Investigation into Cyber-Security Countermeasures
Added on 2022-10-01
11 Pages2527 Words237 Views
ASSESSMENT 2: INVESTIGATION INTO CYBER-SECURITY COUNTERMEASURES
(Student’s Name)
(Course Name)
(Tutor’s Name)
(Date)
(Student’s Name)
(Course Name)
(Tutor’s Name)
(Date)
Table of Contents
Introduction......................................................................................................................................2
Identification of threats and vulnerabilities.....................................................................................3
Zero-day vulnerability..................................................................................................................3
Malware type of vulnerability......................................................................................................3
Ransomware vulnerability...........................................................................................................4
Phishing scam vulnerability.........................................................................................................4
Artificial intelligence and machine learning vulnerability..........................................................5
Application of cyber security solutions...........................................................................................5
First line of defense......................................................................................................................5
Zero-day exploit solution.............................................................................................................6
Malware type of vulnerability solution........................................................................................6
Ransomware vulnerability solution.............................................................................................7
Phishing scam vulnerability solution...........................................................................................7
AI/ML vulnerability solution.......................................................................................................7
Assessment and documentation of initial, maintenance and training costs.....................................8
Conclusion.......................................................................................................................................8
Introduction......................................................................................................................................2
Identification of threats and vulnerabilities.....................................................................................3
Zero-day vulnerability..................................................................................................................3
Malware type of vulnerability......................................................................................................3
Ransomware vulnerability...........................................................................................................4
Phishing scam vulnerability.........................................................................................................4
Artificial intelligence and machine learning vulnerability..........................................................5
Application of cyber security solutions...........................................................................................5
First line of defense......................................................................................................................5
Zero-day exploit solution.............................................................................................................6
Malware type of vulnerability solution........................................................................................6
Ransomware vulnerability solution.............................................................................................7
Phishing scam vulnerability solution...........................................................................................7
AI/ML vulnerability solution.......................................................................................................7
Assessment and documentation of initial, maintenance and training costs.....................................8
Conclusion.......................................................................................................................................8
Introduction
Cyber-security is one of the major concerns for Industrial Control Systems (ICS) and
Supervisory Control and Data Acquisition (SCADA). It is the one of the major consideration by
any organization since it has worked its way to the top of any organization agenda. Example
cybercriminals gave managed to steal over 124 million US dollar through the internet in 2016.
Peanut Processing Service (PPS) is a data collection and analysis company located in Western
Australia. The company is used to conduct data analysis and surveys. Most instances, the data
collected by the company is highly confidential. The company collects data through online
website and through paper. The company operates a four-business day turn-around time. This
means that the company cannot afford downtime. Currently the company operates with twelve
people, each of the employees has been issues with windows 10 laptop. At one time one of the
employee laptop crashed which resulted to loss of data which resulted to loss of one of their
valuable customers. In addition to this the company has been facing several data breaches. As a
cyber-security architect this paper will address five cyber security issues and give a
recommendation on how to address these issues.
Identification of threats and vulnerabilities
Security threat or security event is a malicious act which aims at corrupting and stealing
data on organization systems. Cyber threat is driven by an array of vulnerabilities and attacks
which grow constantly both in sophistication and diversity.
PPS company reliance to technology grows day, and so do the need of an improved cyber
security. From the description it evident that there so much which is stored in the twelve
company laptops. By simply gathering data from an online website has left the company
vulnerable to any form of data breach. Second, almost all of the employees are not well-versed in
Cyber-security is one of the major concerns for Industrial Control Systems (ICS) and
Supervisory Control and Data Acquisition (SCADA). It is the one of the major consideration by
any organization since it has worked its way to the top of any organization agenda. Example
cybercriminals gave managed to steal over 124 million US dollar through the internet in 2016.
Peanut Processing Service (PPS) is a data collection and analysis company located in Western
Australia. The company is used to conduct data analysis and surveys. Most instances, the data
collected by the company is highly confidential. The company collects data through online
website and through paper. The company operates a four-business day turn-around time. This
means that the company cannot afford downtime. Currently the company operates with twelve
people, each of the employees has been issues with windows 10 laptop. At one time one of the
employee laptop crashed which resulted to loss of data which resulted to loss of one of their
valuable customers. In addition to this the company has been facing several data breaches. As a
cyber-security architect this paper will address five cyber security issues and give a
recommendation on how to address these issues.
