Hacking the Human: Analysis of a Cyber Security Breach
VerifiedAdded on  2023/04/21
|20
|6007
|115
AI Summary
This report discusses a case study on a cyber security breach at Watson's Widgets, including analysis of the breach, proposed interventions for mitigation, and ethical issues surrounding human behavior analysis.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: HACKING THE HUMAN
Hacking the Human
Name of the Student
Name of the University
Author’s Note:
Hacking the Human
Name of the Student
Name of the University
Author’s Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
HACKING THE HUMAN
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................2
Part 1: Analysis of the Breach................................................................................................2
Part 2: Proposed Interventions for Mitigating against the Attack..........................................7
Part 3: Ethical and Moral Issues for Using Human Behaviour Analysis and Modification
Techniques...........................................................................................................................14
Conclusion................................................................................................................................15
References................................................................................................................................16
HACKING THE HUMAN
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................2
Part 1: Analysis of the Breach................................................................................................2
Part 2: Proposed Interventions for Mitigating against the Attack..........................................7
Part 3: Ethical and Moral Issues for Using Human Behaviour Analysis and Modification
Techniques...........................................................................................................................14
Conclusion................................................................................................................................15
References................................................................................................................................16
2
HACKING THE HUMAN
Introduction
Cyber security or computer security can be stated as the proper protection of several
computer systems either from damage or theft to the respective software, hardware as well as
electronic data (Von Solms and Van Niekerk 2013). Moreover, the subsequent protection
from any kind of misdirection or disruption of the major services that are being provided. The
following report outlines a brief discussion on the case study of Watson’s Widgets. A proper
analysis of the breach with NIST framework, proposed interventions to mitigate such attacks
as well as ethical and moral issues to use human behaviour analysis and even modification
techniques will be described here.
Discussion
Part 1: Analysis of the Breach
An engineering firm was set by Brian Watson and recently his two sons, Davis and
Robert are running the business. Janice has started working recently and she is the Senior
admin and PA of this company. She is working excellently and is getting a generous salary.
Both David and Robert are in the process of restructuring their business in response to the
manufacturing processes since Brian had been using traditional methodologies in the start of
the business. However, while overhauling the IT systems after inclusion of cyber security
policies, they checked that there were some of the significant discrepancies in the store,
which were being traced back to their respective store manager, Jamie Smith. They were
hence forced to sack Jamie, although in deference to their father’s wishes, they allowed Jamie
Smith to resign and work with a week’s notice.
After one week of Jamie’s resignation, Janice noticed a person was wandering around
the offices near the desk of a colleague, who was on holiday. After reviewing the CCTV
footage, the management of the firm realized that this particular person was on the premises
HACKING THE HUMAN
Introduction
Cyber security or computer security can be stated as the proper protection of several
computer systems either from damage or theft to the respective software, hardware as well as
electronic data (Von Solms and Van Niekerk 2013). Moreover, the subsequent protection
from any kind of misdirection or disruption of the major services that are being provided. The
following report outlines a brief discussion on the case study of Watson’s Widgets. A proper
analysis of the breach with NIST framework, proposed interventions to mitigate such attacks
as well as ethical and moral issues to use human behaviour analysis and even modification
techniques will be described here.
Discussion
Part 1: Analysis of the Breach
An engineering firm was set by Brian Watson and recently his two sons, Davis and
Robert are running the business. Janice has started working recently and she is the Senior
admin and PA of this company. She is working excellently and is getting a generous salary.
Both David and Robert are in the process of restructuring their business in response to the
manufacturing processes since Brian had been using traditional methodologies in the start of
the business. However, while overhauling the IT systems after inclusion of cyber security
policies, they checked that there were some of the significant discrepancies in the store,
which were being traced back to their respective store manager, Jamie Smith. They were
hence forced to sack Jamie, although in deference to their father’s wishes, they allowed Jamie
Smith to resign and work with a week’s notice.
After one week of Jamie’s resignation, Janice noticed a person was wandering around
the offices near the desk of a colleague, who was on holiday. After reviewing the CCTV
footage, the management of the firm realized that this particular person was on the premises
3
HACKING THE HUMAN
all the morning. The other employees, who had spoken to him got answer that he was Sam, a
new employee and was appointed by David. When computer logs were checked, it was
realized that a new admin account was being created and the organizational employee payroll
records were copied and then sold on the dark web. After proper investigation, it was found
out that Jamie, during his last week at work had posted several posts on LinkedIn and
Facebook and was approached by Sam for sharing his employee ID and proximity pass to get
involved in illegal activity and obtain 5000 pounds.
The next week while Janice was entering her office building, a USB drive was found
on the ground and when she put it into her PC, it showed that it the files were copied and a
ransomware attack has occurred. An image showed that the attacker demanded for a certain
ransom is to be paid to decrypt the files. The organization was able to identify the point and
with a decryptor tool, was able to decrypt the files, however after losing a full day’s business.
It was found out that few workers on shop floor were members of Fantasy Football League
had the habit to check out few web sites during lunch break. A new site offering was found
out by one player and it was the source of a ransomware attack.
The above mentioned breach could be easily analysed with the help of NIST cyber
security framework (Shackelford et al. 2015). This particular framework helps in providing a
policy framework of the computer security guidance for the procedure of private sector
organizations so that could assess as well as improve the overall ability of preventing,
detecting and responding to the cyber attacks. This framework eventually provides a higher
level taxonomy of cyber security results or a methodology to manage and assess the results.
Several changes subsequently involve proper guidance on the procedure of performing self
assessments, supply chain risk management details, interaction with the supply chain
stakeholders and various others (Abawajy 2014).
HACKING THE HUMAN
all the morning. The other employees, who had spoken to him got answer that he was Sam, a
new employee and was appointed by David. When computer logs were checked, it was
realized that a new admin account was being created and the organizational employee payroll
records were copied and then sold on the dark web. After proper investigation, it was found
out that Jamie, during his last week at work had posted several posts on LinkedIn and
Facebook and was approached by Sam for sharing his employee ID and proximity pass to get
involved in illegal activity and obtain 5000 pounds.
The next week while Janice was entering her office building, a USB drive was found
on the ground and when she put it into her PC, it showed that it the files were copied and a
ransomware attack has occurred. An image showed that the attacker demanded for a certain
ransom is to be paid to decrypt the files. The organization was able to identify the point and
with a decryptor tool, was able to decrypt the files, however after losing a full day’s business.
It was found out that few workers on shop floor were members of Fantasy Football League
had the habit to check out few web sites during lunch break. A new site offering was found
out by one player and it was the source of a ransomware attack.
