Four Incident Management Practices to Fix in Order

Verified

Added on  2019/09/30

|13
|4756
|555
Report
AI Summary
The assignment is about incident management practices and codes of professional practice for IT professionals in New Zealand. The company, Te Mata Estate, has experienced a security breach and the task is to identify and analyze at least four incident management practices that could have been applied in this incident. Additionally, the task requires analyzing at least four codes of professional practice for IT professionals in New Zealand that are deemed appropriate while responding to various security breaches.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
DIPLOMA IN
NETWORKING (LEVEL 7)
INFORMATION SECURITY
Name
[Email address]
ASSESSMENT 2- Case Study Base

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Task 1. Based on the case study, identify and analyse at least four (4) components of
information security risk management that the Te Mata Estate company could have
applied in response to security breaches of its system.
Ans. As mention in above case study of “Te Mata Estate company” that one of the employees
shared some sensitive information to a hacker in exchange of money, so there is need to
follow these component as I mention below.
Identify — In this part our aim to develop an understanding of the cybersecurity risks
to systems, people, assets, data and capabilities. Need to aware our staff members
about the hacking and how it is so risky to share a little bit of company data to a
stranger. Understanding of a business context, current business needs and related risks
helps organizations determine threats and assign prioritize to their security efforts.
Protect — Organisation shall implement appropriate safety guards and security
controls to protect their most critical assets against cyber threats. For Example, here
we can apply identity management system (Like ISE2.0 identity service Engine),
that is very popular now a days and need to parallel apply some access control
policies on network devices to set privileges, role and rules and keep promoting
/awareness and provide training to staff.
Detect— Organisation need to quickly detect events that could pose risks to data
security with the help of some security device like IDS (intrusionDetection System)
helps to quickly detect intrusion on network (As it wasanold technique). Usually
organizations rely on continuous security monitoring by some monitoring tools and
incident detection techniques and remedy tools. Organizations take action against a
detected cybersecurity easily if they have some auto prevention system Example IPS
(intrusion prevention System),Its not only detect but also prevent from unnecessary
attacks/ malware as it is embedded by AMP (Advanced malware protection ) that
is always connected with Cloud to update the latest signature of worms etc.
Recover — Organizations need to develop or implement various activities to restore
such a capabilities by having some personal data center service. That was impacted by
a security breaches, with the help this activities aim at supporting timely recovery to
normal operation so that it can reduce the impact from any attack , It also consider a
recovery planning , improvements .(For eg. Introduce new policies or updates for
existing policies).
(Reference – CCNP Security SIAS)
1 | P a g e
Document Page
Task 2. You are working as a security expert, evaluate whether the Te MataEstate
company has followed the recommended assurance and compliance components in
enhancing the system security. At least three (3) components to be evaluated.
Ans. There are three components that Te Mata Estate company shall followed to enhancing
the system security breaches are:
1. Confidentiality:
When we talking about protecting information, we just want to be able to restrict access to
those who are permitted, everyone else should be disallowed from learning anything about its
contents. This phenomenon known as confidentiality. For example, A company restrict
access to unauthenticated user of sensitive information. The company must be sure that
only those who are authorized have access to view data / files.
2. Integrity:
Integrity is the assurance that the information being accessed has not been altered and truly
represents what is intended. Just as a person with integrity means what he or she says and can
be trusted to consistently represent the truth, information integrity means information truly
represents its intended meaning. Information can lose its integrity through malicious intent,
such as when someone who is not authorized makes a change in function to intentionally
down something. An example of this would be when a hacker is hired to go into the
company’s system and shoot an attack in system to downgrade it.
3. Authentication:
A most common way to identify someone is through their physical appearance, but how do
we identify someone sitting behind a computer screen or any system. Tools for authentication
are used to ensure that the person accessing the information is ,indeed , who they present
themselves to be. Authentication can be accomplished by identifying someone through one or
more of three factors , something they know, something they have , or something they are.
For example , The most common form of authentication today is the user id and password. In
this case the authentication is done by confirming something that the user knows (their ID
and password). But after successfully authentication next step is to push user an authorization
policy with access list.
(Reference CCNA – security)
2 | P a g e
Document Page
Task 3.
a. Select three (3) information security risk management controls and three standards.
b. Identify and analyse these six controls and standards, which the Te Mata Estate
company could have utilised prior to setting up the information system.
