Professional Skills In Information Communication Technology: Cyber Security
VerifiedAdded on 2023/03/23
|20
|6717
|27
AI Summary
This report discusses the case study of ABC Technologies and the implementation of cyber security measures within the organization. It highlights security vulnerabilities, emerging threats, and provides recommendations for protecting networks.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: CYBER SECURITY
Professional Skills In Information Communication Technology: Cyber Security
Name of the Student
Name of the University
Author’s Note:
Professional Skills In Information Communication Technology: Cyber Security
Name of the Student
Name of the University
Author’s Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
CYBER SECURITY
Executive Summary
The main aim of this report is to understand the case study of ABC Technologies. This
particular organizational management is highly concerned about their security and privacy of
networks, systems and confidential data. Hence, they have decided to implement cyber
security measures within their organization and business. A proper set of techniques is
needed for the purpose so that integrity of confidential data, programs and networks is
protected from any kind of unauthorized access and for his purpose it is important to involve
cyber security within their business and networks. This report has properly depicted every
detail related to cyber security after highlighting three security vulnerabilities and five
emerging threats. Moreover, three suitable recommendations are also provided in this report
for protecting home and office networks.
CYBER SECURITY
Executive Summary
The main aim of this report is to understand the case study of ABC Technologies. This
particular organizational management is highly concerned about their security and privacy of
networks, systems and confidential data. Hence, they have decided to implement cyber
security measures within their organization and business. A proper set of techniques is
needed for the purpose so that integrity of confidential data, programs and networks is
protected from any kind of unauthorized access and for his purpose it is important to involve
cyber security within their business and networks. This report has properly depicted every
detail related to cyber security after highlighting three security vulnerabilities and five
emerging threats. Moreover, three suitable recommendations are also provided in this report
for protecting home and office networks.
2
CYBER SECURITY
Table of Contents
Introduction................................................................................................................................3
Discussion..................................................................................................................................4
Explaining about Cyber Security with its Significance and Importance in ABCT................4
Identifying and Explaining about 3 Security Threats in System of ABCT with Proper
Justification............................................................................................................................6
Listing of 5 Different Kinds of Emerging Threat affecting Organization with Proper
Description regarding Damages caused by Attacks.............................................................10
Conclusion................................................................................................................................14
Recommendations....................................................................................................................15
References................................................................................................................................16
CYBER SECURITY
Table of Contents
Introduction................................................................................................................................3
Discussion..................................................................................................................................4
Explaining about Cyber Security with its Significance and Importance in ABCT................4
Identifying and Explaining about 3 Security Threats in System of ABCT with Proper
Justification............................................................................................................................6
Listing of 5 Different Kinds of Emerging Threat affecting Organization with Proper
Description regarding Damages caused by Attacks.............................................................10
Conclusion................................................................................................................................14
Recommendations....................................................................................................................15
References................................................................................................................................16
3
CYBER SECURITY
Introduction
Cyber security can be defined as the major practice to protect any type of system,
network and program from digital attack (Von Solms & Van Niekerk, 2013).
Cybersecurity is the collection of tools, policies, security concepts, security safeguards,
guidelines, risk management approaches, actions, training, best practices, assurance and
technologies that can be used to protect the cyber environment and organization and user’s
assets. Organization and user’s assets include connected computing devices, personnel,
infrastructure, applications, services, telecommunications systems, and the totality of
transmitted and/or stored information in the cyber environment.
These attacks have major aim to access, alter or even abolish sensitive information,
extortion of resources from the users and interruption of normal business procedures (Buczak
& Guven, 2015).
Cyber security is the set of technologies and processes designed to protect computers,
networks, programs, and data from attack, unauthorized access, change, or destruction.
Cyber security systems are composed of network security systems and computer (host)
security systems. Each of these has, at a minimum, a firewall, antivirus software, and an
intrusion detection system (IDS). IDSs help discover, determine, and identify unauthorized
use, duplication, alteration, and destruction of information systems. The security breaches
include external intrusions (attacks from outside the organization) and internal intrusions
(attacks from within the organization).
A proper deployment of cyber security measure is extremely stimulating as there are
several devices than organizational people and hackers can easily extract sensitive
information. An effective defence is to be created for getting security from such distinctive
attacks (Wang & Lu, 2013).
Cyber security emerges to be a critical issue because millions of electronic devices are inter-
connected via communication networks throughout critical power facilities, which has an
immediate impact on reliability of such a widespread infrastructure.
The users should understand and then comply with every principle of data security
such as selecting stronger passwords and ensuring data backups.
CYBER SECURITY
Introduction
Cyber security can be defined as the major practice to protect any type of system,
network and program from digital attack (Von Solms & Van Niekerk, 2013).
Cybersecurity is the collection of tools, policies, security concepts, security safeguards,
guidelines, risk management approaches, actions, training, best practices, assurance and
technologies that can be used to protect the cyber environment and organization and user’s
assets. Organization and user’s assets include connected computing devices, personnel,
infrastructure, applications, services, telecommunications systems, and the totality of
transmitted and/or stored information in the cyber environment.
These attacks have major aim to access, alter or even abolish sensitive information,
extortion of resources from the users and interruption of normal business procedures (Buczak
& Guven, 2015).
Cyber security is the set of technologies and processes designed to protect computers,
networks, programs, and data from attack, unauthorized access, change, or destruction.
Cyber security systems are composed of network security systems and computer (host)
security systems. Each of these has, at a minimum, a firewall, antivirus software, and an
intrusion detection system (IDS). IDSs help discover, determine, and identify unauthorized
use, duplication, alteration, and destruction of information systems. The security breaches
include external intrusions (attacks from outside the organization) and internal intrusions
(attacks from within the organization).
A proper deployment of cyber security measure is extremely stimulating as there are
several devices than organizational people and hackers can easily extract sensitive
information. An effective defence is to be created for getting security from such distinctive
attacks (Wang & Lu, 2013).
Cyber security emerges to be a critical issue because millions of electronic devices are inter-
connected via communication networks throughout critical power facilities, which has an
immediate impact on reliability of such a widespread infrastructure.
The users should understand and then comply with every principle of data security
such as selecting stronger passwords and ensuring data backups.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
CYBER SECURITY
This report discusses about the case study of ABCT organization. As there are several
significant scope and chances of cyber security attacks for the growth of interconnected
devices and the main challenges to cyber efforts are online payment, mobile connectivity, IoT
and cloud devices. An Australian technological organization, ABCT mainly ranges from
several specifications of highly advanced products of both software and hardware. They even
have a BYOD policy, however they are concerned about hacking and loss of customers. This
report will be broadly providing an idea of cyber security with identification of three security
vulnerability as well as five subsequent kinds of emerging risks, which may affect system of
this organization. Relevant recommendations would also be provided in this report.
Discussion
Explaining about Cyber Security with its Significance and Importance in ABCT
A successful approach of cyber security comprises of several layers of protection that
are being spread across several computers, data, programs and networks, which any
individual has intended to keep safe and secured (Buczak & Guven, 2015).
Cyber security is the set of technologies and processes designed to protect computers,
networks, programs, and data from attack, unauthorized access, change, or destruction.
Cyber security systems are composed of network security systems and computer (host)
security systems. Each of these has, at a minimum, a firewall, antivirus software, and an
intrusion detection system (IDS). IDSs help discover, determine, and identify unauthorized
use, duplication, alteration, and destruction of information systems. The security breaches
include external intrusions (attacks from outside the organization) and internal intrusions
(attacks from within the organization).
The major functionality of the cyber security includes security of systems or
confidential information from several cyber risks. This rapid acceptance of any cloud based
application as well as work load is responsible for extending security requirements beyond a
outdated data centre and even inflexible data security mandate like NIST cyber security
framework (Hahn, Ashok, Sridhar & Govindarasu, 2013).