The above mentioned breach could be easily analysed with the help of NIST cyber
security framework (Shackelford et al. 2015). This particular framework helps in providing a
policy framework of the computer security guidance for the procedure of private sector
organizations so that could assess as well as improve the overall ability of preventing,
detecting and responding to the cyber attacks. This framework eventually provides a higher
level taxonomy of cyber security results or a methodology to manage and assess the results.
Several changes subsequently involve proper guidance on the procedure of performing self
assessments, supply chain risk management details, interaction with the supply chain
stakeholders and various others (Abawajy 2014).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
HACKING THE HUMAN
Figure 1: NIST Cyber Security Framework
(Source: Dunn Cavelty 2013)
There are five distinct aspects of this framework, which are identification, protection,
detection, response and finally recovering. The details of the NIST cyber security framework
are as follows:
i) Identification: The first and the foremost aspect of this NIST cyber security is the
proper identification of the breach or issue (Shackelford et al. 2015). A proper understanding
for managing the cyber security risks to the assets, capabilities, data and systems is done in
the first step. For this particular case study, the identification of cyber security breach is that
Janice found out a pen drive after Jamie resigned from work. However, when she put that
particular pen drive in her respective system, the entire system was hacked and all the
confidential data were encrypted with a demand of ransom. It was a ransomware attack and
proper risk management strategy was required to reduce the risks (Shackelford et al. 2015).
Moreover, due to this particular cyber attack or ransomware attack, the organizational
policies, processes and procedure were required to manage as well as monitor the overall
organizational regulatory, risk, environmental, legal and finally operational requirements
were to be understood and the management of cyber security risks were to be informed.
HACKING THE HUMAN
Figure 1: NIST Cyber Security Framework
(Source: Dunn Cavelty 2013)
There are five distinct aspects of this framework, which are identification, protection,
detection, response and finally recovering. The details of the NIST cyber security framework
are as follows:
i) Identification: The first and the foremost aspect of this NIST cyber security is the
proper identification of the breach or issue (Shackelford et al. 2015). A proper understanding
for managing the cyber security risks to the assets, capabilities, data and systems is done in
the first step. For this particular case study, the identification of cyber security breach is that
Janice found out a pen drive after Jamie resigned from work. However, when she put that
particular pen drive in her respective system, the entire system was hacked and all the
confidential data were encrypted with a demand of ransom. It was a ransomware attack and
proper risk management strategy was required to reduce the risks (Shackelford et al. 2015).
Moreover, due to this particular cyber attack or ransomware attack, the organizational
policies, processes and procedure were required to manage as well as monitor the overall
organizational regulatory, risk, environmental, legal and finally operational requirements
were to be understood and the management of cyber security risks were to be informed.
5
HACKING THE HUMAN
Janice was quite scared about the vulnerability of this attack and thus she informed the higher
authority of the respective organization. David, on the other hand, decrypted the various
encrypted files and hence the business of a whole day was affected majorly (Bada and Sasse
2014). Moreover, due to the presence of such distinctive cyber attack, the entire security
system of that particular engineering firm was effected and the organizational mission,
activities and objectives were hampered subsequently.
ii) Protection: The second specific aspect of the NIST cyber security framework is
protection (Shackelford et al. 2015). In this specific framework, accurate and relevant
safeguards were both developed as well as implemented for the purpose of ensuring delivery
of critical infrastructure services. A proper data security is highly required here for managing
the records and information with the help of organizational risk strategy and protection of
confidentiality, integrity and availability of data. Furthermore, the maintenance and repairing
of information system component and industrial control is being performed consistently with
various processes and policies (Ning, Liu and Yang 2013). The technical security solution is
also managed for ensuring the resilience as well as security of assets and systems for being
consistent with the respective related agreements, processes and policies. In this particular
case study of Watson’s Widgets, the CEO of the organization, Rob used a specific decryptor
tool to decrypt the several confidential files and data and hence was able to create a
protection against such files. Furthermore, since they were restructuring their business, they
could have easily changed or altered their policies and procedures of the business for bringing
better protection in the systems and assets.
iii) Detection: The third or the next aspect of this NIST cyber security framework is
detection of the cyber attack effectively. Appropriate activities should be developed and
implemented for the proper identification of occurrence of any cyber security event. A proper
detection of anomalies and events within a timely manner and hence the potential impact of
HACKING THE HUMAN
Janice was quite scared about the vulnerability of this attack and thus she informed the higher
authority of the respective organization. David, on the other hand, decrypted the various
encrypted files and hence the business of a whole day was affected majorly (Bada and Sasse
2014). Moreover, due to the presence of such distinctive cyber attack, the entire security
system of that particular engineering firm was effected and the organizational mission,
activities and objectives were hampered subsequently.
ii) Protection: The second specific aspect of the NIST cyber security framework is
protection (Shackelford et al. 2015). In this specific framework, accurate and relevant
safeguards were both developed as well as implemented for the purpose of ensuring delivery
of critical infrastructure services. A proper data security is highly required here for managing
the records and information with the help of organizational risk strategy and protection of
confidentiality, integrity and availability of data. Furthermore, the maintenance and repairing
of information system component and industrial control is being performed consistently with
various processes and policies (Ning, Liu and Yang 2013). The technical security solution is
also managed for ensuring the resilience as well as security of assets and systems for being
consistent with the respective related agreements, processes and policies. In this particular
case study of Watson’s Widgets, the CEO of the organization, Rob used a specific decryptor
tool to decrypt the several confidential files and data and hence was able to create a
protection against such files. Furthermore, since they were restructuring their business, they
could have easily changed or altered their policies and procedures of the business for bringing
better protection in the systems and assets.
iii) Detection: The third or the next aspect of this NIST cyber security framework is
detection of the cyber attack effectively. Appropriate activities should be developed and
implemented for the proper identification of occurrence of any cyber security event. A proper
detection of anomalies and events within a timely manner and hence the potential impact of
6
HACKING THE HUMAN
these anomalous events is being understood (Shackelford et al. 2015). The respective
information system as well as assets are properly monitored at the discrete intervals for the
proper identification of cyber security events as well as verification of effectiveness of the
protective measures. The detection procedures and processes are maintained and examined
for properly ensuring adequate and timely awareness of the anomalous events (Robinson et
al. 2013). In this specific case study of Watson’s Widgets, the organizational higher
authority, Rob investigated and found out the cause of the respective ransomware attack.
Although the blame was on Janice, the specific USB drive turned out to be alright and they
were able to find out the respective source of infection. This infection was due to few of the
workers, who were working on the shop floor and all of them quite enthusiastic members of a
Fantasy Football League. They had the significant habit to check out relevant web sites
during their lunch break. Amongst them, one of the players had found a new site offering of
enhancements to the game for fee and it eventually turned out that particular web site, which
was the source of this ransomware attack.
iv) Response: The fourth significant feature of this NIST framework is response. The
appropriate activities are to be developed and implemented properly for the purpose of
undertaking actions regarding the specific event of cyber security (Shackelford et al. 2015).
