Hacking the Human: Analysis of a Cyber Security Breach
Added on 2023-04-21
20 Pages6007 Words115 Views
|
|
|
Running head: HACKING THE HUMAN
Hacking the Human
Name of the Student
Name of the University
Author’s Note:
Hacking the Human
Name of the Student
Name of the University
Author’s Note:
1
HACKING THE HUMAN
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................2
Part 1: Analysis of the Breach................................................................................................2
Part 2: Proposed Interventions for Mitigating against the Attack..........................................7
Part 3: Ethical and Moral Issues for Using Human Behaviour Analysis and Modification
Techniques...........................................................................................................................14
Conclusion................................................................................................................................15
References................................................................................................................................16
HACKING THE HUMAN
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................2
Part 1: Analysis of the Breach................................................................................................2
Part 2: Proposed Interventions for Mitigating against the Attack..........................................7
Part 3: Ethical and Moral Issues for Using Human Behaviour Analysis and Modification
Techniques...........................................................................................................................14
Conclusion................................................................................................................................15
References................................................................................................................................16
2
HACKING THE HUMAN
Introduction
Cyber security or computer security can be stated as the proper protection of several
computer systems either from damage or theft to the respective software, hardware as well as
electronic data (Von Solms and Van Niekerk 2013). Moreover, the subsequent protection
from any kind of misdirection or disruption of the major services that are being provided. The
following report outlines a brief discussion on the case study of Watson’s Widgets. A proper
analysis of the breach with NIST framework, proposed interventions to mitigate such attacks
as well as ethical and moral issues to use human behaviour analysis and even modification
techniques will be described here.
Discussion
Part 1: Analysis of the Breach
An engineering firm was set by Brian Watson and recently his two sons, Davis and
Robert are running the business. Janice has started working recently and she is the Senior
admin and PA of this company. She is working excellently and is getting a generous salary.
Both David and Robert are in the process of restructuring their business in response to the
manufacturing processes since Brian had been using traditional methodologies in the start of
the business. However, while overhauling the IT systems after inclusion of cyber security
policies, they checked that there were some of the significant discrepancies in the store,
which were being traced back to their respective store manager, Jamie Smith. They were
hence forced to sack Jamie, although in deference to their father’s wishes, they allowed Jamie
Smith to resign and work with a week’s notice.
After one week of Jamie’s resignation, Janice noticed a person was wandering around
the offices near the desk of a colleague, who was on holiday. After reviewing the CCTV
footage, the management of the firm realized that this particular person was on the premises
HACKING THE HUMAN
Introduction
Cyber security or computer security can be stated as the proper protection of several
computer systems either from damage or theft to the respective software, hardware as well as
electronic data (Von Solms and Van Niekerk 2013). Moreover, the subsequent protection
from any kind of misdirection or disruption of the major services that are being provided. The
following report outlines a brief discussion on the case study of Watson’s Widgets. A proper
analysis of the breach with NIST framework, proposed interventions to mitigate such attacks
as well as ethical and moral issues to use human behaviour analysis and even modification
techniques will be described here.
Discussion
Part 1: Analysis of the Breach
An engineering firm was set by Brian Watson and recently his two sons, Davis and
Robert are running the business. Janice has started working recently and she is the Senior
admin and PA of this company. She is working excellently and is getting a generous salary.
Both David and Robert are in the process of restructuring their business in response to the
manufacturing processes since Brian had been using traditional methodologies in the start of
the business. However, while overhauling the IT systems after inclusion of cyber security
policies, they checked that there were some of the significant discrepancies in the store,
which were being traced back to their respective store manager, Jamie Smith. They were
hence forced to sack Jamie, although in deference to their father’s wishes, they allowed Jamie
Smith to resign and work with a week’s notice.
After one week of Jamie’s resignation, Janice noticed a person was wandering around
the offices near the desk of a colleague, who was on holiday. After reviewing the CCTV
footage, the management of the firm realized that this particular person was on the premises
3
HACKING THE HUMAN
all the morning. The other employees, who had spoken to him got answer that he was Sam, a
new employee and was appointed by David. When computer logs were checked, it was
realized that a new admin account was being created and the organizational employee payroll
records were copied and then sold on the dark web. After proper investigation, it was found
out that Jamie, during his last week at work had posted several posts on LinkedIn and
Facebook and was approached by Sam for sharing his employee ID and proximity pass to get
involved in illegal activity and obtain 5000 pounds.
The next week while Janice was entering her office building, a USB drive was found
on the ground and when she put it into her PC, it showed that it the files were copied and a
ransomware attack has occurred. An image showed that the attacker demanded for a certain
ransom is to be paid to decrypt the files. The organization was able to identify the point and
with a decryptor tool, was able to decrypt the files, however after losing a full day’s business.
It was found out that few workers on shop floor were members of Fantasy Football League
had the habit to check out few web sites during lunch break. A new site offering was found
out by one player and it was the source of a ransomware attack.
The above mentioned breach could be easily analysed with the help of NIST cyber
security framework (Shackelford et al. 2015). This particular framework helps in providing a
policy framework of the computer security guidance for the procedure of private sector
organizations so that could assess as well as improve the overall ability of preventing,
detecting and responding to the cyber attacks. This framework eventually provides a higher
level taxonomy of cyber security results or a methodology to manage and assess the results.
Several changes subsequently involve proper guidance on the procedure of performing self
assessments, supply chain risk management details, interaction with the supply chain
stakeholders and various others (Abawajy 2014).
HACKING THE HUMAN
all the morning. The other employees, who had spoken to him got answer that he was Sam, a
new employee and was appointed by David. When computer logs were checked, it was
realized that a new admin account was being created and the organizational employee payroll
records were copied and then sold on the dark web. After proper investigation, it was found
out that Jamie, during his last week at work had posted several posts on LinkedIn and
Facebook and was approached by Sam for sharing his employee ID and proximity pass to get
involved in illegal activity and obtain 5000 pounds.
The next week while Janice was entering her office building, a USB drive was found
on the ground and when she put it into her PC, it showed that it the files were copied and a
ransomware attack has occurred. An image showed that the attacker demanded for a certain
ransom is to be paid to decrypt the files. The organization was able to identify the point and
with a decryptor tool, was able to decrypt the files, however after losing a full day’s business.
It was found out that few workers on shop floor were members of Fantasy Football League
had the habit to check out few web sites during lunch break. A new site offering was found
out by one player and it was the source of a ransomware attack.
The above mentioned breach could be easily analysed with the help of NIST cyber
security framework (Shackelford et al. 2015). This particular framework helps in providing a
policy framework of the computer security guidance for the procedure of private sector
organizations so that could assess as well as improve the overall ability of preventing,
detecting and responding to the cyber attacks. This framework eventually provides a higher
level taxonomy of cyber security results or a methodology to manage and assess the results.
Several changes subsequently involve proper guidance on the procedure of performing self
assessments, supply chain risk management details, interaction with the supply chain
stakeholders and various others (Abawajy 2014).
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Hacking the Human: Analysis, Interventions, and Ethical Issueslg...
|17
|5764
|273