Numerous vulnerability assessment activities have been performed on the testbed to
explore potential security weaknesses in the software and communication protocols.
Discovered vulnerabilities are then shared with the product vendor so they can develop and
release appropriate mitigations. Our vulnerability identification process has followed well
documented security testing methodologies, such as NIST 800-115: “Technical Guide to
CYBER SECURITY
This report discusses about the case study of ABCT organization. As there are several
significant scope and chances of cyber security attacks for the growth of interconnected
devices and the main challenges to cyber efforts are online payment, mobile connectivity, IoT
and cloud devices. An Australian technological organization, ABCT mainly ranges from
several specifications of highly advanced products of both software and hardware. They even
have a BYOD policy, however they are concerned about hacking and loss of customers. This
report will be broadly providing an idea of cyber security with identification of three security
vulnerability as well as five subsequent kinds of emerging risks, which may affect system of
this organization. Relevant recommendations would also be provided in this report.
Discussion
Explaining about Cyber Security with its Significance and Importance in ABCT
A successful approach of cyber security comprises of several layers of protection that
are being spread across several computers, data, programs and networks, which any
individual has intended to keep safe and secured (Buczak & Guven, 2015).
Cyber security is the set of technologies and processes designed to protect computers,
networks, programs, and data from attack, unauthorized access, change, or destruction.
Cyber security systems are composed of network security systems and computer (host)
security systems. Each of these has, at a minimum, a firewall, antivirus software, and an
intrusion detection system (IDS). IDSs help discover, determine, and identify unauthorized
use, duplication, alteration, and destruction of information systems. The security breaches
include external intrusions (attacks from outside the organization) and internal intrusions
(attacks from within the organization).
The major functionality of the cyber security includes security of systems or
confidential information from several cyber risks. This rapid acceptance of any cloud based
application as well as work load is responsible for extending security requirements beyond a
outdated data centre and even inflexible data security mandate like NIST cyber security
framework (Hahn, Ashok, Sridhar & Govindarasu, 2013).
Numerous vulnerability assessment activities have been performed on the testbed to
explore potential security weaknesses in the software and communication protocols.
Discovered vulnerabilities are then shared with the product vendor so they can develop and
release appropriate mitigations. Our vulnerability identification process has followed well
documented security testing methodologies, such as NIST 800-115: “Technical Guide to
5
CYBER SECURITY
Information Security Testing and Assessment”, which focuses on various scanning and
cracking techniques along with a thorough review of implemented technologies and
configurations. In addition to the documented methodology, our analysis has also included
manual inspection techniques using various open-source tools and software fuzzing tests
based on the Mu Security Analyzer.
For the core purpose of securing a computer system, it is extremely vital and
significant to understand all types of attacks, which could be made against it and such threats
could be broadly classified into few levels according to their vulnerabilities. The major and
broad types of cyber threats include backdoor attacks, denial of service or denial of service
attack, eaves dropping, phishing, multi vector polymorphic attack, spoofing, social-
engineering attack, privilege escalation, tampering and finally direct access attacks
(Elmaghraby & Losavio, 2014).
In all of the interactions the information generation and exchange is at least bilateral and
communicative. Actions often call and use information which, in turn, generates new
information related to the services, including bettering those services on analysis.
With computing systems the kernel of security concerns is the information handled by the
system. The three general areas to be secured are
(1) The “privacy” and confidentiality of the information
(2) The integrity and authenticity of the information and
(3) The availability of the information for its use and services.
The culture of information security is highly affected in this type of attack and
employee behaviour comprises of a significant impact on IS within a specific organization.
The entire culture of information security is required to be analysed on a priority basis and
hence the issues are eradicated on time.
Cyber security comprises of a significant impact on the organization of ABCT
(Cherdantseva et al., 2016).
Risk assessment in SCADA systems shall help to prioritise (1) the components of a system in
terms of their importance to the successful operation of the system or in terms of their level
of vulnerability to an attack, and (2) threats in terms of the danger they pose and their
likelihood. Risk assessment shall assist the managers and engineers of SCADA systems with
CYBER SECURITY
Information Security Testing and Assessment”, which focuses on various scanning and
cracking techniques along with a thorough review of implemented technologies and
configurations. In addition to the documented methodology, our analysis has also included
manual inspection techniques using various open-source tools and software fuzzing tests
based on the Mu Security Analyzer.
For the core purpose of securing a computer system, it is extremely vital and
significant to understand all types of attacks, which could be made against it and such threats
could be broadly classified into few levels according to their vulnerabilities. The major and
broad types of cyber threats include backdoor attacks, denial of service or denial of service
attack, eaves dropping, phishing, multi vector polymorphic attack, spoofing, social-
engineering attack, privilege escalation, tampering and finally direct access attacks
(Elmaghraby & Losavio, 2014).
In all of the interactions the information generation and exchange is at least bilateral and
communicative. Actions often call and use information which, in turn, generates new
information related to the services, including bettering those services on analysis.
With computing systems the kernel of security concerns is the information handled by the
system. The three general areas to be secured are
(1) The “privacy” and confidentiality of the information
(2) The integrity and authenticity of the information and
(3) The availability of the information for its use and services.
The culture of information security is highly affected in this type of attack and
employee behaviour comprises of a significant impact on IS within a specific organization.
The entire culture of information security is required to be analysed on a priority basis and
hence the issues are eradicated on time.
Cyber security comprises of a significant impact on the organization of ABCT
(Cherdantseva et al., 2016).
Risk assessment in SCADA systems shall help to prioritise (1) the components of a system in
terms of their importance to the successful operation of the system or in terms of their level
of vulnerability to an attack, and (2) threats in terms of the danger they pose and their
likelihood. Risk assessment shall assist the managers and engineers of SCADA systems with
6
CYBER SECURITY
the development of adequate security policies, with the design of secure system and with the
rational allocation of often scarce resources.
Security requirements for SCADA are identified so that integrity and availability have the
highest priority, while confidentiality is secondary. The vulnerabilities of a system are
identified using existing vulnerability identification libraries. Each vulnerability is classified
as reconnaissance, breach, penetrate, escalation or damage. Time-to-compromise a device is
calculated. It depends on the known vulnerabilities of the target system and the skills of an
attacker.
Since they allow their staff time flexibility by allowing work from home only after
utilization of VPN connection and even comprises of a specific BYOD policy for the staff,
who are working onsite; it is extremely important and significant for them to maintain cyber
security under every circumstance. This particular organization had been a subsequent dupe
of various recent cyber threats and hence they are eventually concerned that the
organizational data may be compromised and the hackers may get hold of customers’ data
(Wells, Camelio, Williams & White, 2014).
The first step towards preventing, detecting, and mitigating the effects of cyber-attacks in
manufacturing is to understand and overcome the current weaknesses in areas, such as
design systems, production control, QC, and manufacturing cyber-security research and
education. One of the most important barriers for cyber-security in manufacturing is that
industry is more concerned with attacks aimed at intellectual property (IP) theft. This is
warranted as computer security has traditionally focused on protecting information.
It could even result in the loss of income and hence ABCT requires to improvise the
security system as well as security related policies and procedures. A document on cyber
security is required to be prepared for training the staff for reducing cyber attacks. The virtual
private networks or wireless networks are required to be secured in ABCT for protecting the
entire scope and customers’ data.
Identifying and Explaining about 3 Security Threats in System of ABCT with Proper
Justification
Three security vulnerability in the respective system of this organization that could be
possible are as follows:
CYBER SECURITY
the development of adequate security policies, with the design of secure system and with the
rational allocation of often scarce resources.
Security requirements for SCADA are identified so that integrity and availability have the
highest priority, while confidentiality is secondary. The vulnerabilities of a system are
identified using existing vulnerability identification libraries. Each vulnerability is classified
as reconnaissance, breach, penetrate, escalation or damage. Time-to-compromise a device is
calculated. It depends on the known vulnerabilities of the target system and the skills of an
attacker.