Ans. Three information security risk management controls are:
IT Security Policies- In this document it sets the baseline standards of IT security policy for
Government bureaux / departments. It explains the aspects of paramount importance.
IT Security Guidelines: It says on the policy requirements and sets the implementation
standard on security requirements specified in Baseline IT Security Policy.
Security Risk Assessment- This document states the reference and practical guidance for
security risk assessment & audit in Government.
Three information security risks Standard are:
ISO 27001- This document states the requirements for ISO standards for establishing,
implementing, maintaining and improving the information security management system
within the organization
COBIT - Standards Board of Information Systems Audit and Control Association (ISACA)
published the Control Objectives for Information and related Technology (COBIT) is
providing a control framework for the management and governance of enterprise IT.
ITIL - This document tells best practices in IT service management (ITSM) and focuses on
the service IT processes and reviews the central role of user.
A company (Like Te Mata Estate) can utilise these controls and Standard by:
Follow the policies and stay to the policies:
The organization should implement, maintenance and establish the Guidelines and policies of
information security. This is to ensure to access the information, employees should follow the
rule. Information security policies are very important in the organization because the
information security policies will states the requirements for the information security.
Hiring qualificatied employees:
To secure and protect the confidential information well, organization should hire IT experts
and employee who have the right qualification or certified like (CCIE /ITIL etc) to
protect the data. This is to ensure the employee know what procedures should follow if
problem occurs and to protect the data as well. Besides that, the IT expert or Employee have
better knowledge of information security and know the steps to ensure the information is to
keeping safely the information.
3 | P a g e

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Task 4. Based on the case study, the incident (unethical hacking) which took place in
2008, evaluate how ethical hacking could have helped overcome Te Mata company
system breach.
Ans. First we must go through it “What is Hacker or what its shades”
Hackers may be bad or good depending upon the aspiration or purpose behind their work.
Black Hat Hacker (unethical Hacker)
A black hat hacker is also called as a cracker, as these types of hackers hold a good
knowledge in computer networking, Network protocols, and system administration, but these
types of hackers are account for cybercrime as they hack the systems for unethical reasons.
White Hat Hacker (Ethical Hacker)
Opposite version of the Blackhat hacker is white hat hacker, these hackers holds the same
kind of knowledge as black hat hackers, but they use their knowledge in an ethical way, and
they are network security professional so called as ethical hackers.
The ethical hacker works according to their ethics of hacking and protect the system or
network in interest of individuals (like Te Mata company system) on the internet as they are
the cyber security professional. Ethical hacking is the gaining permission in authorized way
for the same. Ethical hackers involved in the organization to access networks and systems
with the purpose of discovering the susceptibility and fixing them. Role of the ethical hacker
is like that of a susceptibility tester, but they break into the systems ethically and legally.
(Reference - Linux Red Hat)
Task 5. Based on the case study, the security breach that took place in 2011 is an
example of a Social engineering technique known as phishing. Identify and analysehow
phishing takes place and the counter measures that can be applied to protect the
company.
Ans. Phishing is a method of gather personal information using illusive websites and e-mails.
Phishing is a cyber-attack that uses conceal email as a weapon. The goal is to practice the email
recipient into assuming that the message is something they need or want - a request from their bank,
for instance, or a message from someone in their company — and to download an attachment or click
a link. Phishing take place with a help of phishing kit bundles phishing website tools and resources
that only be installed on a server. Once it get installed, all the attackers needs to do is send out emails
to potential victims.
But we have counter measure that helps to protect over these attacks are:
4 | P a g e
Document Page
1. Inbound email sandboxing
Deploy a resolution that checks the safety of an emailed link when a user clicks on it. This
safeguard against a new phishing strategy that I've seen from cybercriminals. Bad people
sends a brand-new URL in an email to their targets to get into organization's email security.
The other strategy is when they introduce malicious code into website right after email URL
delivery.
2. Real-time inspection and analysis of your web traffic
At your gateway, stop malicious URLs from even getting to your users corporate inboxes.
Even for your corporate emails if you have inbound email sandboxing, some users might
click on a malicious link through a personal email account, like Gmail. In that case, your
corporate email spear-phishing protection is unable to see the traffic. Bottom line: your web
security gateway needs 98 percent effective at stopping malware and to be intelligent, analyse
content in real time.