Response planning or response procedures or processes should be both executed and
maintained for ensuring timely responses to the detected cyber security events. Response
activities were coordinated with the external and internal stakeholders for including external
support from the law enforcement agencies. Proper analysis is also conducted for adequate
response or support of the recovery activity (McGraw 2013). Within the case study of
Watson’s Widgets, proper response analysis should be conducted for the purpose of ensuring
adequate support and response to the recovery activities. Moreover, activities for mitigation
are being performed for preventing expansion of event, mitigation of effects as well as
HACKING THE HUMAN
these anomalous events is being understood (Shackelford et al. 2015). The respective
information system as well as assets are properly monitored at the discrete intervals for the
proper identification of cyber security events as well as verification of effectiveness of the
protective measures. The detection procedures and processes are maintained and examined
for properly ensuring adequate and timely awareness of the anomalous events (Robinson et
al. 2013). In this specific case study of Watson’s Widgets, the organizational higher
authority, Rob investigated and found out the cause of the respective ransomware attack.
Although the blame was on Janice, the specific USB drive turned out to be alright and they
were able to find out the respective source of infection. This infection was due to few of the
workers, who were working on the shop floor and all of them quite enthusiastic members of a
Fantasy Football League. They had the significant habit to check out relevant web sites
during their lunch break. Amongst them, one of the players had found a new site offering of
enhancements to the game for fee and it eventually turned out that particular web site, which
was the source of this ransomware attack.
iv) Response: The fourth significant feature of this NIST framework is response. The
appropriate activities are to be developed and implemented properly for the purpose of
undertaking actions regarding the specific event of cyber security (Shackelford et al. 2015).
Response planning or response procedures or processes should be both executed and
maintained for ensuring timely responses to the detected cyber security events. Response
activities were coordinated with the external and internal stakeholders for including external
support from the law enforcement agencies. Proper analysis is also conducted for adequate
response or support of the recovery activity (McGraw 2013). Within the case study of
Watson’s Widgets, proper response analysis should be conducted for the purpose of ensuring
adequate support and response to the recovery activities. Moreover, activities for mitigation
are being performed for preventing expansion of event, mitigation of effects as well as
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
HACKING THE HUMAN
eradicating the incidents. There are some of the organizational response activities are being
improved by the incorporation of lessons learned from any previous detection or response
activities (Sommestad, Ekstedt and Holm 2013). Several distinctive response activities are
present for proper communication and detection of cyber security events.
v) Recovering: The final or the fifth aspect of this NIST cyber security framework is
recovering (Shackelford et al. 2015). The appropriate and accurate activities are to be
developed as well as implemented for the maintenance of plans for resilience or restoring of
the services and capabilities, which were required to be impaired as a cyber security event.
Recovery planning should be executed or maintained for ensuring timely restoration of assets
and systems affected by cyber security events. Furthermore, the restoration activities like
owners of attacking systems, Internet Service Providers, coordinating centres and many
others are being coordinated with the internal and external parties (Ashok, Hahn and
Govindarasu 2014). In this case study of Watson’s Widgets, the ransomware attack in the
engineering firm was recovered after the proper decryption of files with a decryptor tool and
after loss of one day’s business, the confidential data and files were finally recovered
successfully.
Part 2: Proposed Interventions for Mitigating against the Attack
Ransomware is the subset of malware, where the relevant data within the data in a
victim’s system is locked usually by encryption and then payment is demanded before that
ransomed data is being decrypted (Amin et al. 2013). After this decryption, access is
eventually returned to the victim. The most significant motive for this type of attack is always
monetary and unlike the other attacks, here the victim is being notified that any exploit has
subsequently occurred and is provided instructions to get recovered from the attacks. The
payment is demanded within a virtual currency like Bitcoin so that the identity of the cyber
criminal is not known. This ransomware malware could be spread through the infected
HACKING THE HUMAN
eradicating the incidents. There are some of the organizational response activities are being
improved by the incorporation of lessons learned from any previous detection or response
activities (Sommestad, Ekstedt and Holm 2013). Several distinctive response activities are
present for proper communication and detection of cyber security events.
v) Recovering: The final or the fifth aspect of this NIST cyber security framework is
recovering (Shackelford et al. 2015). The appropriate and accurate activities are to be
developed as well as implemented for the maintenance of plans for resilience or restoring of
the services and capabilities, which were required to be impaired as a cyber security event.
Recovery planning should be executed or maintained for ensuring timely restoration of assets
and systems affected by cyber security events. Furthermore, the restoration activities like
owners of attacking systems, Internet Service Providers, coordinating centres and many
others are being coordinated with the internal and external parties (Ashok, Hahn and
Govindarasu 2014). In this case study of Watson’s Widgets, the ransomware attack in the
engineering firm was recovered after the proper decryption of files with a decryptor tool and
after loss of one day’s business, the confidential data and files were finally recovered
successfully.
Part 2: Proposed Interventions for Mitigating against the Attack
Ransomware is the subset of malware, where the relevant data within the data in a
victim’s system is locked usually by encryption and then payment is demanded before that
ransomed data is being decrypted (Amin et al. 2013). After this decryption, access is
eventually returned to the victim. The most significant motive for this type of attack is always
monetary and unlike the other attacks, here the victim is being notified that any exploit has
subsequently occurred and is provided instructions to get recovered from the attacks. The
payment is demanded within a virtual currency like Bitcoin so that the identity of the cyber
criminal is not known. This ransomware malware could be spread through the infected
8
HACKING THE HUMAN
software applications, compromised web sites, infected external storage device as well as
malicious email attachments (Ben-Asher and Gonzalez 2015). The growing number of
attacks have utilized remote desktop protocols or even any other approach, which do not
depend on all types of forms of user interactions. This malware might even change the
respective login credentials of the victim for computing devices and the files could be
encrypted over the infected device or any other connected network devices (Elmaghraby and
Losavio 2014). The most popular and significant ransomware attacks were Crypto Locker
and Wanna Cry.
This ransomware is a type of malware, which usually encrypts the data for the
purpose of blocking access to the relevant data only until and unless fees are paid to that
specific attacker. When the hype is being utilized for outweighing the original risk and
ransomware has evolved, spread as well as grown effectively in more sophisticated manner in
response to the efforts for defending against the attack (Sou, Sandberg and Johansson 2013).