Since they allow their staff time flexibility by allowing work from home only after
utilization of VPN connection and even comprises of a specific BYOD policy for the staff,
who are working onsite; it is extremely important and significant for them to maintain cyber
security under every circumstance. This particular organization had been a subsequent dupe
of various recent cyber threats and hence they are eventually concerned that the
organizational data may be compromised and the hackers may get hold of customers’ data
(Wells, Camelio, Williams & White, 2014).
The first step towards preventing, detecting, and mitigating the effects of cyber-attacks in
manufacturing is to understand and overcome the current weaknesses in areas, such as
design systems, production control, QC, and manufacturing cyber-security research and
education. One of the most important barriers for cyber-security in manufacturing is that
industry is more concerned with attacks aimed at intellectual property (IP) theft. This is
warranted as computer security has traditionally focused on protecting information.
It could even result in the loss of income and hence ABCT requires to improvise the
security system as well as security related policies and procedures. A document on cyber
security is required to be prepared for training the staff for reducing cyber attacks. The virtual
private networks or wireless networks are required to be secured in ABCT for protecting the
entire scope and customers’ data.
Identifying and Explaining about 3 Security Threats in System of ABCT with Proper
Justification
Three security vulnerability in the respective system of this organization that could be
possible are as follows:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
CYBER SECURITY
i) Phishing: Phishing is the first security vulnerability or threat within the distinctive
system of ABCT (Craigen, Diakun-Thibault & Purse, 2014).
The absence of a concise, universally acceptable definition that captures the
multidimensionality of cybersecurity impedes technological and scientific advances by
reinforcing the predominantly technical view of cybersecurity while separating disciplines
that should be acting in concert to resolve complex cybersecurity challenges. It has become
increasingly apparent that cybersecurity is interdisciplinary. The more inclusive, unifying
definition presented in this article aims to facilitate interdisciplinary approaches to
cybersecurity. We hope that the definition will be embraced by the multiple disciplines
engaged in cybersecurity efforts, thereby opening the door to greater understanding and
collaboration needed to address the growing and complex threats to cyberspace and
cyberspace-enabled systems.
It is a fraud attempt to obtain confidential data such as passwords, username and
details of debit and credit card after disguising oneself as the major trustworthy entity in the
electronic communication. Phishing is majorly carried out by spoofing of electronic mails or
even instant messaging. This particular security vulnerability often directs the users in
entering private information at a false or forged web site that can match to the look and feel
of the legal site (Abawajy, 2014).
Phishing is an increasingly sophisticated attack in which cyber criminals use spoofed emails
and fake web sites to deceit people into giving up personal information. Phishing attacks
exploit the fact that users tend to trust email messages and web sites based on cues that
actually provide little or no meaningful trust information. They tend to target the most
common activities (email and web) that the majority of users spend substantial times on.
Phishing is termed as one of the major examples of social engineering techniques that
are utilized for deceiving the users. The employees of ABC Technologies could be easily
lured by proper communications purporting that are to be done from a specific trusted party
like auction site, online payment processors and many more (Dunn Cavelty, 2013).
This focus on vulnerabilities results in two noteworthy characteristics of the threat
representation: First, the protective capacity of space is obliterated; there is no place that is
safe from an attack. Second, the threat becomes quasi-universal, because it is now
everywhere, creating a sense of “imminent but inexact catastrophe, lurking just beneath the
surface of normal, technologized […] everyday life”. Threats or dangers are no longer
CYBER SECURITY
i) Phishing: Phishing is the first security vulnerability or threat within the distinctive
system of ABCT (Craigen, Diakun-Thibault & Purse, 2014).
The absence of a concise, universally acceptable definition that captures the
multidimensionality of cybersecurity impedes technological and scientific advances by
reinforcing the predominantly technical view of cybersecurity while separating disciplines
that should be acting in concert to resolve complex cybersecurity challenges. It has become
increasingly apparent that cybersecurity is interdisciplinary. The more inclusive, unifying
definition presented in this article aims to facilitate interdisciplinary approaches to
cybersecurity. We hope that the definition will be embraced by the multiple disciplines
engaged in cybersecurity efforts, thereby opening the door to greater understanding and
collaboration needed to address the growing and complex threats to cyberspace and
cyberspace-enabled systems.
It is a fraud attempt to obtain confidential data such as passwords, username and
details of debit and credit card after disguising oneself as the major trustworthy entity in the
electronic communication. Phishing is majorly carried out by spoofing of electronic mails or
even instant messaging. This particular security vulnerability often directs the users in
entering private information at a false or forged web site that can match to the look and feel
of the legal site (Abawajy, 2014).
Phishing is an increasingly sophisticated attack in which cyber criminals use spoofed emails
and fake web sites to deceit people into giving up personal information. Phishing attacks
exploit the fact that users tend to trust email messages and web sites based on cues that
actually provide little or no meaningful trust information. They tend to target the most
common activities (email and web) that the majority of users spend substantial times on.
Phishing is termed as one of the major examples of social engineering techniques that
are utilized for deceiving the users. The employees of ABC Technologies could be easily
lured by proper communications purporting that are to be done from a specific trusted party
like auction site, online payment processors and many more (Dunn Cavelty, 2013).
This focus on vulnerabilities results in two noteworthy characteristics of the threat
representation: First, the protective capacity of space is obliterated; there is no place that is
safe from an attack. Second, the threat becomes quasi-universal, because it is now
everywhere, creating a sense of “imminent but inexact catastrophe, lurking just beneath the
surface of normal, technologized […] everyday life”. Threats or dangers are no longer
8
CYBER SECURITY
perceived as coming exclusively from a certain direction—traditionally, the outside—but are
system-inherent; the threat is a quasi-latent characteristic of the system, which feeds a
permanent sense of vulnerability and inevitable disaster.
The respective attempts for dealing with few significant phishing incidents majorly
involve user training, technical security measures and user training.
ii) SQL Injection Attacks: The second distinctive and important security vulnerability
within the subsequent system of ABCT is SQL injection attack. It can be referred to as a
technique of code injection, which can be used for criticising data driven application, where
the malicious SQL statement is being injected into the entry field for better accomplishment
(Cavelty, 2014).
The inward-looking focus on the other hand is about vulnerabilities in (computer) systems. In
computer security, a vulnerability is understood as the confluence of three elements that in
themselves combine the inward and the outward looking perspective: a system susceptibility
or flaw, an attacker’s knowledge of and access to the flaw, and an attacker’s capability to
exploit the flaw (i.e. NIST 2002: 15). The result of a successful utilization of a vulnerability is
a compromise of the systems information security. Due to the characteristics of digitally
stored information, an intruder can delay, disrupt, corrupt, exploit, destroy, steal, and modify
information, with various implications.
This SQL injection should eventually exploit the security vulnerability within the
software of an application and hence users’ inputs could either be inappropriately filtered for
sequential literal escape character that is being implanted in a SQL statement as well as user
inputs not being strongly typed or performed (Ben-Asher & Gonzalez, 2015).
Detailed instructions stated that the local corporate network is connected to the Internet
through a router that routes Internet traffic to and from the local network. The network has
two zones or sub-networks: one containing a public web server, and the other containing a
private file server (with payroll, accounting, sales, marketing data, etc.) and a private cluster
of workstation computers that company employees use for their daily work. The public web
server runs two services (httpd and ftpd) and enables shoppers on the Internet to buy
products using the company’s website. The fileserver stores the company’s data and runs two
services (ftpd and nfsd) that allow access to the data over the network. The employees of the
company use their workstations to access the Internet, as well as the data stored on the
CYBER SECURITY
perceived as coming exclusively from a certain direction—traditionally, the outside—but are
system-inherent; the threat is a quasi-latent characteristic of the system, which feeds a
permanent sense of vulnerability and inevitable disaster.
