|
immobilisers |
To prevent unauthorized use and moving of any equipment |
Physical |
prevent | |
|
Alarm and tracking systems |
To alert the management regarding theft and determine the position of the theft equipment |
physical |
correct | |
|
Testing as well as certification |
To certify anti-theft systems by independent organizations |
Physical |
detect | |
Threat Category |
Control |
Description |
Classification |
Type |
|
Viruses, worms, Trojan horses
|
Antivirus packages |
running an updated antivirus or antispyware scan |
Product |
Detect and correct |
|
disconnecting network |
Disconnect the network from the infected machine |
administrative |
correct | |
|
surf smart |
Safely surf and cope with links, random files, ads, and other free services on world wide web |
administrative |
prevent | |
|
Technical safeguards |
to manage and control data ?ow amid different trusted networks levels through permitting, denying data, example: firewalls (Scitech Connect Elsevier, 2013) |
product |
Prevent and detect | |
|
Backup and restore |
To restore infected system so that harmful virus, worms can be fully eliminated
|
administrative |
Prevent and correct | |
Threat Category |
Control |
Description |
Classification |
Type |
|
Elevation of privilege
|
thorough family, education and professional screening over all administrators |
In order to confirm that they are greatly trustworthy |
administrative |
Prevent and detect |
|
SID filtering |
Session identifiers filtering to determine the present risk level of the system |
administrative |
prevent | |
|
Elevation of Privilege (EoP) Card Game |
to create easy threat modelling and accessible for company developers and architects |
product |
Prevent and correct | |
Threat Category |
Control |
Description |
Classification |
Type |
|
Fire/Flood |
Fire detection alarms |
They get automatically activated during the fire event |
physical |
Detect |
|
Fire suppression equipment |
To extinguish fire including example: automatic sprinklers. |
physical |
correct | |
|
Fire exits |
Creation of escape exits; with clear of obstructions |
physical |
correct | |
|
Using fire resistant materials |
Improving impassive fire precautions example: fire resistant doors (Scitech Connect Elsevier, 2013) |
physical |
prevent | |
|
Designated personnel |
to control emigration and to co-ordinate with the emergency actions |
Physical |
correct | |
|
Designation of a safe place |
To evacuate company’s people safely (Yeh & Chang, 2007) |
physical |
prevent |
Conclusion
In conclusion, without having threats protection and control system no company can survive in the marketplace. Additionally, the execution of effective controls as well as safeguards is an on-going process, while the efficacy of controls at a particular point of time is the meter of the overall secure information system. In order to react effectually on changing vulnerabilities, business processes and conditions and new technologies, threats controlling schemes are mandatory. Hence, above prevention, detection and compensation programs help to audit, review, and update safeguards and controls on a routine basis for an organization. Information system security controls are the product, technical, administrative, and physical and policy defence tools designed to guard sensitive information. Thus, all organizations should review and re-evaluate its information security controlling programs on a regular basis to define any essential adjustments to any of its modules.
References
Behr, & Slater, , 2017. How to protect intellectual property? 10 tips to keep IP safe. [Online] Available at: https://www.csoonline.com/article/2138380/loss-prevention/how-to-protect-intellectual-property-10-tips-to-keep-ip-safe.html [Accessed 12 October 2018].
Data resolve, 2018. Intellectual Property Theft Solutions. [Online] Available at: https://www.dataresolve.com/intellectual-property-theft.php [Accessed 13 October 2018].
Ismail, N., 2017. 7 nightmare cyber security threats to SMEs and how to secure against them. [Online] Available at: https://www.information-age.com/7-nightmare-cyber-security-threats-smes-secure-123466495/ [Accessed 12 October 2018].
Legg, S.J., Olsen, K.B., Laird, I.S. & Hasle, P., 2015. Managing safety in small and medium enterprises. Safety Science, 71(Part C), pp.189-96.
Scitech Connect Elsevier, 2013. Controls and Safeguards. [Online] Available at: https://scitechconnect.elsevier.com/wp-content/uploads/2013/09/Controls-and-Safeguards.pdf [Accessed 12 October 2018].
Smith, , 2014. What is Data corruption and how to prevent it. [Online] Available at: https://www.makeuseof.com/tag/data-corruption-prevent/ [Accessed 12 October 2018].
Taylor, T., 2018. ALL IS NOT LOST: DEALING WITH DATA CORRUPTION AT YOUR ORGANIZATION. [Online] Available at: https://techgenix.com/dealing-with-data-corruption/ [Accessed 12 October 2018].
The Economic Times, 2018. 5 simple tips to keep your business secure from cyberattacks. [Online] Available at: https://economictimes.indiatimes.com/small-biz/security-tech/security/5-simple-tips-to-keep-your-business-secure-from-cyberattacks/articleshow/64568063.cms [Accessed 12 October 2018].
Wall, E., 2018. Cyber security threats and provisions for SMEs. [Online] Available at: https://www.itproportal.com/features/cyber-security-threats-and-provisions-for-smes/ [Accessed 12 October 2018].
Webroot Smarter Cybersecurity, 2016. File Loss and Data Corruption. [Online] Available at: https://www.webroot.com/ca/en/resources/tips-articles/malware-data-corruption [Accessed 12 October 2018].
Yeh, Q.J. & Chang, A.J.T., 2007. Threats and countermeasures for information system security: A cross-industry study. Information & Management, 44(5), pp.480-91.
Buy ENGR8762 Computer Networks and Cybersecurity Answers Online
Talk to our expert to get the help with ENGR8762 Computer Networks and Cybersecurity Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.