Few of the most important and significant high profile ransomware attacks that have taken
place in these few years with the growing tide of threats. The volumes of ransomware have
eventually incremented by more than 350% within the year of 2017 as per NIIT Security
Report. These security professionals have tasked with the respective safeguarding company
data and they should have the ransomware over their radars and hence it is vital to undertake
some of the major steps for mitigation of this threat. However, prevention is always better
than cure; however no security system is perfect as it pays to prepare for the worst activity by
simple creation of the recovery plan.
For mitigation of any kind of ransomware attack, cyber security is extremely
important. This type of field is eventually growing majorly for the proper reliance on the
computer based systems, wireless networks like wireless fidelity and Bluetooth as well as the
Internet connection (Choucri, Madnick and Ferwerda 2014). Due to the significant growth of
HACKING THE HUMAN
software applications, compromised web sites, infected external storage device as well as
malicious email attachments (Ben-Asher and Gonzalez 2015). The growing number of
attacks have utilized remote desktop protocols or even any other approach, which do not
depend on all types of forms of user interactions. This malware might even change the
respective login credentials of the victim for computing devices and the files could be
encrypted over the infected device or any other connected network devices (Elmaghraby and
Losavio 2014). The most popular and significant ransomware attacks were Crypto Locker
and Wanna Cry.
This ransomware is a type of malware, which usually encrypts the data for the
purpose of blocking access to the relevant data only until and unless fees are paid to that
specific attacker. When the hype is being utilized for outweighing the original risk and
ransomware has evolved, spread as well as grown effectively in more sophisticated manner in
response to the efforts for defending against the attack (Sou, Sandberg and Johansson 2013).
Few of the most important and significant high profile ransomware attacks that have taken
place in these few years with the growing tide of threats. The volumes of ransomware have
eventually incremented by more than 350% within the year of 2017 as per NIIT Security
Report. These security professionals have tasked with the respective safeguarding company
data and they should have the ransomware over their radars and hence it is vital to undertake
some of the major steps for mitigation of this threat. However, prevention is always better
than cure; however no security system is perfect as it pays to prepare for the worst activity by
simple creation of the recovery plan.
For mitigation of any kind of ransomware attack, cyber security is extremely
important. This type of field is eventually growing majorly for the proper reliance on the
computer based systems, wireless networks like wireless fidelity and Bluetooth as well as the
Internet connection (Choucri, Madnick and Ferwerda 2014). Due to the significant growth of
9
HACKING THE HUMAN
smart devices like televisions and smart phones, Internet of things and all smaller technology
based devices, cyber security is highly required. For the presence of complexity, cyber
security is termed as one of the most important challenges in the world. The security
eventually consists of physical security and cyber security and both of these are being utilized
by the enterprises for the core purpose of protecting against the unauthorized or
unauthenticated access to the respective data centres as well as computerized systems. The
information security is being designed for maintaining the CIA or confidentiality, integrity
and availability of information and it is major subset of cyber security. This type of cyber
security majorly needs the proper management of efforts within any information system (Sou,
Sandberg and Johansson 2013). The major elements of cyber security are information
security, application security, end user education, disaster recovery, operational security,
network security and business continuity planning.
In this case study of Watson’s Widget, Janice and the engineering firm could easily
prevent these types of ransomware attacks. Few of the prevention strategies for removal of
ransomware attack are provided below:
i) Security Awareness Training: The first and the most important and significant
prevention strategy of any kind of ransomware attack is security awareness training (Knowles
et al. 2015). There are some of the most basic and unique methods, which the specific
ransomware could get into the network, however one of the most likely strategy is through a
phishing attack. When any employee is unwittingly clicks or taps on a link, these employees
must not open a wrong electronic mail attachment, this ransomware might obtain a
subsequent foot hold on the system and then rapidly spread throughout the network. For the
engineering firm of Janice, a proper and significant security awareness training program
should be launched and hence reduce the overall threat of employee error, hence leading to
the ransomware infection. Since, one of the employees has accessed an unsafe web site called
HACKING THE HUMAN
smart devices like televisions and smart phones, Internet of things and all smaller technology
based devices, cyber security is highly required. For the presence of complexity, cyber
security is termed as one of the most important challenges in the world. The security
eventually consists of physical security and cyber security and both of these are being utilized
by the enterprises for the core purpose of protecting against the unauthorized or
unauthenticated access to the respective data centres as well as computerized systems. The
information security is being designed for maintaining the CIA or confidentiality, integrity
and availability of information and it is major subset of cyber security. This type of cyber
security majorly needs the proper management of efforts within any information system (Sou,
Sandberg and Johansson 2013). The major elements of cyber security are information
security, application security, end user education, disaster recovery, operational security,
network security and business continuity planning.
In this case study of Watson’s Widget, Janice and the engineering firm could easily
prevent these types of ransomware attacks. Few of the prevention strategies for removal of
ransomware attack are provided below:
i) Security Awareness Training: The first and the most important and significant
prevention strategy of any kind of ransomware attack is security awareness training (Knowles
et al. 2015). There are some of the most basic and unique methods, which the specific
ransomware could get into the network, however one of the most likely strategy is through a
phishing attack. When any employee is unwittingly clicks or taps on a link, these employees
must not open a wrong electronic mail attachment, this ransomware might obtain a
subsequent foot hold on the system and then rapidly spread throughout the network. For the
engineering firm of Janice, a proper and significant security awareness training program
should be launched and hence reduce the overall threat of employee error, hence leading to
the ransomware infection. Since, one of the employees has accessed an unsafe web site called
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
HACKING THE HUMAN
enhancements, security awareness training is important (Wang and Lu 2013). If such
awareness training would had been present, the particular employee would definitely not
have accessed that web site and such issue would not had been raised. Thus, this is one of the
most popular and noteworthy prevention strategy for reducing ransomware attack.
ii) Updates, Configuration and Patches: The second important or vital prevention
strategy of any type of ransomware attack is proper updates, patches as well as
configurations. The proper end point security hygiene is extremely vital to prevent all kinds
of ransomware. The respective attackers would eventually look for misconfigurations and
vulnerabilities so that they could easily exploit to obtain subsequent access to the network
(Amin et al. 2013). When any unsafe system is present in the network, it becomes quite
easier for the attacker to gain access of the confidential data and hence spread vulnerabilities
majorly. The organization must ensure that the systems as well as devices are constantly
upgraded with the respective latest security patches. Moreover, they should not make any
kind of default configurations, so that the attacker does not get any scope of hacking.
iii) Up to Date Asset Inventory: The next subsequent prevention strategy of the
ransomware attack is to keep an up to date asset inventory (Dunn Cavelty 2013). When the
victim will not know which of the devices are legally connected to the public or private
clouds, it is not possible to recognize as well as prevent the attacks. A real time overview of
each and every device is highly required within the network and even a clear understanding
of the major permissions is needed for every device that is based on the user. Internet of
Things is considered as one of the most important and popular target (Kott 2014). In the
provided case study of Watson’s Widget, Rob and David should have thought about the
protection of their systems and devices earlier, so that such issue would not have occurred.