The respective attempts for dealing with few significant phishing incidents majorly
involve user training, technical security measures and user training.
ii) SQL Injection Attacks: The second distinctive and important security vulnerability
within the subsequent system of ABCT is SQL injection attack. It can be referred to as a
technique of code injection, which can be used for criticising data driven application, where
the malicious SQL statement is being injected into the entry field for better accomplishment
(Cavelty, 2014).
The inward-looking focus on the other hand is about vulnerabilities in (computer) systems. In
computer security, a vulnerability is understood as the confluence of three elements that in
themselves combine the inward and the outward looking perspective: a system susceptibility
or flaw, an attacker’s knowledge of and access to the flaw, and an attacker’s capability to
exploit the flaw (i.e. NIST 2002: 15). The result of a successful utilization of a vulnerability is
a compromise of the systems information security. Due to the characteristics of digitally
stored information, an intruder can delay, disrupt, corrupt, exploit, destroy, steal, and modify
information, with various implications.
This SQL injection should eventually exploit the security vulnerability within the
software of an application and hence users’ inputs could either be inappropriately filtered for
sequential literal escape character that is being implanted in a SQL statement as well as user
inputs not being strongly typed or performed (Ben-Asher & Gonzalez, 2015).
Detailed instructions stated that the local corporate network is connected to the Internet
through a router that routes Internet traffic to and from the local network. The network has
two zones or sub-networks: one containing a public web server, and the other containing a
private file server (with payroll, accounting, sales, marketing data, etc.) and a private cluster
of workstation computers that company employees use for their daily work. The public web
server runs two services (httpd and ftpd) and enables shoppers on the Internet to buy
products using the company’s website. The fileserver stores the company’s data and runs two
services (ftpd and nfsd) that allow access to the data over the network. The employees of the
company use their workstations to access the Internet, as well as the data stored on the
9
CYBER SECURITY
fileserver. The firewall prevents unwanted Internet connections from entering the local
network, and it also checks the traffic between the different components of the local network.
The SQL injection can be majorly known as the attack vector for the significant web
site of ABC Technologies, however these could be easily utilized for attacking the respective
SQL database. The identity could be easily spoofed and confidential data of ABCT could be
eventually tampered, hence causing issues of repudiation like rejecting of transactions and
modifying of balance or agreeing the entire disclosure of system data (Knowles, Prince,
Hutchison, Disso & Jones, 2015).
The availability of a comprehensive and robust set of security metrics is essential for
organizations to meet various business objectives. A challenge arises in the risk management
of industrial control systems because standards and methodologies for traditional
information technology systems cannot be applied directly. For traditional information
technology systems, the order of prioritized security goals on which these approaches are
based is typically confidentiality, integrity and then availability (CIA).
Moreover, the data could even be destroyed or made unavailable, which could be
extremely vulnerable for this particular organization.
iii) Denial of Service: The next important and noteworthy security vulnerability that
can be extremely vulnerable for the system of ABCT is DoS. The attack of DoS is a type of
cyber-attack, where the significant wrongdoer eventually seeks into a machine and network
for the core purpose of making this network resource or machine completely unavailable to
its respective intended users either by temporarily and indefinitely upsetting the service of the
company host linked to Internet (Fielder, Panaousis, Malacaria, Hankin & Smeraldi, 2016).
One of the biggest issues facing organisations today is how they are able to defend
themselves from potential cyber attacks. The range and scope of these unknown attacks
create the need for organisations to prioritise the manner in which they defend themselves.
With this each organisation needs to consider the threats that they are most at risk from and
act in such a way so as to reduce the vulnerability across as many relevant vulnerabilities as
possible.
This type of DoS attack is usually executed by flooding every specific targeted
resource or machine with all types of redundant requests within the major attempt of
overloading the systems and also preventing few or legal requests from getting fulfilled. The
CYBER SECURITY
fileserver. The firewall prevents unwanted Internet connections from entering the local
network, and it also checks the traffic between the different components of the local network.
The SQL injection can be majorly known as the attack vector for the significant web
site of ABC Technologies, however these could be easily utilized for attacking the respective
SQL database. The identity could be easily spoofed and confidential data of ABCT could be
eventually tampered, hence causing issues of repudiation like rejecting of transactions and
modifying of balance or agreeing the entire disclosure of system data (Knowles, Prince,
Hutchison, Disso & Jones, 2015).
The availability of a comprehensive and robust set of security metrics is essential for
organizations to meet various business objectives. A challenge arises in the risk management
of industrial control systems because standards and methodologies for traditional
information technology systems cannot be applied directly. For traditional information
technology systems, the order of prioritized security goals on which these approaches are
based is typically confidentiality, integrity and then availability (CIA).
Moreover, the data could even be destroyed or made unavailable, which could be
extremely vulnerable for this particular organization.
iii) Denial of Service: The next important and noteworthy security vulnerability that
can be extremely vulnerable for the system of ABCT is DoS. The attack of DoS is a type of
cyber-attack, where the significant wrongdoer eventually seeks into a machine and network
for the core purpose of making this network resource or machine completely unavailable to
its respective intended users either by temporarily and indefinitely upsetting the service of the
company host linked to Internet (Fielder, Panaousis, Malacaria, Hankin & Smeraldi, 2016).
One of the biggest issues facing organisations today is how they are able to defend
themselves from potential cyber attacks. The range and scope of these unknown attacks
create the need for organisations to prioritise the manner in which they defend themselves.
With this each organisation needs to consider the threats that they are most at risk from and
act in such a way so as to reduce the vulnerability across as many relevant vulnerabilities as
possible.
This type of DoS attack is usually executed by flooding every specific targeted
resource or machine with all types of redundant requests within the major attempt of
overloading the systems and also preventing few or legal requests from getting fulfilled. The
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
CYBER SECURITY
most common example of a DoS attack is the distributed denial of service or DDoS attacks,
in which the incoming traffic floods the victim that is being originated from several sources.
It makes it completely impossible for stopping such attacks after blocking a single source
(Luiijf, Besseling & De Graaf, 2013).
A wide array of action areas is elaborated on by the 19 NCSS, with often a considerable
overlap. All nations except Uganda explicitly address in their NCSS the protection of their
own CIs including the government’s own ICT. Some nations refer to already existing
activities rather than starting new ones. As cyber security deals with and addresses the same
global set of threats, common focal points and activities could be expected amongst the
NCSS, such as international comparable, or even harmonised, definitions and terminology.
Due to the global nature of cyberspace, international collaboration could be expected to be
one of the highest priorities of each of the NCSS.
This type of attack is completely analogous to the employees of an organization and
hence it is solely responsible for disrupting the services to a higher level. Since, the
organization of ABCT is providing VPN to every computer service and free wireless local
area network access to their visitors and guests, denial of service attack could be extremely
common for the organization and they should undertake some of the major and the most
significant issues regarding their safety and security.
Listing of 5 Different Kinds of Emerging Threat affecting Organization with Proper
Description regarding Damages caused by Attacks
The five different kinds of emerging vulnerabilities that cause major affect the
distinctive organization of ABC Technologies could be extremely vulnerable and problematic
for each and every security system or confidential data (Abomhara, 2015).
Security has been defined as a process to protect an object against physical damage,
unauthorized access, theft, or loss, by maintaining high confidentiality and integrity of
information about the object and making information about that object available whenever
needed. There is no thing as the secure state of any object, tangible or not, because no such
object can ever be in a perfectly secure state and still be useful. An object is secure if the
process can maintain its maximum intrinsic value under different conditions.
