Cyber-Risk Assessment and Incident Management

Verified

Added on  2019/09/30

|13
|4898
|279
Report
AI Summary
The report found that most organizations have not incorporated cyber risk into their vulnerability management program, emphasizing the importance of assessing and improving cybersecurity posture. It also highlights the need to prioritize IT issues based on risk analysis and to apply incident management practices such as offering multiple modes for incident logging, automatically categorizing and prioritizing incidents, managing SLAs, and creating unique workflows for major incidents.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
DIPLOMA IN
NETWORKING (LEVEL 7)
INFORMATION SECURITY
Name
[Email address]
ASSESSMENT 2- Case Study Base

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Task 1. Based on the case study, identify and analyse at least four (4) components of
information security risk management that the Te Mata Estate company could have
applied in response to security breaches of its system.
Ans. As mention in above case study of “Te Mata Estate company” that one of the
employees shared some sensitive information to a hacker in exchange of money, so there is
need to follow these component as I mention below.
Identify — In this part our aim to develop an understanding of the cybersecurity risks
to systems, people, assets, data and capabilities. Need to aware our staff members
about the hacking and how it is so risky to share a little bit of company data to a
stranger. Understanding the business context, current business needs and related risks
helps organizations determine threats and assign prioritize to their security efforts.
Protect — Organizations implement appropriate safeguards and security controls to
protect their most critical assets against cyber threats. For Example, here we can apply
identity management system (Like ISE 2.0 identity service Engine), that is very
popular now a days and need to parallel apply some access control policies on
network devices to set privileges, role and rules and keep promoting /awareness and
provide training to staff.
Detect — Organizations need to quickly detect events that could pose risks to data
security with the help of some security device like IDS (intrusion Detection System)
helps to quickly detect intrusion on network (As it was an old technique). Usually
organizations rely on continuous security monitoring by some monitoring tools and
incident detection techniques and remedy tools. Organizations take action against a
detected cybersecurity easily if they have some auto prevention system Example IPS
(intrusion prevention System),Its not only detect but also prevent from unnecessary
attacks/ malware as it is embedded by AMP (Advanced malware protection ) that
is always connected with Cloud to update the latest signature of worms etc.
Recover — Organizations develop and implement activities to restore capabilities by
having some personal data centre services that were impacted by a security incident.
This group of activities aims at supporting timely recovery to normal operations to
reduce the impact from attack, it also includes recovery planning, improvements (e.g.,
introduction of new policies or updates to existing policies).
(Reference – CCNP Security SIAS)
1 | P a g e
Document Page
Task 2. You are working as a security expert, evaluate whether the Te Mata Estate
company has followed the recommended assurance and compliance components in
enhancing the system security. At least three (3) components to be evaluated.
Ans. There are three components that Te Mata Estate company shall followed to enhancing
the system security breaches are:
1. Confidentiality:
When protecting information, we want to be able to restrict access to those who can see it,
everyone else should be disallowed from learning anything about its contents. This is the
essence of confidentiality. For example, federal law requires that company restrict access
to unauthenticated user of sensitive information. The company must be sure that only
those who are authorized have access to view data / files.
2. Integrity:
Integrity is the assurance that the information being accessed has not been altered and truly
represents what is intended. Just as a person with integrity means what he or she says and can
be trusted to consistently represent the truth, information integrity means information truly
represents its intended meaning. Information can lose its integrity through malicious intent,
such as when someone who is not authorized makes a change in function to intentionally
down something. An example of this would be when a hacker is hired to go into the
company’s system and shoot an attack in system to downgrade it.
3. Authentication:
The most common way to identify someone is through their physical appearance, but how do
we identify someone sitting behind a computer screen or any system. Tools for authentication
are used to ensure that the person accessing the information is, indeed, who they present
themselves to be. Authentication can be accomplished by identifying someone through one or
more of three factors: something they know, something they have, or something they are.
For example, the most common form of authentication today is the user ID and password.
In this case, the authentication is done by confirming something that the user knows (their ID
and password). But after successfully authentication next step is to push user an
authorization policy with access list.
(Reference CCNA – security)
2 | P a g e
Document Page
Task 3.
a. Select three (3) information security risk management controls and three standards.
b. Identify and analyse these six controls and standards, which the Te Mata Estate
company could have utilised prior to setting up the information system.
Ans. Three information security risk management controls are:
IT Security Policies- This document sets the baseline standards of IT security policy for
Government bureaux/departments. It states what aspects are of paramount importance.