HACKING THE HUMAN
enhancements, security awareness training is important (Wang and Lu 2013). If such
awareness training would had been present, the particular employee would definitely not
have accessed that web site and such issue would not had been raised. Thus, this is one of the
most popular and noteworthy prevention strategy for reducing ransomware attack.
ii) Updates, Configuration and Patches: The second important or vital prevention
strategy of any type of ransomware attack is proper updates, patches as well as
configurations. The proper end point security hygiene is extremely vital to prevent all kinds
of ransomware. The respective attackers would eventually look for misconfigurations and
vulnerabilities so that they could easily exploit to obtain subsequent access to the network
(Amin et al. 2013). When any unsafe system is present in the network, it becomes quite
easier for the attacker to gain access of the confidential data and hence spread vulnerabilities
majorly. The organization must ensure that the systems as well as devices are constantly
upgraded with the respective latest security patches. Moreover, they should not make any
kind of default configurations, so that the attacker does not get any scope of hacking.
iii) Up to Date Asset Inventory: The next subsequent prevention strategy of the
ransomware attack is to keep an up to date asset inventory (Dunn Cavelty 2013). When the
victim will not know which of the devices are legally connected to the public or private
clouds, it is not possible to recognize as well as prevent the attacks. A real time overview of
each and every device is highly required within the network and even a clear understanding
of the major permissions is needed for every device that is based on the user. Internet of
Things is considered as one of the most important and popular target (Kott 2014). In the
provided case study of Watson’s Widget, Rob and David should have thought about the
protection of their systems and devices earlier, so that such issue would not have occurred.
11
HACKING THE HUMAN
iv) Continuous Vulnerability Assessment: Another efficient and effective strategy to
prevent any kind of ransomware attack is the continuous vulnerability assessment (Halevi,
Lewis and Memon 2013). The various cyber criminals would always undertake the path of
the lowest resistance and hence these ransomware attacks eventually exploit every known
vulnerability within the famous software. The respective organization or victim would require
a security system, which should be updated with each and every latest revelation in respect of
vulnerabilities and the data should be cross checked with the network for ensuring that any
easier route is not being offered. This type of continuous vulnerability assessment is also
effective for identifying if any kind of discrepancy has occurred for stopping to spread
vulnerabilities majorly (Buczak and Guven 2016). Rob and David was able to identify the
vulnerability after it had taken place; however if this kind of continuous vulnerability
assessment would have been present, they would have easily identified the ransomware
attack previously.
v) Real Time Traffic Monitoring: The next subsequent prevention strategy for any
type of ransomware attack is the real time traffic monitoring (Hong, Liu and Govindarasu
2014). A lot of focus is present for filtering as well as blocking in bound connections;
however this should be done for the out bound connections as well. This ransomware would
also obtain proper access and then dial home for the further instructions. When the initial out
bound attempts are blocked for the purpose of connecting to the server of the attacker, then
the victim would be able to cease the respective ransomware attack even before it is getting
off the ground. Any type of suspicious traffic in either of direction must be flagged
automatically and several alerts should be generated for further investigation (Wells et al.
2014). This type of real time monitoring would had been extremely vital for David and Rob
for tracking what Jamie has done in the work place.
HACKING THE HUMAN
iv) Continuous Vulnerability Assessment: Another efficient and effective strategy to
prevent any kind of ransomware attack is the continuous vulnerability assessment (Halevi,
Lewis and Memon 2013). The various cyber criminals would always undertake the path of
the lowest resistance and hence these ransomware attacks eventually exploit every known
vulnerability within the famous software. The respective organization or victim would require
a security system, which should be updated with each and every latest revelation in respect of
vulnerabilities and the data should be cross checked with the network for ensuring that any
easier route is not being offered. This type of continuous vulnerability assessment is also
effective for identifying if any kind of discrepancy has occurred for stopping to spread
vulnerabilities majorly (Buczak and Guven 2016). Rob and David was able to identify the
vulnerability after it had taken place; however if this kind of continuous vulnerability
assessment would have been present, they would have easily identified the ransomware
attack previously.
v) Real Time Traffic Monitoring: The next subsequent prevention strategy for any
type of ransomware attack is the real time traffic monitoring (Hong, Liu and Govindarasu
2014). A lot of focus is present for filtering as well as blocking in bound connections;
however this should be done for the out bound connections as well. This ransomware would
also obtain proper access and then dial home for the further instructions. When the initial out
bound attempts are blocked for the purpose of connecting to the server of the attacker, then
the victim would be able to cease the respective ransomware attack even before it is getting
off the ground. Any type of suspicious traffic in either of direction must be flagged
automatically and several alerts should be generated for further investigation (Wells et al.
2014). This type of real time monitoring would had been extremely vital for David and Rob
for tracking what Jamie has done in the work place.
12
HACKING THE HUMAN
vi) Detection of Intrusion: The intrusion detection is yet another important and
significant strategy to prevent ransomware attacks in any organization (Hahn et al. 2013). For
a proper protection of the systems, the victim requires a system, which has the ability of
recognizing the major signs of any ransomware attack irrespective of the fact that whether it
is a communication, sending data through the covert channel, disabling the firewalls or
disabling of anti virus software. The suspicious updates to the respective policies,
unscheduled scanning as well as up gradation of failures could even be termed as the warning
signals. When these would be spotted in time, the infected systems would be easily
quarantined and the ransomware attack would be stopped eventually (Dandurand and Serrano
2013). David and Rob should have maintained a system so that they could have easily
detected intrusions beforehand and such issues would have stopped effectively and Janice
would not have faced any problem.
vii) Monitoring of File Integrity: The seventh prevention strategy for all kinds of
ransomware attacks is the proper monitoring of file integrity. When the file integrity
monitoring is being set up on the business critical data, then each and every automatic alert is
present for the accessing or alteration of the critical file or data (Gordon et al. 2015). This
could be helpful for spotting the ransomware attack extremely quickly and also to limit the
overall impacts. Rob as well as David would have got major benefits if they would have
implemented file integrity monitoring system within their computers and systems and hence
ransomware attack would had been stopped.