The cyber threat landscape mainly continue in evolving with the new threats emerging
on a regular basis. The core ability to track and prepare to face all of such issues so that the
organization could eventually improve their respective resilience and provide better support
CYBER SECURITY
most common example of a DoS attack is the distributed denial of service or DDoS attacks,
in which the incoming traffic floods the victim that is being originated from several sources.
It makes it completely impossible for stopping such attacks after blocking a single source
(Luiijf, Besseling & De Graaf, 2013).
A wide array of action areas is elaborated on by the 19 NCSS, with often a considerable
overlap. All nations except Uganda explicitly address in their NCSS the protection of their
own CIs including the government’s own ICT. Some nations refer to already existing
activities rather than starting new ones. As cyber security deals with and addresses the same
global set of threats, common focal points and activities could be expected amongst the
NCSS, such as international comparable, or even harmonised, definitions and terminology.
Due to the global nature of cyberspace, international collaboration could be expected to be
one of the highest priorities of each of the NCSS.
This type of attack is completely analogous to the employees of an organization and
hence it is solely responsible for disrupting the services to a higher level. Since, the
organization of ABCT is providing VPN to every computer service and free wireless local
area network access to their visitors and guests, denial of service attack could be extremely
common for the organization and they should undertake some of the major and the most
significant issues regarding their safety and security.
Listing of 5 Different Kinds of Emerging Threat affecting Organization with Proper
Description regarding Damages caused by Attacks
The five different kinds of emerging vulnerabilities that cause major affect the
distinctive organization of ABC Technologies could be extremely vulnerable and problematic
for each and every security system or confidential data (Abomhara, 2015).
Security has been defined as a process to protect an object against physical damage,
unauthorized access, theft, or loss, by maintaining high confidentiality and integrity of
information about the object and making information about that object available whenever
needed. There is no thing as the secure state of any object, tangible or not, because no such
object can ever be in a perfectly secure state and still be useful. An object is secure if the
process can maintain its maximum intrinsic value under different conditions.
The cyber threat landscape mainly continue in evolving with the new threats emerging
on a regular basis. The core ability to track and prepare to face all of such issues so that the
organization could eventually improve their respective resilience and provide better support
11
CYBER SECURITY
to the business goals. The total number of high profile breaches as well as attacks might bring
major issues and could even undertake cyber security on a priority basis (Sou, Sandberg &
Johansson, 2013).
This paper considers a smart grid cyber-security problem analyzing the vulnerabilities of
electric power networks to false data attacks. The analysis problem is related to a
constrained cardinality minimization problem. To perform the cyber-security analysis in a
timely manner, it is important to solve the data attack construction problem efficiently.
These five kinds of emerging risks, which may affect ABC Technologies are as
follows:
i) Cryptojacking: The first important and significant type of emerging threat, which
may eventually affect the organization of ABCT is crypto jacking. Ransom ware has always
been one of the most significant and chief threat that has a major impact on businesses within
last two years by simply misusing the most basic threats after inclusion of data back ups and
network segmentation (Bada, Sasse & Nurse, 2019).
Simple transfer of knowledge about good practices in security is far from enough. Knowledge
and awareness is a prerequisite to change behaviour but not necessarily sufficient, and this
is why it has to be implemented in conjunction with other influencing strategies. It is very
important to embed positive cyber security behaviours, which can result to thinking
becoming a habit, and a part of an organisation’s cyber security culture. One of the main
reasons why users do not behave optimally is that security systems and policies are poorly
designed – this has been presented time and time again throughout research.
Presently, the threat actors are eventually employing similar variants of ransom ware
attack that were previously utilized for encoding confidential data for obtaining ransom is
termed as cryptojacking. This rise of cryptoacking has referred to the fact that the systems
might get attacked and the users would not get any idea about the attack. This type of attack
can complete extract the information of systems and the users do not even realize it (Hong,
Liu & Govindarasu, 2014).
Cyber intrusions to substations of a power grid are a source of vulnerability since most
substations are unmanned and with limited protection of the physical security. In the worst
case, simultaneous intrusions into multiple substations can lead to severe cascading events,
causing catastrophic power outages. Cyber security of substations has been recognized as a
CYBER SECURITY
to the business goals. The total number of high profile breaches as well as attacks might bring
major issues and could even undertake cyber security on a priority basis (Sou, Sandberg &
Johansson, 2013).
This paper considers a smart grid cyber-security problem analyzing the vulnerabilities of
electric power networks to false data attacks. The analysis problem is related to a
constrained cardinality minimization problem. To perform the cyber-security analysis in a
timely manner, it is important to solve the data attack construction problem efficiently.
These five kinds of emerging risks, which may affect ABC Technologies are as
follows:
i) Cryptojacking: The first important and significant type of emerging threat, which
may eventually affect the organization of ABCT is crypto jacking. Ransom ware has always
been one of the most significant and chief threat that has a major impact on businesses within
last two years by simply misusing the most basic threats after inclusion of data back ups and
network segmentation (Bada, Sasse & Nurse, 2019).
Simple transfer of knowledge about good practices in security is far from enough. Knowledge
and awareness is a prerequisite to change behaviour but not necessarily sufficient, and this
is why it has to be implemented in conjunction with other influencing strategies. It is very
important to embed positive cyber security behaviours, which can result to thinking
becoming a habit, and a part of an organisation’s cyber security culture. One of the main
reasons why users do not behave optimally is that security systems and policies are poorly
designed – this has been presented time and time again throughout research.
Presently, the threat actors are eventually employing similar variants of ransom ware
attack that were previously utilized for encoding confidential data for obtaining ransom is
termed as cryptojacking. This rise of cryptoacking has referred to the fact that the systems
might get attacked and the users would not get any idea about the attack. This type of attack
can complete extract the information of systems and the users do not even realize it (Hong,
Liu & Govindarasu, 2014).
Cyber intrusions to substations of a power grid are a source of vulnerability since most
substations are unmanned and with limited protection of the physical security. In the worst
case, simultaneous intrusions into multiple substations can lead to severe cascading events,
causing catastrophic power outages. Cyber security of substations has been recognized as a
12
CYBER SECURITY
critical issue. For example, well organized simultaneous cyber attacks to multiple
substations can trigger a sequence of cascading events, leading to a system blackout.
Moreover, the attack technique is completely similar to the ransomware attack.
ii) Internet of Things Device or IoT Threats: This is the second important and
noteworthy emerging threat, which may eventually affect the organization of ABCT. The
organization is eventually adding several devices to their respective infrastructures and
internet of things is one of the most common and vulnerable technology that comprises of
few devices, which could involve threats to a higher level (Liu et al., 2015).
An organization’s network security posture may be measured in various ways. Here, we
utilize two families of measurement data. The first is measurements on a network’s
misconfigurations or deviations from standards and other operational recommendations; the
second is measurements on malicious activities seen to originate from that network.
ABCT might lose their confidential data by involvement of such devices and hence
major issues might take place. Such attacks are mainly executed by third party vendors and
the organization faces significant problem while maintenance of the devices. The employees
might lose company their data while working from home and integrity of the respective
BYOD policy might be lost forever (Cavelty, 2014).
A general basic issue for cyber-security is that the information infrastructure that we use
every day for data-transfer was never built with security in mind: vulnerabilities abound.
One of the reasons for the continued existence and constant new creation of these
vulnerabilities is that security is constantly ‘‘underproduced’’ in a market dominated by the
so-called network effect, under which the benefits of a product increase when the number of
users increases, and the ‘‘winner takes it all’’. Quasi-monopolies and time pressures lead to
a focus on fast delivery in commercial software development. Quality criteria, like security,
play only a minor role. Another reason is that the most powerful actors providing the most
important information services today have an interest in keeping them insecure: Big Data is
considered the key IT trend of the future, and companies want to use the masses of data that
we produce every day to tailor their marketing strategies through personalized advertising
and prediction of future consumer behaviour. Therefore, there is no interest in encrypted
(and therefore secure) information exchange. On top of this, the intelligence agencies of this
world have the same interest in data that can be easily grabbed.