IT Security Guidelines: The document says on the policy requirements and sets the
implementation standard on the security requirements specified in the Baseline IT Security
Policy.
Security Risk Assessment - This document provides the practical guidance and reference
for security risk assessment & audit in the Government.
Three information security risk Standard are:
ISO 27001- This document provides the ISO standards of the requirements for establishing,
implementing, maintaining and continually improving an information security management
system within the context of the organization.
COBIT - The Control Objectives for Information and related Technology (COBIT) is
published by the Standards Board of Information Systems Audit and Control Association
(ISACA) providing a control framework for the governance and management of enterprise
IT.
ITIL - This document introduces a collection of best practices in IT service management
(ITSM) and focuses on the service processes of IT and considers the central role of the user.
A company (Like Te Mata Estate) can utilise these controls and Standard by:
Follow the policies and stay to the policies:
The organization should establish, implement and maintenance the policies and Guidelines
about the information security. This is to ensure the employees follow the rules to access to
the information. Information security policies are very important in the organization because
the information security policy will state the information security requirements.
Hiring the qualification employees:
To protect and secure the confidential information well, the organization should hire the IT
experts and employee that have the right qualification or certified like (CCIE /ITIL etc)
3 | P a g e

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
to protect the data. This is to ensure the employee know what to do if problem occurs and to
protect the data as well. Besides that, the IT expert or the qualification staff have better
understanding of information security and know the steps to ensure the information is always
keeping safely.
Task 4. Based on the case study, the incident (unethical hacking) which took place in
2008, evaluate how ethical hacking could have helped overcome Te Mata company
system breach.
Ans. First we must go through it “What is Hacker or what its shades”
Hackers may be good or bad depending upon the intentions or motivation behind their work.
Black Hat Hacker (unethical Hacker)
A black hat hacker is also known as a cracker, as these kinds of hackers possess a piece of
good knowledge in computer networking, Network protocols, and system administration, but
these kinds of hackers are a reason for cybercrime as they hack the systems for unethical
reasons.
White Hat Hacker (Ethical Hacker)
A white hat hacker is the opposite version of the Blackhat hacker, these hackers possess the
same amount of knowledge as black hat hackers, but they use the knowledge in an ethical
way, and they are network security professional so known as ethical hackers.
The ethical hacker works according to the ethics of hacking and protect the interest of
individuals (like Te Mata company system) on the internet as they are the cybersecurity
professional. Ethical hacking is the authorized way of gaining permission for the same.
Ethical hackers are involved in an organization to penetrate networks and systems with the
purpose of discovering the vulnerabilities and fixing them. The role of the ethical hacker is
like that of a penetration tester, but they break into the systems legally and ethically.
As ethical hacking is likely to be done with the permission of the victim or the targeted
system, the only way to tackle black hat hacking is tackling it through ethical hacking.
(Reference - Linux Red Hat)
Task 5. Based on the case study, the security breach that took place in 2011 is an
example of a Social engineering technique known as phishing. Identify and analyse how
phishing takes place and the counter measures that can be applied to protect the
company.
Ans. Phishing is a method of trying to gather personal information using deceptive e-mails and
websites. Phishing is a cyber-attack that uses disguised email as a weapon. The goal is to trick the
email recipient into believing that the message is something they want or need — a request from their
4 | P a g e
Document Page
bank, for instance, or a note from someone in their company — and to click a link or download an
attachment. Phishing take place with a help of phishing kit bundles phishing website resources and
tools that need only be installed on a server. Once installed, all the attacker needs to do is send out
emails to potential victims.
But we have counter measure that helps to protect over these attacks are:
1. Inbound email sandboxing
Deploy a solution that checks the safety of an emailed link when a user clicks on it. This
protects against a new phishing tactic that I've seen from cybercriminals. Bad guys send a
brand-new URL in an email to their targets to get through the organization's email security.
The other tactic is when they inject malicious code into the website right after delivery of the
email URL. This URL will get past any standard spam solution.
2. Real-time analysis and inspection of your web traffic
First, stop malicious URLs from even getting to your users' corporate inboxes at your
gateway. Even if you have inbound email sandboxing for your corporate email, some users
might click on a malicious link through a personal email account, like Gmail. In that case,
your corporate email spear-phishing protection is unable to see the traffic. Bottom line: your
web security gateway needs to be intelligent, analyse content in real time, and be 98 percent
effective at stopping malware.