viii) Log Monitoring as well as Analysis: Another efficient strategy to prevent any
type of ransomware attack is the log monitoring and analysis (Sou, Sandberg and Johansson
2013). It is nearly impossible for the cyber criminals to launch and run any ransomware
attack without leaving traces of the activities throughout the network. A specific software
should be eventually considered for maintaining employee security and this software would
HACKING THE HUMAN
vi) Detection of Intrusion: The intrusion detection is yet another important and
significant strategy to prevent ransomware attacks in any organization (Hahn et al. 2013). For
a proper protection of the systems, the victim requires a system, which has the ability of
recognizing the major signs of any ransomware attack irrespective of the fact that whether it
is a communication, sending data through the covert channel, disabling the firewalls or
disabling of anti virus software. The suspicious updates to the respective policies,
unscheduled scanning as well as up gradation of failures could even be termed as the warning
signals. When these would be spotted in time, the infected systems would be easily
quarantined and the ransomware attack would be stopped eventually (Dandurand and Serrano
2013). David and Rob should have maintained a system so that they could have easily
detected intrusions beforehand and such issues would have stopped effectively and Janice
would not have faced any problem.
vii) Monitoring of File Integrity: The seventh prevention strategy for all kinds of
ransomware attacks is the proper monitoring of file integrity. When the file integrity
monitoring is being set up on the business critical data, then each and every automatic alert is
present for the accessing or alteration of the critical file or data (Gordon et al. 2015). This
could be helpful for spotting the ransomware attack extremely quickly and also to limit the
overall impacts. Rob as well as David would have got major benefits if they would have
implemented file integrity monitoring system within their computers and systems and hence
ransomware attack would had been stopped.
viii) Log Monitoring as well as Analysis: Another efficient strategy to prevent any
type of ransomware attack is the log monitoring and analysis (Sou, Sandberg and Johansson
2013). It is nearly impossible for the cyber criminals to launch and run any ransomware
attack without leaving traces of the activities throughout the network. A specific software
should be eventually considered for maintaining employee security and this software would
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13
HACKING THE HUMAN
have the capability of scanning system log, application log as well as activity log for collating
and analysing data (Luiijf, Besseling and De Graaf 2013). This particular strategy would have
been quite effective and efficient for the case scenario of Watson’s Widgets. A regular
analysis and monitoring of logs in the business would be effective for eradicating the
ransomware attack within their engineering firm.
ix) Continuous Threat Intelligence: A continuous threat intelligence is the next
significant prevention strategy for reducing ransomware attacks. It is extremely important or
vital to monitor the network within real time for the purpose of obtaining clearer picture of
safety and security; however all the monitoring tools are not as efficient as the rest (Cavelty
2014). Hence, the latest threat intelligence is important when the victim expects in catching
ransomware attacks for preventing them from spreading.
x) Reliable Backup and Recovery: The next distinctive prevention strategy against
ransomware attack is reliable backup as well as recovery. A proper precaution is to be taken
for trying and preventing ransomware to gain entry and also to swiftly detect the attacks
(Abomhara and Køien 2015). With the help of reliable backup and recovery, David and Rob
would had been effective to reduce every risk or threat against ransomware attack.
ISMS and ISA Framework: The information security management system or ISMS
framework helps to establish, deploy, operate, control, review, maintain and finally improve
the information security. The management system is the set of interlinked elements of any
specific company for establishing processes, objectives and policies for the core purpose of
achieving these objectives. The major scopes of this type of management system include
entire organization, identified functionalities, and identified organizational sections and many
more. On the other hand, ISA or information sharing architecture framework helps in sharing
of information over a platform so that the user does not face any issue regarding the
HACKING THE HUMAN
have the capability of scanning system log, application log as well as activity log for collating
and analysing data (Luiijf, Besseling and De Graaf 2013). This particular strategy would have
been quite effective and efficient for the case scenario of Watson’s Widgets. A regular
analysis and monitoring of logs in the business would be effective for eradicating the
ransomware attack within their engineering firm.
ix) Continuous Threat Intelligence: A continuous threat intelligence is the next
significant prevention strategy for reducing ransomware attacks. It is extremely important or
vital to monitor the network within real time for the purpose of obtaining clearer picture of
safety and security; however all the monitoring tools are not as efficient as the rest (Cavelty
2014). Hence, the latest threat intelligence is important when the victim expects in catching
ransomware attacks for preventing them from spreading.
x) Reliable Backup and Recovery: The next distinctive prevention strategy against
ransomware attack is reliable backup as well as recovery. A proper precaution is to be taken
for trying and preventing ransomware to gain entry and also to swiftly detect the attacks
(Abomhara and Køien 2015). With the help of reliable backup and recovery, David and Rob
would had been effective to reduce every risk or threat against ransomware attack.
ISMS and ISA Framework: The information security management system or ISMS
framework helps to establish, deploy, operate, control, review, maintain and finally improve
the information security. The management system is the set of interlinked elements of any
specific company for establishing processes, objectives and policies for the core purpose of
achieving these objectives. The major scopes of this type of management system include
entire organization, identified functionalities, and identified organizational sections and many
more. On the other hand, ISA or information sharing architecture framework helps in sharing
of information over a platform so that the user does not face any issue regarding the
14
HACKING THE HUMAN
information sharing. These two frameworks are important and significant for Watson’s
Widgets for the proper identification of any such attack.
Part 3: Ethical and Moral Issues for Using Human Behaviour Analysis and
Modification Techniques
The ethical and moral issues to utilize the human behaviour analysis as well as
modification techniques for this case study are as follows:
i) Compliance and Governance Issues: The first and the foremost ethical and moral
issue is the compliance and governance issue. Jamie was expected to maintain work ethics
and to comply with the business laws, data safety regulations and information security rules
(Cherdantseva et al. 2016). Since, he was committed to compliance, he was supposed to
maintain the rules under every circumstance. However, he was unethical and immoral in this
scenario. He provided access to a third party and hence work ethics was being hampered.
ii) Decision Making Issues: The second type of issue in this scenario is decision
making issues. Since, Jamie had the scope of taking proper decisions in his work place, it was
expected for them to take correct decisions (Fielder et al. 2016). However, he selected a
wrong side and gave his data access to a third party, Sam, who was not a member of his
organization.
iii) Diversity Issues: Diversity issue is yet another important and significant issue for
human behaviour analysis in the case study. The value of the contribution of Jamie was
extremely important for making the business successful. An ethical response to the diversity
starts with recruit of diverse work force.
iv) Integrity and Trust Issues: Jamie did not follow work ethics and did not maintain
integrity or trust in his work and hence business ethics were hampered severely (Halevi,
HACKING THE HUMAN
information sharing. These two frameworks are important and significant for Watson’s
Widgets for the proper identification of any such attack.