CYBER SECURITY
critical issue. For example, well organized simultaneous cyber attacks to multiple
substations can trigger a sequence of cascading events, leading to a system blackout.
Moreover, the attack technique is completely similar to the ransomware attack.
ii) Internet of Things Device or IoT Threats: This is the second important and
noteworthy emerging threat, which may eventually affect the organization of ABCT. The
organization is eventually adding several devices to their respective infrastructures and
internet of things is one of the most common and vulnerable technology that comprises of
few devices, which could involve threats to a higher level (Liu et al., 2015).
An organization’s network security posture may be measured in various ways. Here, we
utilize two families of measurement data. The first is measurements on a network’s
misconfigurations or deviations from standards and other operational recommendations; the
second is measurements on malicious activities seen to originate from that network.
ABCT might lose their confidential data by involvement of such devices and hence
major issues might take place. Such attacks are mainly executed by third party vendors and
the organization faces significant problem while maintenance of the devices. The employees
might lose company their data while working from home and integrity of the respective
BYOD policy might be lost forever (Cavelty, 2014).
A general basic issue for cyber-security is that the information infrastructure that we use
every day for data-transfer was never built with security in mind: vulnerabilities abound.
One of the reasons for the continued existence and constant new creation of these
vulnerabilities is that security is constantly ‘‘underproduced’’ in a market dominated by the
so-called network effect, under which the benefits of a product increase when the number of
users increases, and the ‘‘winner takes it all’’. Quasi-monopolies and time pressures lead to
a focus on fast delivery in commercial software development. Quality criteria, like security,
play only a minor role. Another reason is that the most powerful actors providing the most
important information services today have an interest in keeping them insecure: Big Data is
considered the key IT trend of the future, and companies want to use the masses of data that
we produce every day to tailor their marketing strategies through personalized advertising
and prediction of future consumer behaviour. Therefore, there is no interest in encrypted
(and therefore secure) information exchange. On top of this, the intelligence agencies of this
world have the same interest in data that can be easily grabbed.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13
CYBER SECURITY
The technique is extremely simple as the hacker hacks into the system and takes
control of all confidential data.
iii) Geopolitical Risks: This is the third common type of emerging threat that might
affect ABC Technologies’ networks and systems to a major level (Ben-Asher & Gonzalez,
2015).
An attacker outside the corporation may try to gain access to the corporate network in order
to obtain confidential information or to compromise an essential service. For this, the
attacker can follow an attack called ‘‘island-hopping’’ attack, where the web server is
compromised first, and then it is used to originate attacks on the file server or on the
company workstations.
They should consider their products and services for checking the location of their
data, in respect to cyber security regulations and risks. It is quite vital for them to evaluate
and increase the regulations such as GDPR, which emerge from the political issues and
country’s political background. Although, these threats are often avoided and are not
considered to be important, they could bring major issues and ABCT might not be able to
deal with the consequences (Craigen, Diakun-Thibault & Purse, 2014).
Cybersecurity is the protection of information/data, assets, services, and systems of value to
reduce the probability of loss, damage/corruption, compromise, or misuse to a level
commensurate with the value assigned.
Cybersecurity is a collection of interacting processes intended to protect cyberspace and
cyberspace-enabled systems (collectively resources) from intentional actions designed to
misalign actual resource property rights from the resource owner perceived property rights.
The entire network or VPN might be locked and they would not be able to extract
their data. Technique is to get into the network and then using encryption for jamming the
same.
iv) Cross Site Scripting: XSS or cross site scripting attack mainly allows the hackers
to utilize organisational web sites for accomplishing untrusted codes within browser of victim
might make it easier for the criminal for interacting with users and then steal the information
of cookie that is being utilized for authentication as well as hijacking the respective web site
without any type of authorisations (Elmaghraby & Losavio, 2014).
CYBER SECURITY
The technique is extremely simple as the hacker hacks into the system and takes
control of all confidential data.
iii) Geopolitical Risks: This is the third common type of emerging threat that might
affect ABC Technologies’ networks and systems to a major level (Ben-Asher & Gonzalez,
2015).
An attacker outside the corporation may try to gain access to the corporate network in order
to obtain confidential information or to compromise an essential service. For this, the
attacker can follow an attack called ‘‘island-hopping’’ attack, where the web server is
compromised first, and then it is used to originate attacks on the file server or on the
company workstations.
They should consider their products and services for checking the location of their
data, in respect to cyber security regulations and risks. It is quite vital for them to evaluate
and increase the regulations such as GDPR, which emerge from the political issues and
country’s political background. Although, these threats are often avoided and are not
considered to be important, they could bring major issues and ABCT might not be able to
deal with the consequences (Craigen, Diakun-Thibault & Purse, 2014).
Cybersecurity is the protection of information/data, assets, services, and systems of value to
reduce the probability of loss, damage/corruption, compromise, or misuse to a level
commensurate with the value assigned.
Cybersecurity is a collection of interacting processes intended to protect cyberspace and
cyberspace-enabled systems (collectively resources) from intentional actions designed to
misalign actual resource property rights from the resource owner perceived property rights.
The entire network or VPN might be locked and they would not be able to extract
their data. Technique is to get into the network and then using encryption for jamming the
same.
iv) Cross Site Scripting: XSS or cross site scripting attack mainly allows the hackers
to utilize organisational web sites for accomplishing untrusted codes within browser of victim
might make it easier for the criminal for interacting with users and then steal the information
of cookie that is being utilized for authentication as well as hijacking the respective web site
without any type of authorisations (Elmaghraby & Losavio, 2014).
14
CYBER SECURITY
As to “cyber privacy” the legal regime is further defined by related, analogous statues that
may prohibit unauthorized access to a computer, a network and related data, unauthorized
interception of, interference with or transmission of data and unauthorized data processing
and analytics of a data collection. Routine activities theory suggests, distributed security
services and responsibilities. It delineates that three elements promote a criminal act: a
motivated offender, a suitable target and the absence of a capable guardian. The confluence
of these elements in everyday activities increases the likelihood of crime; the absence of an
element decreases it.
This is often termed as one of the most significant attacks that might cause major
vulnerability in ABCT. As soon as the cookie information would be stolen, the entire activity
of ABCT would be exposed completely.
v) Mobile Malware: The final type of significant emerging threat that could be
extremely vulnerable for ABCT is mobile malware. These mobile devices are termed as the
top most attack targets that eventually extracts information completely from the systems and
privacy concerns might arise during deployment of mobile device management (Hahn,
Ashok, Sridhar & Govindarasu, 2013).
Cyber security compliance requirements (e.g., NERC CIP) are becoming increasingly
common as a means to ensure critical resources are appropriately protected. Unfortunately,
the process of evaluating security mechanisms is not well established within this
environment. The electric grid’s high availability demands and the heavy utilization of
proprietary systems limit the applicability of common vulnerability scanning techniques.
Since the effectiveness of compliance depends heavily on the security validation process,
effective methods are required to ensure requirements are appropriately enforced. Testbed
environments that implement industry standard software and configurations can help
understand both impacts and effectiveness of traditional security assessment techniques
while also presenting an environment where new methods can be explored.
The customers often contact with ABCT through mobile devices and with the
involvement of this particular security threat, might lose their privacy and security of mobile
data or information. The hackers mainly execute this threat by hacking mobile phones and
inserting malware within it.