3. Security awareness training.
Guide your employees what secure emails look like. Try to guide and show people what
affected emails will to look like. To correspond with that guiding is testing. Perform phishing
attempts against your own staff to measure their level of phishing attempts sophistication
handling.
(Reference CCNA – security)
Task 6. Identify and analyse at least three (3) approaches that the Te Mata Estate
company could have adopted to improve the security of network components to prevent
future security breaches.
Ans. Three Approaches that the Te Mata Estate Company should have adopted to Improve
the security of network componentsto prevent future security.
1. Password Security:
Better password policies in order to ensure passwords cannot be compromised. Below are
some of the most general policies that organizations should put in place.
Require complex passwords. It cannot be easily guessed. A study found says that the
top three passwords used by people in 2012 were 123456, 12345678 and password. A
password should not be a word that can be found in a dictionary.
Train employees not to share their passwords to anyone. To steal passwords one of the
primary methods that is used is to simply figure them out by asking the users or
administrators. Pretexting occurs when an attacker calls a helpdesk or security
administrator and pretends to be an authorized user having trouble logging in.
Users should change their passwords every two months, ensuring that any passwords
that might have been stolen or guessed will not be able to be used against the
5 | P a g e
Document Page
company. It is essential that users change their passwords on a regular basis. Change
passwords regularly.
2. Apply Firewalls:
Another method that an organization should use to increase security on its network is a
firewall. A firewall can exist as hardware or software (or both). A hardware firewall is
a device that is connected to the network and filters the packets based on a set of rules.
A software firewall runs on the operating system and intercepts packets as they arrive
to a computer. A firewall safeguard all company servers and computers by stopping
packets from outside the organization’s network that do not meet a strict set of criteria.
3. Work on Virtual Private Networks:
Using firewalls and other security technologies, organizations can effectively protect
many of their information resources by making them invisible to the outside world.
But what if an employee working from home requires access to some of these
resources?What if a consultant is hired who needs to do work on the internal
corporate network from a remote location? In these cases, a virtual private network
(VPN) is called for.
A VPN allows a user who is outside of a corporate network to take a detour around the
firewall and access the internal network from the outside. Through a combination of
software and security measures, this lets an organization allow limited access to its
networks while at the same time ensuring overall security.
(Reference CCNP Secure-VPN/ASA)
Task 7. The finance department has to decide, based on an email, whether a breach in
the communication has occurred between the company and suppliers. Evaluate at least
three (3) recommendations/resolutions that could be given to the company regarding
the security of communication and channels.
Ans. The Three resolution that help to company financial department regarding security of
communication are:
1. Verify a Site’s Security It’s natural to be a little wary about supplying sensitive
financial information online. As long as you are on a secure website, however, you
shouldn’t run into any trouble. Before submitting any information, make sure the site’s
URL begins with “https” and there should be a closed lock icon near the address bar.
Check for the site’s security certificate as well. If you get a message stating a certain
website may contain malicious files, do not open the website. Never download files from
suspicious emails or websites. Even search engines may show certain links which may
lead users to a phishing webpage which offers low cost products. If the user makes
purchases at such a website, the credit card details will be accessedby cybercriminals.
2.Check Your Online Accounts Regularly – If you don’t visit an online account for a
while, someone could be having a field day with it. Even if you don’t technically need to,
check in with each of your online accounts on a regular basis. Get into the habit of changing
6 | P a g e

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
your passwords regularly too. To prevent bank phishing and credit card phishing scams, you
should personally check your statements regularly. Get monthly statements for your financial
accounts and check each entry carefully to ensure no fraudulent transactions have been made
without your knowledge.
3. Use Next GenerationFirewalls for All Departments– Next–generation firewalls act as
buffers between you, your computer and outside intruders. You should use two different
kinds: a desktop firewall and a network firewall. The first option is a type of software, and
the second option is a type of hardware. When used together, they drastically reduce the odds
of hackers and phishers infiltrating your computer or your network.
(Reference – CCIE Security Development)
Task 8. Identify and analyse at least three (3) components of information security
operations that could have been utilised by the company in enhancing the system
security after the 2008 incident.
Ans. Three components of information security operation for system securityis AAA model
that we can use for Company in enhancing the system security after 2008 down fall.
Authentication:
Authentication is important because it enables organizations to keep their networks secure by
permitting only authenticated users (or processes) to access its protected resources, which
may include computer systems, networks, databases, websites and other network-based
applications or services.
