Cyber Security Threats and Information Governance
Added on 2023-01-19
16 Pages4128 Words21 Views
Cyber Security
Table of Contents
Introduction......................................................................................................................................3
Task 1...............................................................................................................................................4
Critically assess cyber security threats for demonstration of needs of information governance.
.....................................................................................................................................................4
Task 2...............................................................................................................................................6
Justify approaches and purpose of ISMS....................................................................................6
Task 3...............................................................................................................................................8
Illustrate significance of information governance along with risk assessment methodologies.. 8
Conclusion.....................................................................................................................................10
References .....................................................................................................................................11
Introduction......................................................................................................................................3
Task 1...............................................................................................................................................4
Critically assess cyber security threats for demonstration of needs of information governance.
.....................................................................................................................................................4
Task 2...............................................................................................................................................6
Justify approaches and purpose of ISMS....................................................................................6
Task 3...............................................................................................................................................8
Illustrate significance of information governance along with risk assessment methodologies.. 8
Conclusion.....................................................................................................................................10
References .....................................................................................................................................11
Introduction
Cyber security is defined as protecting computer system from any kind of damage or theft
to software, electronic data or hardware. It involves controls, processes and technologies which
are premeditated for protection of programs, networks, data and devices from any kind cyber
attacks (Abomhara, 2015). Efficacious cyber security eliminates the risk associated with cyber
attacks along with this; it is liable for protecting from unauthorised exploitation of technologies,
networks and systems. This report is based on Wallington Trust Hospital which is liable for
rendering secondary health services in London. It offers their patients with rehabilitation,
orthopaedics, gynaecology, neurosurgery and various other services. This report is based on
cyber security threats approaches along with information security management system.
Furthermore, significance of information governance will be illustrated.
Task 1
Critically assess cyber security threats for demonstration of needs of information governance.
The preventive techniques that are being utilised for protecting data, networks and
programs from any kind of unauthorised access, damage or attack is referred to as cyber security.
It involves protection of systems and information from cyberthreats which can be in any form
like exploit kits, phishing, ransomware and malware. The different real life case studies have
been illustrated beneath:
Dunkin's Donuts Credential Stuffing Attack: This attack took place in November 2018
but still now they are notifying their users with more number of account breaches. In this
attack, hackers got leverage into accounts of user’s credentials as they prompted them to
enter their details within DD Perks reward account. The purpose behind this was not
having personal information of users but instead they wanted to have account itself for
selling Dark Web Forums (Top 5 Cyber Security Breaches of 2019 So Far, 2019). This
attack tool place last year but still organisation has not taken any peculiar steps through
which it can be protected as same attack again occurred in the same firm. The
Cyber security is defined as protecting computer system from any kind of damage or theft
to software, electronic data or hardware. It involves controls, processes and technologies which
are premeditated for protection of programs, networks, data and devices from any kind cyber
attacks (Abomhara, 2015). Efficacious cyber security eliminates the risk associated with cyber
attacks along with this; it is liable for protecting from unauthorised exploitation of technologies,
networks and systems. This report is based on Wallington Trust Hospital which is liable for
rendering secondary health services in London. It offers their patients with rehabilitation,
orthopaedics, gynaecology, neurosurgery and various other services. This report is based on
cyber security threats approaches along with information security management system.
Furthermore, significance of information governance will be illustrated.
Task 1
Critically assess cyber security threats for demonstration of needs of information governance.
The preventive techniques that are being utilised for protecting data, networks and
programs from any kind of unauthorised access, damage or attack is referred to as cyber security.
It involves protection of systems and information from cyberthreats which can be in any form
like exploit kits, phishing, ransomware and malware. The different real life case studies have
been illustrated beneath:
Dunkin's Donuts Credential Stuffing Attack: This attack took place in November 2018
but still now they are notifying their users with more number of account breaches. In this
attack, hackers got leverage into accounts of user’s credentials as they prompted them to
enter their details within DD Perks reward account. The purpose behind this was not
having personal information of users but instead they wanted to have account itself for
selling Dark Web Forums (Top 5 Cyber Security Breaches of 2019 So Far, 2019). This
attack tool place last year but still organisation has not taken any peculiar steps through
which it can be protected as same attack again occurred in the same firm. The
organisation must have taken appropriate countermeasures through which they can be
avoided.