Part 3: Ethical and Moral Issues for Using Human Behaviour Analysis and
Modification Techniques
The ethical and moral issues to utilize the human behaviour analysis as well as
modification techniques for this case study are as follows:
i) Compliance and Governance Issues: The first and the foremost ethical and moral
issue is the compliance and governance issue. Jamie was expected to maintain work ethics
and to comply with the business laws, data safety regulations and information security rules
(Cherdantseva et al. 2016). Since, he was committed to compliance, he was supposed to
maintain the rules under every circumstance. However, he was unethical and immoral in this
scenario. He provided access to a third party and hence work ethics was being hampered.
ii) Decision Making Issues: The second type of issue in this scenario is decision
making issues. Since, Jamie had the scope of taking proper decisions in his work place, it was
expected for them to take correct decisions (Fielder et al. 2016). However, he selected a
wrong side and gave his data access to a third party, Sam, who was not a member of his
organization.
iii) Diversity Issues: Diversity issue is yet another important and significant issue for
human behaviour analysis in the case study. The value of the contribution of Jamie was
extremely important for making the business successful. An ethical response to the diversity
starts with recruit of diverse work force.
iv) Integrity and Trust Issues: Jamie did not follow work ethics and did not maintain
integrity or trust in his work and hence business ethics were hampered severely (Halevi,
15
HACKING THE HUMAN
Lewis and Memon 2013). It was the responsibility of Jamie to maintain proper work ethics in
his previous organization.
Conclusion
Therefore, from the above discussion, it can be concluded that cyber security is a
significant protection or security of Internet linked systems, which data, software and
hardware from any kind of cyber attack. The above report has clearly outlined the entire case
study of Watson’s Widgets. An engineering firm has faced a ransomware attack in their
business and proper mitigations are being proposed for them. This report has eventually
analysed the entire security breach with proper details. Moreover, mitigation techniques are
also provided in the report for the breach with ethical and moral behaviours of the employees
of this organization.
HACKING THE HUMAN
Lewis and Memon 2013). It was the responsibility of Jamie to maintain proper work ethics in
his previous organization.
Conclusion
Therefore, from the above discussion, it can be concluded that cyber security is a
significant protection or security of Internet linked systems, which data, software and
hardware from any kind of cyber attack. The above report has clearly outlined the entire case
study of Watson’s Widgets. An engineering firm has faced a ransomware attack in their
business and proper mitigations are being proposed for them. This report has eventually
analysed the entire security breach with proper details. Moreover, mitigation techniques are
also provided in the report for the breach with ethical and moral behaviours of the employees
of this organization.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
16
HACKING THE HUMAN
References
Abawajy, J., 2014. User preference of cyber security awareness delivery methods. Behaviour
& Information Technology, 33(3), pp.237-248.
Abomhara, M. and Køien, G.M., 2015. Cyber security and the internet of things:
vulnerabilities, threats, intruders and attacks. Journal of Cyber Security, 4(1), pp.65-88.
Amin, S., Litrico, X., Sastry, S. and Bayen, A.M., 2013. Cyber security of water SCADA
systems—Part I: Analysis and experimentation of stealthy deception attacks. IEEE
Transactions on Control Systems Technology, 21(5), pp.1963-1970.
Amin, S., Litrico, X., Sastry, S.S. and Bayen, A.M., 2013. Cyber security of water SCADA
systems—Part II: Attack detection using enhanced hydrodynamic models. IEEE
Transactions on Control Systems Technology, 21(5), pp.1679-1693.
Ashok, A., Hahn, A. and Govindarasu, M., 2014. Cyber-physical security of wide-area
monitoring, protection and control in a smart grid environment. Journal of advanced
research, 5(4), pp.481-489.
Bada, M. and Sasse, A., 2014. Cyber security awareness campaigns: Why do they fail to
change behaviour?.
Ben-Asher, N. and Gonzalez, C., 2015. Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, pp.51-61.
Buczak, A.L. and Guven, E., 2016. A survey of data mining and machine learning methods
for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2),
pp.1153-1176.
Cavelty, M.D., 2014. Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and engineering ethics, 20(3), pp.701-715.
HACKING THE HUMAN
References
Abawajy, J., 2014. User preference of cyber security awareness delivery methods. Behaviour
& Information Technology, 33(3), pp.237-248.
Abomhara, M. and Køien, G.M., 2015. Cyber security and the internet of things:
vulnerabilities, threats, intruders and attacks. Journal of Cyber Security, 4(1), pp.65-88.
Amin, S., Litrico, X., Sastry, S. and Bayen, A.M., 2013. Cyber security of water SCADA
systems—Part I: Analysis and experimentation of stealthy deception attacks. IEEE
Transactions on Control Systems Technology, 21(5), pp.1963-1970.
Amin, S., Litrico, X., Sastry, S.S. and Bayen, A.M., 2013. Cyber security of water SCADA
systems—Part II: Attack detection using enhanced hydrodynamic models. IEEE
Transactions on Control Systems Technology, 21(5), pp.1679-1693.
Ashok, A., Hahn, A. and Govindarasu, M., 2014. Cyber-physical security of wide-area
monitoring, protection and control in a smart grid environment. Journal of advanced
research, 5(4), pp.481-489.
Bada, M. and Sasse, A., 2014. Cyber security awareness campaigns: Why do they fail to
change behaviour?.
Ben-Asher, N. and Gonzalez, C., 2015. Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, pp.51-61.
Buczak, A.L. and Guven, E., 2016. A survey of data mining and machine learning methods
for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2),
pp.1153-1176.
Cavelty, M.D., 2014. Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and engineering ethics, 20(3), pp.701-715.
17
HACKING THE HUMAN
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K.,
2016. A review of cyber security risk assessment methods for SCADA systems. Computers
& security, 56, pp.1-27.
Choucri, N., Madnick, S. and Ferwerda, J., 2014. Institutions for cyber security: International
responses and global imperatives. Information Technology for Development, 20(2), pp.96-
121.
Dandurand, L. and Serrano, O.S., 2013, June. Towards improved cyber security information
sharing. In Cyber Conflict (CyCon), 2013 5th International Conference on (pp. 1-16). IEEE.
Dunn Cavelty, M., 2013. From cyber-bombs to political fallout: Threat representations with
an impact in the cyber-security discourse. International Studies Review, 15(1), pp.105-122.
Elmaghraby, A.S. and Losavio, M.M., 2014. Cyber security challenges in Smart Cities:
Safety, security and privacy. Journal of advanced research, 5(4), pp.491-497.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C. and Smeraldi, F., 2016. Decision support
approaches for cyber security investment. Decision Support Systems, 86, pp.13-23.
Gordon, L.A., Loeb, M.P., Lucyshyn, W. and Zhou, L., 2015. Externalities and the
magnitude of cyber security underinvestment by private sector firms: a modification of the
Gordon-Loeb model. Journal of Information Security, 6(1), p.24.
Hahn, A., Ashok, A., Sridhar, S. and Govindarasu, M., 2013. Cyber-physical security
testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions on
Smart Grid, 4(2), pp.847-855.