Once authenticated, a user or process is usually subjected to an authorization process as well,
to determine whether the authenticated entity should be permitted access to a protected
resource or system. A user can be authenticated but fail to be given access to a resource if
that user was not granted permission to access it.
Authorization:
Authorization refers to the process of adding or denying individual user access to a computer
network and its resources. Users may be given different authorization levels that limit their
access to the network and associated resources. Authorization determination may be based on
geographical location restrictions, date or time-of-day restrictions, frequency of logins or
multiple logins by single individuals or entities. Other associated types of authorization
service include route assignments, IP address filtering, bandwidth traffic management and
encryption.
Accounting:
Accounting refers to the record-keeping and tracking of user activities on a computer
network. For a given time period this may include, but is not limited to, real-time accounting
of time spent accessing the network, the network services employed or accessed, capacity and
trend analysis, network cost allocations, billing data, login data for user authentication and
authorization, and the data or data amount accessed or transferred.
7 | P a g e
Document Page
(Reference CCNA – security)
Task 9. The Te Mata Estate company could have avoided the 2008 incident by utilising
vulnerabilities assessment and testing. Critically analyse how this assessment and
testing is implemented for a security system.
Ans. This Assessment can help to this company in several points:
1.Fully discover your attack surface—everything that touches your network, and every
way it might get attacked.
Organizations must cover all internal, cloud, and third-party IT assets that touch their
network and could act as an entry point for cybercriminals. This includes servers,
applications, managed IT infrastructure, and cloud assets, but also BYOD (Bring Your own
Device), Internet of Things (IoT) devices, industrial control systems (ICS), and third-party
assets from other business partners, the report noted. Businesses should also be aware of the
more than 200+ attack vectors, including phishing and malware, that could lead to an attack.
2. Understand your overall cyber-risk and the specific business risk of each asset if it
were breached.
Most organizations have not incorporated cyber risk into their vulnerability management
program, the report found. Adding the ability to assess the cyber risk of every asset touching
your network can help determine the total cyber risk of your enterprise, and ways to assess
and improve your cybersecurity posture.
3.Use risk-based analysis to prioritize to fixed issue and IT teams should work on,
postpone, and ignore.
Since most organizations reported a gap between the number of security alerts received and
the resources available to work through them, understanding your device and cyber risks can
help prioritize what issues to fix in what order, including unpatched software, password
issues, and misconfigurations.
(Reference – Self)
Task 10. Identify and analyse at least four (4) incident management practices that the
company could have applied in the 2008 incident.
Ans. The best incident management practices that the company should have applied in
the 2008 incident.
1. Offer multiple modes for incident logging.
8 | P a g e
Document Page
An incident can be logged through phone calls, emails, SMS, web forms published on
the self-service portal or via live chat messages, so that associate can log a ticket by
multiple option without wasting precious time.
2. Automatically categorize and prioritize IT incidents.
Incidents can be categorized and sub-categorized based on the area of IT or business
that the incident causes a disruption in like network, hardware etc
The priority of an incident can be determined as a function of its impact and urgency
using a priority matrix. The impact of an incident denotes the degree of damage the
issue will cause to the user or business. The urgency of an incident indicates the time
within which the incident should be resolved. Based on the priority, incidents can be
categorized as Low, High, Moderate and Critical.
3. SLA management and escalation.
While the incident is being processed, the technician needs to ensure the SLA isn't
breached. An SLA is the acceptable time within which an incident needs response
(response SLA) or reresolution (reresolution SLA). SLAs can be assigned to incidents
based on their parameters like category, requester, impact, urgency etc. In cases where
an SLA is about to be breached or has already been breached, the incident can be
escalated functionally or hierarchically to ensure that it is resolved at the earliest.
4. Handle major incidents by creating unique workflows.
This plays a key role in the process of incident management by monitoring howeffective
the process is, recommendingimprovements, and ensuring the process is followed, among
other responsibilities.
(Refence- ITIL Service Management Guide)
Task 11. As an IT professional working for the Te Mata Estate company, identify and
analyse at least four (4) Codes of Professional Practice of IT Professionals in New
Zealand that are deemed appropriate while responding to the various security breaches
in the company.
Ans. The codes of Professional Practice of IT Professionals are:
1.Relationship Management:
When Seeking to new Customers it ensures that a common understanding exists throughout
the organisation of its corporate objectives, market position, product lines and development
plans and that these form the basis of marketing strategy.