Toyota's second data breach: The attack took place on 29th March, 2019 and has created
impact on 3.1 million individuals. Firm is identifying whether still the cybercriminals
possess access to their data or they are able to read data (Brown, Gommers and Serrano,
2015). Unauthorised access occurred to server which was connected with network of
Toyota. The server to which intruder was able to get in do not contained details of credit
card. When this attack came into notice, the systems were made offline to make sure that
more details do not get compromised. For this they have taken appropriate
countermeasures by interacting with experts from international cyber security so that they
can prevent such attacks in future.
Citrix breach:The firm believe that cyber criminals has acquired access to their internal
network. It was reported that Iranian-backed Iridium hacker group has attacked Citrix in
December, 2018 and on 6th March, 2019 again again the attack took place which lead to a
leak of sensitive internal files which were around of 6 terabytes. This information
contained blueprints, emails and other relevant documents. Same group of hackers have
attacked around 200 government agencies and for this they have been making use of
bypassing multi-factor authentications for having access to critical services and
application via SSO and VPN channels (Collins, 2016) .
NHS WannaCry attack: On May, 2017 this ransomware attack affected lots of
organisation in which third person infected computers as well as encrypted content on
hard disk. For this they made demand for payment in the form of bitcoin for decrypting it.
Cost of around £92m was declined as appointments were being cancelled. Due to the
cyber attack near about 2,00,000 computers of users were locked with an red-lettered
error message. Similarly, other firms were also impacted by this and lots of data was lost.
Phishy Wipro Breach: It was observed that the systems of Wipro (which is a consulting
and outsourcing giant) acted as a jumping-off points for digital phishing expeditions
which target various customer systems. The customers traced suspicious & malicious
network reconnaissance activities which were being carried back to their partner systems
which were then directly communicated within the network of Wipro. The breach was
restricted to only few employees and there systems were phished.
avoided.
Toyota's second data breach: The attack took place on 29th March, 2019 and has created
impact on 3.1 million individuals. Firm is identifying whether still the cybercriminals
possess access to their data or they are able to read data (Brown, Gommers and Serrano,
2015). Unauthorised access occurred to server which was connected with network of
Toyota. The server to which intruder was able to get in do not contained details of credit
card. When this attack came into notice, the systems were made offline to make sure that
more details do not get compromised. For this they have taken appropriate
countermeasures by interacting with experts from international cyber security so that they
can prevent such attacks in future.
Citrix breach:The firm believe that cyber criminals has acquired access to their internal
network. It was reported that Iranian-backed Iridium hacker group has attacked Citrix in
December, 2018 and on 6th March, 2019 again again the attack took place which lead to a
leak of sensitive internal files which were around of 6 terabytes. This information
contained blueprints, emails and other relevant documents. Same group of hackers have
attacked around 200 government agencies and for this they have been making use of
bypassing multi-factor authentications for having access to critical services and
application via SSO and VPN channels (Collins, 2016) .
NHS WannaCry attack: On May, 2017 this ransomware attack affected lots of
organisation in which third person infected computers as well as encrypted content on
hard disk. For this they made demand for payment in the form of bitcoin for decrypting it.
Cost of around £92m was declined as appointments were being cancelled. Due to the
cyber attack near about 2,00,000 computers of users were locked with an red-lettered
error message. Similarly, other firms were also impacted by this and lots of data was lost.
Phishy Wipro Breach: It was observed that the systems of Wipro (which is a consulting
and outsourcing giant) acted as a jumping-off points for digital phishing expeditions
which target various customer systems. The customers traced suspicious & malicious
network reconnaissance activities which were being carried back to their partner systems
which were then directly communicated within the network of Wipro. The breach was
restricted to only few employees and there systems were phished.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Computer Security: Elements, Issues, and Frameworkslg...
|15
|5037
|1
Computer Security: Fundamentals, Examples, and Countermeasureslg...
|15
|5240
|98
JP Morgan Data Breachlg...
|5
|722
|96
Network security - Sample Assignmentlg...
|10
|2195
|122
IS Security and Risk Managementlg...
|12
|3177
|391
CoRPORATE GOVERNANCElg...
|12
|3133
|112