3. Security awareness training.
Teach your employees what good emails look like. Try to teach and show people what bad
emails tend to look like. To coincide with that teaching is testing. Perform phishing attempts
against your own staff to gauge their level of sophistication handling phishing attempts. This
will help you know if your staff is ready to handle such intrusion. Also test your management
to see if they are adequately enforcing the policies.
(Reference CCNA – security)
Task 6. Identify and analyse at least three (3) approaches that the Te Mata Estate
company could have adopted to improve the security of network components to prevent
future security breaches.
Ans. Three Approaches that the Te Mata Estate Company should have adopted to Improve
the security of network components to prevent future security.
5 | P a g e
Document Page
1. Password Security:
Good password policies must be put in place in order to ensure that passwords cannot be
compromised. Below are some of the more common policies that organizations should
put in place.
Require complex passwords. One reason password is compromised is that they can be
easily guessed. A recent study found that the top three passwords people used in 2012
were password, 123456 and 12345678. A password should not be simple, or a word
that can be found in a dictionary.
Change passwords regularly. It is essential that users change their passwords on a
regular basis. Users should change their passwords every sixty to ninety days, ensuring
that any passwords that might have been stolen or guessed will not be able to be used
against the company.
Train employees not to give away passwords. One of the primary methods that is used
to steal passwords is to simply figure them out by asking the users or administrators.
Pretexting occurs when an attacker calls a helpdesk or security administrator and
pretends to be an authorized user having trouble logging in.
2. Apply Firewalls:
Another method that an organization should use to increase security on its network is a
firewall. A firewall can exist as hardware or software (or both). A hardware firewall is
a device that is connected to the network and filters the packets based on a set of rules.
A software firewall runs on the operating system and intercepts packets as they arrive
to a computer. A firewall protects all company servers and computers by stopping
packets from outside the organization’s network that do not meet a strict set of criteria.
3. Work on Virtual Private Networks:
Using firewalls and other security technologies, organizations can effectively protect
many of their information resources by making them invisible to the outside world.
But what if an employee working from home requires access to some of these
resources? What if a consultant is hired who needs to do work on the internal
corporate network from a remote location? In these cases, a virtual private network
(VPN) is called for.
A VPN allows a user who is outside of a corporate network to take a detour around the
firewall and access the internal network from the outside. Through a combination of
software and security measures, this lets an organization allow limited access to its
networks while at the same time ensuring overall security.
(Reference CCNP Secure-VPN/ASA)
Task 7. The finance department has to decide, based on an email, whether a breach in
the communication has occurred between the company and suppliers. Evaluate at least
three (3) recommendations/solutions that could be given to the company regarding the
security of communication and channels.
6 | P a g e

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Ans. The Three solution that help to company financial department regarding security of
communication are:
1. Verify a Site’s Security It’s natural to be a little wary about supplying sensitive
financial information online. As long as you are on a secure website, however, you
shouldn’t run into any trouble. Before submitting any information, make sure the site’s
URL begins with “https” and there should be a closed lock icon near the address bar.
Check for the site’s security certificate as well. If you get a message stating a certain
website may contain malicious files, do not open the website. Never download files from
suspicious emails or websites. Even search engines may show certain links which may
lead users to a phishing webpage which offers low cost products. If the user makes
purchases at such a website, the credit card details will be accessed by cybercriminals.
2. Check Your Online Accounts Regularly – If you don’t visit an online account for a
while, someone could be having a field day with it. Even if you don’t technically need to,
check in with each of your online accounts on a regular basis. Get into the habit of changing
your passwords regularly too. To prevent bank phishing and credit card phishing scams, you
should personally check your statements regularly. Get monthly statements for your financial
accounts and check each entry carefully to ensure no fraudulent transactions have been made
without your knowledge.
3. Use Next Generation Firewalls for All Departments – Next–generation firewalls
act as buffers between you, your computer and outside intruders. You should use two
different kinds: a desktop firewall and a network firewall. The first option is a type of
software, and the second option is a type of hardware. When used together, they drastically
reduce the odds of hackers and phishers infiltrating your computer or your network.
(Reference – CCIE Security Development)
Task 8. Identify and analyse at least three (3) components of information security
operations that could have been utilised by the company in enhancing the system
security after the 2008 incident.
Ans. Three components of information security operation for system security is AAA model
that we can use for Company in enhancing the system security after 2008 down fall.