When Selling to Prospective Customers Do not overstate the capabilities, performance and
benefits of the proposed products or services. Ensure the organisation has the necessary
resources available to deliver on schedule. Make your prospective client aware of any risks in
your proposed resolution.
Assure yourself that your prospective client will have or have access to the necessary skills,
equipment and organisation to make effective use of your proposed resolution. Identify to
9 | P a g e

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
your prospective client any additional costs or changes necessary to make effective use of the
proposed products and services.
2. Security
Maintain a thorough understanding of relevant regulations and guidelines. Keep up to date
with the threats, vulnerabilities to those threats and the range of countermeasures available to
avoid, reduce or transfer risk.
Resist any pressure to oversimplify the risk analysis; involve personnel at all levels within the
organisation to elicit the threats and the vulnerabilities to those threats. Ensure that the
decision-makers are fully aware of all the relevant facts and the possible consequences of
their decisions.
3.Safety Engineering
At all times, take all reasonable care to ensure that your work and the consequences of your
work cause no unacceptable risk to safety. Take all reasonable steps to make your
management, and those to whom they have a duty of care, aware of the risks you identify;
make anyone overruling or neglecting your professional advice formally aware of the
consequent risks.When Building a System,beware of novel approaches to specification,
design and implementation of knowledge-based computing and control systems; be attentive
to their attendant problems of verification, validation and the effect on safety- related
operation.
4.Quality Management
Express the organisation's commitment to quality through a clear and concisely written
quality policy. Make all members of the organisation aware of the quality policy. Provide a
means for all members of the organisation to find standards and procedures applicable to their
work. Make a clear distinction between mandatory, optional and advisory standards.
When Constructing New Quality Standards Involve those who will follow the new standards
in the writing and reviewing. Keep the language simple avoid jargon wherever possible.
(Reference - IITP Code of Good Practice circa 1972)
Task 12. Examine the IT Professionals New Zealand’s Code of Ethics and discuss how it
is related to the case study.
Ans.The Code of ethics that can relate to this case Study are:
1. Good faith – Associate shall treat people with dignity, good faith and equality,without
discrimination, and have consideration for the values and cultural sensitivities of all groups
within the community affected by their work. So that each employee should get respect in
their own domain and never pretend to do anything that is wrong in favour of company.
10 | P a g e
Document Page
2. Integrity –Employers shall act in the execution of their profession with integrity, dignity
and honour to merit the trust of the community and the profession, and apply honesty, skill,
judgement and initiative to contribute positively to the well-being of company society.
3. Skills - Members shall apply their skills and knowledge in the interests of their clients or
employers for whom they will act without compromising any other of these Tenets.
Employee shall use their skills and talent in respect of company to give future benefits. A
skilled employee is always an asset for a company.
4. Continuous Development –Developers should develop their knowledge, skills and
expertise continuously through their careers, contribute to the collective wisdom of the
profession, and actively encourage their associates to do likewise. Development is very
crucial part for reducing a risk for a company.
5. Competence - Members shall follow recognised professional practice and provide services
and advice carefully and diligently only within their areas of competence.
(Reference - IITP Code of Professional Conduct)
11 | P a g e
Document Page
REFERENCES:
CCNA SECURITY – Omar Santos, CISSP No.463598
John Stuppi, CCIE No.11154, By Pearson Education Inc
CISCO ASA- Richard A. Deal, by McGraw Hill Education Limited
RED HAT LINUX ADMINISTRATION- Michael Turner, Steve Shah – By McGraw
HillEducation Limited
CCIE PROFESSIONAL DEVELOPMENT By Pearson Education Inc
Network Security Technologies and Resolution – Yusuf Bhaji CCIE NO.9305
CCNP SECURITY VPN- Howard Hooper CCIE No.23470 By Pearson Education Inc
CCNP SECURITY SISAS – Aaron T. Worland, CCIE No.20113 By Pearson Education Inc
ITIL SERVICE MANAGEMENT GUIDE – Ahmad K. Shuja, CRC PRESS
IITP CODE OF GOOD PRACTICE CIRCA 1972- https://itp.nz/.org
IITP CODE OF PROFESSIONAL CONDUCT- https://itp.nz/.org
12 | P a g e
1 out of 13
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]