CYBER SECURITY
As to “cyber privacy” the legal regime is further defined by related, analogous statues that
may prohibit unauthorized access to a computer, a network and related data, unauthorized
interception of, interference with or transmission of data and unauthorized data processing
and analytics of a data collection. Routine activities theory suggests, distributed security
services and responsibilities. It delineates that three elements promote a criminal act: a
motivated offender, a suitable target and the absence of a capable guardian. The confluence
of these elements in everyday activities increases the likelihood of crime; the absence of an
element decreases it.
This is often termed as one of the most significant attacks that might cause major
vulnerability in ABCT. As soon as the cookie information would be stolen, the entire activity
of ABCT would be exposed completely.
v) Mobile Malware: The final type of significant emerging threat that could be
extremely vulnerable for ABCT is mobile malware. These mobile devices are termed as the
top most attack targets that eventually extracts information completely from the systems and
privacy concerns might arise during deployment of mobile device management (Hahn,
Ashok, Sridhar & Govindarasu, 2013).
Cyber security compliance requirements (e.g., NERC CIP) are becoming increasingly
common as a means to ensure critical resources are appropriately protected. Unfortunately,
the process of evaluating security mechanisms is not well established within this
environment. The electric grid’s high availability demands and the heavy utilization of
proprietary systems limit the applicability of common vulnerability scanning techniques.
Since the effectiveness of compliance depends heavily on the security validation process,
effective methods are required to ensure requirements are appropriately enforced. Testbed
environments that implement industry standard software and configurations can help
understand both impacts and effectiveness of traditional security assessment techniques
while also presenting an environment where new methods can be explored.
The customers often contact with ABCT through mobile devices and with the
involvement of this particular security threat, might lose their privacy and security of mobile
data or information. The hackers mainly execute this threat by hacking mobile phones and
inserting malware within it.
15
CYBER SECURITY
Conclusion
Thus, from this discussion, conclusion could be derived that cyber-security is referred
to as an important and significant requirement that is vital to maintain proper effectiveness
and efficiency in the organization. It is the subsequent security of few computers or systems
from either damages or theft towards the software, hardware as well as electronic data so that
disruption or misdirection of services is being stopped under every circumstance. This
particular field is eventually growing in the importance, for the core reason of incrementing
reliance over computer systems, wireless networks such as Wi-Fi or Bluetooth and even
Internet connection. Internet of Things is the next significant technology that has paved ways
for cyber threats or attacks and it is quite vital for ensuring that the respective organization is
gaining safety and security.
Cyber security ensures that any type of attack or vulnerability is being well eradicated
without much complexity and thus organizational design, implementation, operation or
internal controls are not affected by such distinctive cyber threats. Such cyber threats can
undertake several forms such as ransomware, application attack, phishing, malware, exploit
kits and many more. The rapid growth of cyber attacks has led to the inclusion of BYOD or
bring your own device policy in business and thus ensuring that every cyber threat is being
avoided in the most effective manner. The above provided report has properly demonstrated
about the entire case study of ABC Technologies with proper details. Three security
vulnerability and five different kinds of developing threats are provided for this organization
with three relevant recommendations.
Recommendations
Three effective and important recommendations for protection of home or office from
cyber attacks on the basis of analysis done are as follows:
i) Securing Wireless Networks: This is the first recommendation to secure home and
office from cyber attacks. A proper encryption of wireless network is required to keep
company data effective. Moreover, strong AES encryption should be utilized for providing
better security from these attacks and hence users’ access to safer websites should be filtered.
ii) Regular Up Gradations of Software: Regular up gradation of software is the
second important and significant recommendation for securing both home and office. This
helps to lessen the high chances of successful cyber attack and cyber criminals would not
become successful.
CYBER SECURITY
Conclusion
Thus, from this discussion, conclusion could be derived that cyber-security is referred
to as an important and significant requirement that is vital to maintain proper effectiveness
and efficiency in the organization. It is the subsequent security of few computers or systems
from either damages or theft towards the software, hardware as well as electronic data so that
disruption or misdirection of services is being stopped under every circumstance. This
particular field is eventually growing in the importance, for the core reason of incrementing
reliance over computer systems, wireless networks such as Wi-Fi or Bluetooth and even
Internet connection. Internet of Things is the next significant technology that has paved ways
for cyber threats or attacks and it is quite vital for ensuring that the respective organization is
gaining safety and security.
Cyber security ensures that any type of attack or vulnerability is being well eradicated
without much complexity and thus organizational design, implementation, operation or
internal controls are not affected by such distinctive cyber threats. Such cyber threats can
undertake several forms such as ransomware, application attack, phishing, malware, exploit
kits and many more. The rapid growth of cyber attacks has led to the inclusion of BYOD or
bring your own device policy in business and thus ensuring that every cyber threat is being
avoided in the most effective manner. The above provided report has properly demonstrated
about the entire case study of ABC Technologies with proper details. Three security
vulnerability and five different kinds of developing threats are provided for this organization
with three relevant recommendations.
Recommendations
Three effective and important recommendations for protection of home or office from
cyber attacks on the basis of analysis done are as follows:
i) Securing Wireless Networks: This is the first recommendation to secure home and
office from cyber attacks. A proper encryption of wireless network is required to keep
company data effective. Moreover, strong AES encryption should be utilized for providing
better security from these attacks and hence users’ access to safer websites should be filtered.
ii) Regular Up Gradations of Software: Regular up gradation of software is the
second important and significant recommendation for securing both home and office. This
helps to lessen the high chances of successful cyber attack and cyber criminals would not
become successful.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16
CYBER SECURITY
iii) Doing Hardware Assessments: The hardware assessments should be done
properly so that they do not comprise of any malicious entity such as virus or malware and
hence the inventory of key assets, infrastructure, systems and data would be secured and safe.
CYBER SECURITY
iii) Doing Hardware Assessments: The hardware assessments should be done
properly so that they do not comprise of any malicious entity such as virus or malware and
hence the inventory of key assets, infrastructure, systems and data would be secured and safe.
17
CYBER SECURITY
References
Abawajy, J. (2014). User preference of cyber security awareness delivery
methods. Behaviour & Information Technology, 33(3), 237-248. Retrieved from
https://sci-hub.tw/https://doi.org/10.1080/0144929X.2012.708787
Abomhara, M. (2015). Cyber security and the internet of things: vulnerabilities, threats,
intruders and attacks. Journal of Cyber Security and Mobility, 4(1), 65-88. Retrieved
from https://www.riverpublishers.com/journal_read_html_article.php?j=JCSM/4/1/4
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security awareness campaigns: Why do
they fail to change behaviour?. arXiv preprint arXiv:1901.02672. Retrieved from
https://arxiv.org/ftp/arxiv/papers/1901/1901.02672.pdf
Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, 51-61. Retrieved from https://sci-
hub.tw/https://doi.org/10.1016/j.chb.2015.01.039
Buczak, A. L., & Guven, E. (2015). A survey of data mining and machine learning methods
for cyber security intrusion detection. IEEE Communications Surveys &
Tutorials, 18(2), 1153-1176. Retrieved from
https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7307098
Cavelty, M. D. (2014). Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and engineering ethics, 20(3), 701-715. Retrieved
from
https://www.researchgate.net/profile/Saeed_Ullah_Jan2/post/What_are_current_trendi
ng_topics_in_Cybersecurity/attachment/5a72e68c4cde266d5887ee48/AS
%3A589166148587521%401517479564706/download/02.pdf
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K.
