Information Security Management
Added on 2022-09-05
14 Pages2484 Words33 Views
|
|
|
Running head:Information Security Management 1
Information Security Management
Name
Institution
Information Security Management
Name
Institution
Information Security Management 2
Summary
Every day, some attacks have been designed to steal confidential data. The main targets of
these attacks are the organizations that harbor large databases, according to the Verizon Data
Breach Investigation Report of 2015. The databases are being attacked because they form the heart
of an organization, and the main targets include business data, personal information, and other
confidential own records (Wirtz & Heisel, 2019, July). Many organizations are not protecting these
data well enough. The hacking happens when malicious people have access to personal information
that may inflict damage to business operations, and besides, there may be a financial loss to an
organization (Maurer, 2004). Organizations have also suffered reputation, loss, and breaches that
may result in regulatory violations, legal fees, and fines.
The top threats to data include excessive privileges, including when workers are granted
rights that surpass their activity necessities. The benefits can be manhandled, for instance if a bank
bookkeeper may have too much privilege access and increase the bookkeeper balance for an offered
record, to take fitting measures to secure the data, and get to benefits, most organizations still
neglect to refresh the entrance benefits for workers who change jobs inside the association (Elmasri
& Navathe, 2011).
Another database attack include database injection attacks, the two types of attacks include
the DQL injection, and database systems (Stech, Heckman & Strom, 2016). Although big data is
not susceptible to SLQ injection attacks, they have their vulnerabilities that make it possible to have
a successful attack. Malware attack is another type of attack that may be carried out on a database
(Wirtz & Heisel, 2018, October). Lack of patch of databases is another problem that may lead to a
successful attack. Most companies still take time to do patching that leads to high workloads,
complex, and time-consuming procedures for testing and implementing the database patches.
Summary
Every day, some attacks have been designed to steal confidential data. The main targets of
these attacks are the organizations that harbor large databases, according to the Verizon Data
Breach Investigation Report of 2015. The databases are being attacked because they form the heart
of an organization, and the main targets include business data, personal information, and other
confidential own records (Wirtz & Heisel, 2019, July). Many organizations are not protecting these
data well enough. The hacking happens when malicious people have access to personal information
that may inflict damage to business operations, and besides, there may be a financial loss to an
organization (Maurer, 2004). Organizations have also suffered reputation, loss, and breaches that
may result in regulatory violations, legal fees, and fines.
The top threats to data include excessive privileges, including when workers are granted
rights that surpass their activity necessities. The benefits can be manhandled, for instance if a bank
bookkeeper may have too much privilege access and increase the bookkeeper balance for an offered
record, to take fitting measures to secure the data, and get to benefits, most organizations still
neglect to refresh the entrance benefits for workers who change jobs inside the association (Elmasri
& Navathe, 2011).
Another database attack include database injection attacks, the two types of attacks include
the DQL injection, and database systems (Stech, Heckman & Strom, 2016). Although big data is
not susceptible to SLQ injection attacks, they have their vulnerabilities that make it possible to have
a successful attack. Malware attack is another type of attack that may be carried out on a database
(Wirtz & Heisel, 2018, October). Lack of patch of databases is another problem that may lead to a
successful attack. Most companies still take time to do patching that leads to high workloads,
complex, and time-consuming procedures for testing and implementing the database patches.
Information Security Management 3
Contents
Summary..................................................................................................................................2
Contents....................................................................................................................................3
Information Security Use Cases...............................................................................................5
No.........................................................................................................................................5
Use Case Description..........................................................................................................5
Mitre ID...............................................................................................................................5
Mitre Tactic........................................................................................................................5
Mitre Technique.................................................................................................................5
Data Sources.......................................................................................................................5
Mitigations..........................................................................................................................5
Detections............................................................................................................................5
NIST REF#..........................................................................................................................5
CSC REF#...........................................................................................................................5
Conclusions............................................................................................................................11
References..............................................................................................................................11
Contents
Summary..................................................................................................................................2
Contents....................................................................................................................................3
Information Security Use Cases...............................................................................................5
No.........................................................................................................................................5
Use Case Description..........................................................................................................5
Mitre ID...............................................................................................................................5
Mitre Tactic........................................................................................................................5
Mitre Technique.................................................................................................................5
Data Sources.......................................................................................................................5
Mitigations..........................................................................................................................5
Detections............................................................................................................................5
NIST REF#..........................................................................................................................5
CSC REF#...........................................................................................................................5
Conclusions............................................................................................................................11
References..............................................................................................................................11
Information Security Management 4
Introduction
MITRE ATT&Ck is a set of tools that help to logically assess the security controls against
the risks that a company may face. The MITRE Framework is useful in in understanding the gaps
that are existing in the current system, there are many usecases that make MITRE attacks
compelling and need a closer look by companies. The use cases are used to describe application
threat intelligence. The threat intelligence data is important in most security operations and most
security officers do not know what to do with the security operations. Most individuals will step
back and view what they need to do more strategically (Wirtz & Heisel, 2018, October). MITRE
ATT&CK gives the cyber security professionals a way to relate the probability of the threats, a
prospective attacker tactics and the techniques used in the attacks are documented. The response are
also well outlined. The MITRE ATTACK helps document a good view of the system gaps that
may face these threats, then using the security framework build from the MITRE ATT&CK, a
security plan can be built (Munaiah & Meneely, 2016, November). The MITRe ATT&CK maix has
been shown in appendix A in the appendices section.
Introduction
MITRE ATT&Ck is a set of tools that help to logically assess the security controls against
the risks that a company may face. The MITRE Framework is useful in in understanding the gaps
that are existing in the current system, there are many usecases that make MITRE attacks
compelling and need a closer look by companies. The use cases are used to describe application
threat intelligence. The threat intelligence data is important in most security operations and most
security officers do not know what to do with the security operations. Most individuals will step
back and view what they need to do more strategically (Wirtz & Heisel, 2018, October). MITRE
ATT&CK gives the cyber security professionals a way to relate the probability of the threats, a
prospective attacker tactics and the techniques used in the attacks are documented. The response are
also well outlined. The MITRE ATTACK helps document a good view of the system gaps that
may face these threats, then using the security framework build from the MITRE ATT&CK, a
security plan can be built (Munaiah & Meneely, 2016, November). The MITRe ATT&CK maix has
been shown in appendix A in the appendices section.
End of preview
Want to access all the pages? Upload your documents or become a member.
Related Documents
Network Security Fundamentalslg...
|4
|659
|33
Study on Causes for Data Breacheslg...
|7
|2026
|231
Acsc Case Study And Discussionlg...
|6
|1410
|17
Database Design for The Gill Art Gallery Scenariolg...
|10
|1266
|158
Risk Management for Kevin's Music: Security Threats, Probability-Impact Matrix, and Risk Controlslg...
|8
|1573
|305
Cyber Breach at Staysure.co.uk Ltd: A Case Studylg...
|22
|5741
|160