Authentication:
Authentication is important because it enables organizations to keep their networks secure by
permitting only authenticated users (or processes) to access its protected resources, which
may include computer systems, networks, databases, websites and other network-based
applications or services.
Once authenticated, a user or process is usually subjected to an authorization process as well,
to determine whether the authenticated entity should be permitted access to a protected
resource or system. A user can be authenticated but fail to be given access to a resource if
that user was not granted permission to access it.
Authorization:
7 | P a g e
Document Page
Authorization refers to the process of adding or denying individual user access to a computer
network and its resources. Users may be given different authorization levels that limit their
access to the network and associated resources. Authorization determination may be based on
geographical location restrictions, date or time-of-day restrictions, frequency of logins or
multiple logins by single individuals or entities. Other associated types of authorization
service include route assignments, IP address filtering, bandwidth traffic management and
encryption.
Accounting:
Accounting refers to the record-keeping and tracking of user activities on a computer
network. For a given time period this may include, but is not limited to, real-time accounting
of time spent accessing the network, the network services employed or accessed, capacity and
trend analysis, network cost allocations, billing data, login data for user authentication and
authorization, and the data or data amount accessed or transferred.
(Reference CCNA – security)
Task 9. The Te Mata Estate company could have avoided the 2008 incident by utilising
vulnerabilities assessment and testing. Critically analyse how this assessment and
testing is implemented for a security system.
Ans. This Assessment can help to this company in several points:
1.Fully discover your attack surface—everything that touches your network, and every
way it might get attacked.
Organizations must cover all internal, cloud, and third-party IT assets that touch their
network and could act as an entry point for cybercriminals. This includes servers,
applications, managed IT infrastructure, and cloud assets, but also BYOD (Bring Your own
Device), Internet of Things (IoT) devices, industrial control systems (ICS), and third-party
assets from other business partners, the report noted. Businesses should also be aware of the
more than 200+ attack vectors, including phishing and malware, that could lead to an attack.
2. Understand your overall cyber-risk and the specific business risk of each asset if it
were breached.
Most organizations have not incorporated cyber risk into their vulnerability management
program, the report found. Adding the ability to assess the cyber risk of every asset touching
your network can help determine the total cyber risk of your enterprise, and ways to assess
and improve your cybersecurity posture.
3.Use risk-based analysis to prioritize to fixed issue and IT teams should work on,
postpone, and ignore.
8 | P a g e
Document Page
Since most organizations reported a gap between the number of security alerts received and
the resources available to work through them, understanding your device and cyber risks can
help prioritize what issues to fix in what order, including unpatched software, password
issues, and misconfigurations.
(Reference – Self)
Task 10. Identify and analyse at least four (4) incident management practices that the
company could have applied in the 2008 incident.
Ans. The best incident management practices that the company should have applied in
the 2008 incident.
1. Offer multiple modes for incident logging.
An incident can be logged through phone calls, emails, SMS, web forms published on
the self-service portal or via live chat messages, so that associate can log a ticket by
multiple option without wasting precious time.
2. Automatically categorize and prioritize IT incidents.
Incidents can be categorized and sub-categorized based on the area of IT or business
that the incident causes a disruption in like network, hardware etc
The priority of an incident can be determined as a function of its impact and urgency
using a priority matrix. The impact of an incident denotes the degree of damage the
issue will cause to the user or business. The urgency of an incident indicates the time
within which the incident should be resolved. Based on the priority, incidents can be
categorized as Low, High, Moderate and Critical.
3. SLA management and escalation.
While the incident is being processed, the technician needs to ensure the SLA isn't
breached. An SLA is the acceptable time within which an incident needs response
(response SLA) or resolution (resolution SLA). SLAs can be assigned to incidents
based on their parameters like category, requester, impact, urgency etc. In cases where
an SLA is about to be breached or has already been breached, the incident can be
escalated functionally or hierarchically to ensure that it is resolved at the earliest.
4. Handle major incidents by creating unique workflows.
This plays a key role in the process of incident management by monitoring how
effective the process is, recommending improvements, and ensuring the process is
followed, among other responsibilities.
(Refence- ITIL Service Management Guide)
Task 11. As an IT professional working for the Te Mata Estate company, identify and
analyse at least four (4) Codes of Professional Practice of IT Professionals in New
9 | P a g e

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Zealand that are deemed appropriate while responding to the various security breaches
in the company.