(2016). A review of cyber security risk assessment methods for SCADA
systems. Computers & security, 56, 1-27. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167404815001388
Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining cybersecurity. Technology
Innovation Management Review, 4(10). Retrieved from
https://timreview.ca/article/835
CYBER SECURITY
References
Abawajy, J. (2014). User preference of cyber security awareness delivery
methods. Behaviour & Information Technology, 33(3), 237-248. Retrieved from
https://sci-hub.tw/https://doi.org/10.1080/0144929X.2012.708787
Abomhara, M. (2015). Cyber security and the internet of things: vulnerabilities, threats,
intruders and attacks. Journal of Cyber Security and Mobility, 4(1), 65-88. Retrieved
from https://www.riverpublishers.com/journal_read_html_article.php?j=JCSM/4/1/4
Bada, M., Sasse, A. M., & Nurse, J. R. (2019). Cyber security awareness campaigns: Why do
they fail to change behaviour?. arXiv preprint arXiv:1901.02672. Retrieved from
https://arxiv.org/ftp/arxiv/papers/1901/1901.02672.pdf
Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, 51-61. Retrieved from https://sci-
hub.tw/https://doi.org/10.1016/j.chb.2015.01.039
Buczak, A. L., & Guven, E. (2015). A survey of data mining and machine learning methods
for cyber security intrusion detection. IEEE Communications Surveys &
Tutorials, 18(2), 1153-1176. Retrieved from
https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7307098
Cavelty, M. D. (2014). Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and engineering ethics, 20(3), 701-715. Retrieved
from
https://www.researchgate.net/profile/Saeed_Ullah_Jan2/post/What_are_current_trendi
ng_topics_in_Cybersecurity/attachment/5a72e68c4cde266d5887ee48/AS
%3A589166148587521%401517479564706/download/02.pdf
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K.
(2016). A review of cyber security risk assessment methods for SCADA
systems. Computers & security, 56, 1-27. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167404815001388
Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining cybersecurity. Technology
Innovation Management Review, 4(10). Retrieved from
https://timreview.ca/article/835
18
CYBER SECURITY
Dunn Cavelty, M. (2013). From cyber‐bombs to political fallout: Threat representations with
an impact in the cyber‐security discourse. International Studies Review, 15(1), 105-
122. Retrieved from
https://www.researchgate.net/profile/Myriam_Dunn_Cavelty/publication/
251347497_From_Cyber-Bombs_to_Political-
Fallout_Threat_Representations_with_an_Impact/links/
0f317537c59561ad60000000.pdf
Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in Smart Cities:
Safety, security and privacy. Journal of advanced research, 5(4), 491-497. Retrieved
from https://www.sciencedirect.com/science/article/pii/S2090123214000290
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support
approaches for cyber security investment. Decision Support Systems, 86, 13-23.
Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167923616300239
Hahn, A., Ashok, A., Sridhar, S., & Govindarasu, M. (2013). Cyber-physical security
testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions
on Smart Grid, 4(2), 847-855. Retrieved from
http://powercybersec.ece.iastate.edu/powercyber/download/publications/13.pdf
Hong, J., Liu, C. C., & Govindarasu, M. (2014). Integrated anomaly detection for cyber
security of the substations. IEEE Transactions on Smart Grid, 5(4), 1643-1653.
Retrieved from https://informationsecurity.report/Resources/Whitepapers/dcd5404b-
ab07-4193-a807-b0c8f230d838_integrated%20ADS.pdf
Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P., & Jones, K. (2015). A survey of
cyber security management in industrial control systems. International journal of
critical infrastructure protection, 9, 52-80. Retrieved from
https://daneshyari.com/article/preview/275730.pdf
Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M., & Liu, M. (2015).
Cloudy with a chance of breach: Forecasting cyber security incidents. In 24th
{USENIX} Security Symposium ({USENIX} Security 15) (pp. 1009-1024). Retrieved
from https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-
liu.pdf
CYBER SECURITY
Dunn Cavelty, M. (2013). From cyber‐bombs to political fallout: Threat representations with
an impact in the cyber‐security discourse. International Studies Review, 15(1), 105-
122. Retrieved from
https://www.researchgate.net/profile/Myriam_Dunn_Cavelty/publication/
251347497_From_Cyber-Bombs_to_Political-
Fallout_Threat_Representations_with_an_Impact/links/
0f317537c59561ad60000000.pdf
Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in Smart Cities:
Safety, security and privacy. Journal of advanced research, 5(4), 491-497. Retrieved
from https://www.sciencedirect.com/science/article/pii/S2090123214000290
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support
approaches for cyber security investment. Decision Support Systems, 86, 13-23.
Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167923616300239
Hahn, A., Ashok, A., Sridhar, S., & Govindarasu, M. (2013). Cyber-physical security
testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions
on Smart Grid, 4(2), 847-855. Retrieved from
http://powercybersec.ece.iastate.edu/powercyber/download/publications/13.pdf
Hong, J., Liu, C. C., & Govindarasu, M. (2014). Integrated anomaly detection for cyber
security of the substations. IEEE Transactions on Smart Grid, 5(4), 1643-1653.
Retrieved from https://informationsecurity.report/Resources/Whitepapers/dcd5404b-
ab07-4193-a807-b0c8f230d838_integrated%20ADS.pdf
Knowles, W., Prince, D., Hutchison, D., Disso, J. F. P., & Jones, K. (2015). A survey of
cyber security management in industrial control systems. International journal of
critical infrastructure protection, 9, 52-80. Retrieved from
https://daneshyari.com/article/preview/275730.pdf
Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M., & Liu, M. (2015).
Cloudy with a chance of breach: Forecasting cyber security incidents. In 24th
{USENIX} Security Symposium ({USENIX} Security 15) (pp. 1009-1024). Retrieved
from https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-
liu.pdf
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19
CYBER SECURITY
Luiijf, E., Besseling, K., & De Graaf, P. (2013). Nineteen national cyber security
strategies. International Journal of Critical Infrastructures 6, 9(1-2), 3-31. Retrieved
from https://informationsecurity.report/Resources/Whitepapers/cf8d0895-e0c8-4256-
8b12-bdd2eb0f9358_543545380cf2bf1f1f286509.pdf
Sou, K. C., Sandberg, H., & Johansson, K. H. (2013). On the exact solution to a smart grid
cyber-security analysis problem. IEEE Transactions on Smart Grid, 4(2), 856-865.
Retrieved from https://arxiv.org/pdf/1201.5019.pdf
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167404813000801
Wang, W., & Lu, Z. (2013). Cyber security in the smart grid: Survey and
challenges. Computer networks, 57(5), 1344-1371. Retrieved from https://sci-
hub.tw/https://doi.org/10.1016/j.comnet.2012.12.017
Wells, L. J., Camelio, J. A., Williams, C. B., & White, J. (2014). Cyber-physical security
challenges in manufacturing systems. Manufacturing Letters, 2(2), 74-77. Retrieved
from https://www.sciencedirect.com/science/article/pii/S2213846314000066
CYBER SECURITY
Luiijf, E., Besseling, K., & De Graaf, P. (2013). Nineteen national cyber security
strategies. International Journal of Critical Infrastructures 6, 9(1-2), 3-31. Retrieved
from https://informationsecurity.report/Resources/Whitepapers/cf8d0895-e0c8-4256-
8b12-bdd2eb0f9358_543545380cf2bf1f1f286509.pdf
Sou, K. C., Sandberg, H., & Johansson, K. H. (2013). On the exact solution to a smart grid
cyber-security analysis problem. IEEE Transactions on Smart Grid, 4(2), 856-865.
Retrieved from https://arxiv.org/pdf/1201.5019.pdf
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber
security. computers & security, 38, 97-102. Retrieved from
https://www.sciencedirect.com/science/article/pii/S0167404813000801
Wang, W., & Lu, Z. (2013). Cyber security in the smart grid: Survey and
challenges. Computer networks, 57(5), 1344-1371. Retrieved from https://sci-
hub.tw/https://doi.org/10.1016/j.comnet.2012.12.017
Wells, L. J., Camelio, J. A., Williams, C. B., & White, J. (2014). Cyber-physical security
challenges in manufacturing systems. Manufacturing Letters, 2(2), 74-77. Retrieved
from https://www.sciencedirect.com/science/article/pii/S2213846314000066
1 out of 20
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.