Halevi, T., Lewis, J. and Memon, N., 2013, May. A pilot study of cyber security and privacy
related behavior and personality traits. In Proceedings of the 22nd International Conference
on World Wide Web (pp. 737-744). ACM.
HACKING THE HUMAN
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K.,
2016. A review of cyber security risk assessment methods for SCADA systems. Computers
& security, 56, pp.1-27.
Choucri, N., Madnick, S. and Ferwerda, J., 2014. Institutions for cyber security: International
responses and global imperatives. Information Technology for Development, 20(2), pp.96-
121.
Dandurand, L. and Serrano, O.S., 2013, June. Towards improved cyber security information
sharing. In Cyber Conflict (CyCon), 2013 5th International Conference on (pp. 1-16). IEEE.
Dunn Cavelty, M., 2013. From cyber-bombs to political fallout: Threat representations with
an impact in the cyber-security discourse. International Studies Review, 15(1), pp.105-122.
Elmaghraby, A.S. and Losavio, M.M., 2014. Cyber security challenges in Smart Cities:
Safety, security and privacy. Journal of advanced research, 5(4), pp.491-497.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C. and Smeraldi, F., 2016. Decision support
approaches for cyber security investment. Decision Support Systems, 86, pp.13-23.
Gordon, L.A., Loeb, M.P., Lucyshyn, W. and Zhou, L., 2015. Externalities and the
magnitude of cyber security underinvestment by private sector firms: a modification of the
Gordon-Loeb model. Journal of Information Security, 6(1), p.24.
Hahn, A., Ashok, A., Sridhar, S. and Govindarasu, M., 2013. Cyber-physical security
testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions on
Smart Grid, 4(2), pp.847-855.
Halevi, T., Lewis, J. and Memon, N., 2013, May. A pilot study of cyber security and privacy
related behavior and personality traits. In Proceedings of the 22nd International Conference
on World Wide Web (pp. 737-744). ACM.
18
HACKING THE HUMAN
Hong, J., Liu, C.C. and Govindarasu, M., 2014. Integrated anomaly detection for cyber
security of the substations. IEEE Transactions on Smart Grid, 5(4), pp.1643-1653.
Knowles, W., Prince, D., Hutchison, D., Disso, J.F.P. and Jones, K., 2015. A survey of cyber
security management in industrial control systems. International journal of critical
infrastructure protection, 9, pp.52-80.
Kott, A., 2014. Towards fundamental science of cyber security. In Network science and
cybersecurity (pp. 1-13). Springer, New York, NY.
Luiijf, E., Besseling, K. and De Graaf, P., 2013. Nineteen national cyber security
strategies. International Journal of Critical Infrastructures 6, 9(1-2), pp.3-31.
McGraw, G., 2013. Cyber war is inevitable (unless we build security in). Journal of Strategic
Studies, 36(1), pp.109-119.
Ning, H., Liu, H. and Yang, L., 2013. Cyber-entity security in the Internet of
things. Computer, p.1.
Robinson, N., Gribbon, L., Horvath, V. and Cox, K., 2013. Cyber-security threat
characterisation.
Shackelford, S.J., Proia, A.A., Martell, B. and Craig, A.N., 2015. Toward a global
cybersecurity standard of care: Exploring the implications of the 2014 NIST cybersecurity
framework on shaping reasonable national and international cybersecurity practices. Tex. Int'l
LJ, 50, p.305.
Sommestad, T., Ekstedt, M. and Holm, H., 2013. The cyber security modeling language: A
tool for assessing the vulnerability of enterprise system architectures. IEEE Systems
Journal, 7(3), pp.363-373.
HACKING THE HUMAN
Hong, J., Liu, C.C. and Govindarasu, M., 2014. Integrated anomaly detection for cyber
security of the substations. IEEE Transactions on Smart Grid, 5(4), pp.1643-1653.
Knowles, W., Prince, D., Hutchison, D., Disso, J.F.P. and Jones, K., 2015. A survey of cyber
security management in industrial control systems. International journal of critical
infrastructure protection, 9, pp.52-80.
Kott, A., 2014. Towards fundamental science of cyber security. In Network science and
cybersecurity (pp. 1-13). Springer, New York, NY.
Luiijf, E., Besseling, K. and De Graaf, P., 2013. Nineteen national cyber security
strategies. International Journal of Critical Infrastructures 6, 9(1-2), pp.3-31.
McGraw, G., 2013. Cyber war is inevitable (unless we build security in). Journal of Strategic
Studies, 36(1), pp.109-119.
Ning, H., Liu, H. and Yang, L., 2013. Cyber-entity security in the Internet of
things. Computer, p.1.
Robinson, N., Gribbon, L., Horvath, V. and Cox, K., 2013. Cyber-security threat
characterisation.
Shackelford, S.J., Proia, A.A., Martell, B. and Craig, A.N., 2015. Toward a global
cybersecurity standard of care: Exploring the implications of the 2014 NIST cybersecurity
framework on shaping reasonable national and international cybersecurity practices. Tex. Int'l
LJ, 50, p.305.
Sommestad, T., Ekstedt, M. and Holm, H., 2013. The cyber security modeling language: A
tool for assessing the vulnerability of enterprise system architectures. IEEE Systems
Journal, 7(3), pp.363-373.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
19
HACKING THE HUMAN
Sou, K.C., Sandberg, H. and Johansson, K.H., 2013. On the exact solution to a smart grid
cyber-security analysis problem. IEEE Transactions on Smart Grid, 4(2), pp.856-865.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber
security. computers & security, 38, pp.97-102.
Wang, W. and Lu, Z., 2013. Cyber security in the smart grid: Survey and
challenges. Computer Networks, 57(5), pp.1344-1371.
Wells, L.J., Camelio, J.A., Williams, C.B. and White, J., 2014. Cyber-physical security
challenges in manufacturing systems. Manufacturing Letters, 2(2), pp.74-77.
HACKING THE HUMAN
Sou, K.C., Sandberg, H. and Johansson, K.H., 2013. On the exact solution to a smart grid
cyber-security analysis problem. IEEE Transactions on Smart Grid, 4(2), pp.856-865.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber
security. computers & security, 38, pp.97-102.
Wang, W. and Lu, Z., 2013. Cyber security in the smart grid: Survey and
challenges. Computer Networks, 57(5), pp.1344-1371.
Wells, L.J., Camelio, J.A., Williams, C.B. and White, J., 2014. Cyber-physical security
challenges in manufacturing systems. Manufacturing Letters, 2(2), pp.74-77.
1 out of 20
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024  |  Zucol Services PVT LTD  |  All rights reserved.