Ans. The codes of Professional Practice of IT Professionals are:
1.Relationship Management:
When Seeking to new Customers it ensures that a common understanding exists throughout
the organisation of its corporate objectives, market position, product lines and development
plans and that these form the basis of marketing strategy.
When Selling to Prospective Customers Do not overstate the capabilities, performance and
benefits of the proposed products or services. Ensure the organisation has the necessary
resources available to deliver on schedule. Make your prospective client aware of any risks in
your proposed solution.
Assure yourself that your prospective client will have or have access to the necessary skills,
equipment and organisation to make effective use of your proposed solution. Identify to your
prospective client any additional costs or changes necessary to make effective use of the
proposed products and services.
2. Security
Maintain a thorough understanding of relevant regulations and guidelines. Keep up to date
with the threats, vulnerabilities to those threats and the range of countermeasures available to
avoid, reduce or transfer risk.
Resist any pressure to oversimplify the risk analysis; involve personnel at all levels within the
organisation to elicit the threats and the vulnerabilities to those threats. Ensure that the
decision-makers are fully aware of all the relevant facts and the possible consequences of
their decisions.
3.Safety Engineering
At all times, take all reasonable care to ensure that your work and the consequences of your
work cause no unacceptable risk to safety. Take all reasonable steps to make your
management, and those to whom they have a duty of care, aware of the risks you identify;
make anyone overruling or neglecting your professional advice formally aware of the
consequent risks. When Building a System, beware of novel approaches to specification,
design and implementation of knowledge-based computing and control systems; be attentive
to their attendant problems of verification, validation and the effect on safety- related
operation.
4.Quality Management
Express the organisation's commitment to quality through a clear and concisely written
quality policy. Make all members of the organisation aware of the quality policy. Provide a
means for all members of the organisation to find standards and procedures applicable to their
work. Make a clear distinction between mandatory, optional and advisory standards.
10 | P a g e
Document Page
When Constructing New Quality Standards Involve those who will follow the new standards
in the writing and reviewing. Keep the language simple avoid jargon wherever possible.
(Reference - IITP Code of Good Practice circa 1972)
Task 12. Examine the IT Professionals New Zealand’s Code of Ethics and discuss how it
is related to the case study.
Ans. The Code of ethics that can relate to this case Study are:
1. Good faith – Associate shall treat people with dignity, good faith and equality, without
discrimination, and have consideration for the values and cultural sensitivities of all groups
within the community affected by their work. So that each employee should get respect in
their own domain and never pretend to do anything that is wrong in favour of company.
2. Integrity – Employers shall act in the execution of their profession with integrity, dignity
and honour to merit the trust of the community and the profession, and apply honesty, skill,
judgement and initiative to contribute positively to the well-being of company society.
3. Skills - Members shall apply their skills and knowledge in the interests of their clients or
employers for whom they will act without compromising any other of these Tenets.
Employee shall use their skills and talent in respect of company to give future benefits. A
skilled employee is always an asset for a company.
4. Continuous Development – Developers should develop their knowledge, skills and
expertise continuously through their careers, contribute to the collective wisdom of the
profession, and actively encourage their associates to do likewise. Development is very
crucial part for reducing a risk for a company.
5. Competence - Members shall follow recognised professional practice and provide services
and advice carefully and diligently only within their areas of competence.
(Reference - IITP Code of Professional Conduct)
11 | P a g e
Document Page
REFERENCES:
CCNA SECURITY – Omar Santos, CISSP No.463598
John Stuppi, CCIE No.11154, By Pearson Education Inc
CISCO ASA- Richard A. Deal, by McGraw Hill Education Limited
RED HAT LINUX ADMINISTRATION- Michael Turner, Steve Shah – By McGraw Hill
Education Limited
CCIE PROFESSIONAL DEVELOPMENT By Pearson Education Inc
Network Security Technologies and Solution – Yusuf Bhaji CCIE NO.9305
CCNP SECURITY VPN- Howard Hooper CCIE No.23470 By Pearson Education Inc
CCNP SECURITY SISAS – Aaron T. Worland, CCIE No.20113 By Pearson Education Inc
ITIL SERVICE MANAGEMENT GUIDE – Ahmad K. Shuja, CRC PRESS
IITP CODE OF GOOD PRACTICE CIRCA 1972- https://itp.nz/.org
IITP CODE OF PROFESSIONAL CONDUCT- https://itp.nz/.org
12 | P a g e
1 out of 13
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]