Identification of threats and vulnerabilities
Security threat or security event is a malicious act which aims at corrupting and stealing
data on organization systems. Cyber threat is driven by an array of vulnerabilities and attacks
which grow constantly both in sophistication and diversity.
PPS company reliance to technology grows day, and so do the need of an improved cyber
security. From the description it evident that there so much which is stored in the twelve
company laptops. By simply gathering data from an online website has left the company
vulnerable to any form of data breach. Second, almost all of the employees are not well-versed in
cyber-security and is the reasons as to why the company is facing a lot of data breaches. It is also
important to note that PPS need not to necessary have a technician to ensure that the
organizational data is protected. The company needs only to be have a few changes on their
laptops and have be aware of cyber-security related issues and how an organization can protect
itself from these issues (Ali & Awad, 2018).
Zero-day vulnerability
First is the main vulnerability is zero-day vulnerability. This is a weakness to a hole in a
software which is unknown to a vendor. The security is then exploited by an attacker before a
vendor or an organization becomes aware and hurries to fix it. Zero-day exploit abuses local
privilege escalation weakness in windows platform specifically a NULL pointer, the win32k.sys
component. Once the exploit is analyzed and discovered, it is supposed to be reported to
Microsoft security response. It is important to note that with Zero-vulnerability an attacker is
capable of creating two windows; one for the first stage and the second stage of exploit. For the
first exploit an attacker is capable of creating a popup menu object(Ashok, Hahn, &
Govindarasu, 2014)
Malware type of vulnerability
Malware refers to malicious software, this means that the software can be used to
compromise laptop functions, bypass access controls, and steal data. The common used type of
malware is sand-box evading software. This said to be a prominent tool in the hands of cyber
hackers in 2019. The software has the ability to bypass protection controls and execute its
malicious codes without being detected by modern cyber security solutions. Some of examples
of sandbox-evading software is locky malware which was released in 2016. This type sand-box
malware is spread through JavaScript code. Another example is shamoon malware which was
important to note that PPS need not to necessary have a technician to ensure that the
organizational data is protected. The company needs only to be have a few changes on their
laptops and have be aware of cyber-security related issues and how an organization can protect
itself from these issues (Ali & Awad, 2018).
Zero-day vulnerability
First is the main vulnerability is zero-day vulnerability. This is a weakness to a hole in a
software which is unknown to a vendor. The security is then exploited by an attacker before a
vendor or an organization becomes aware and hurries to fix it. Zero-day exploit abuses local
privilege escalation weakness in windows platform specifically a NULL pointer, the win32k.sys
component. Once the exploit is analyzed and discovered, it is supposed to be reported to
Microsoft security response. It is important to note that with Zero-vulnerability an attacker is
capable of creating two windows; one for the first stage and the second stage of exploit. For the
first exploit an attacker is capable of creating a popup menu object(Ashok, Hahn, &
Govindarasu, 2014)
Malware type of vulnerability
Malware refers to malicious software, this means that the software can be used to
compromise laptop functions, bypass access controls, and steal data. The common used type of
malware is sand-box evading software. This said to be a prominent tool in the hands of cyber
hackers in 2019. The software has the ability to bypass protection controls and execute its
malicious codes without being detected by modern cyber security solutions. Some of examples
of sandbox-evading software is locky malware which was released in 2016. This type sand-box
malware is spread through JavaScript code. Another example is shamoon malware which was
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Cyber security Assignment PDFlg...
|8
|1424
|37
Cyber-Security: Phishing, Spear Phishing, Ransomware, Scareware and Enterprise Information Securitylg...
|11
|1381
|117
Cybersecurity Threat Name of the Studentlg...
|11
|2321
|49
Network Security and Types of Security Threats and Attacks in Information Technologylg...
|8
|2577
|274
IS Security and Risk Management Assignment PDFlg...
|10
|3410
|84
Explanation of Meltdown and Spectre Vulnerabilitieslg...
|11
|3042
|21