Understanding and Prioritizing Cybersecurity Alerts


Added on  2019-09-21

13 Pages4898 Words293 Views
FinancePolitical Science
Understanding and Prioritizing Cybersecurity Alerts_1

Task 1. Based on the case study, identify and analyse at least four (4) components ofinformation security risk management that the Te Mata Estate company could haveapplied in response to security breaches of its system.Ans. As mention in above case study of “Te Mata Estate company” that one of theemployees shared some sensitive information to a hacker in exchange of money, so there isneed to follow these component as I mention below.Identify — In this part our aim to develop an understanding of the cybersecurity risksto systems, people, assets, data and capabilities. Need to aware our staff membersabout the hacking and how it is so risky to share a little bit of company data to astranger. Understanding the business context, current business needs and related riskshelps organizations determine threats and assign prioritize to their security efforts.Protect — Organizations implement appropriate safeguards and security controls toprotect their most critical assets against cyber threats. For Example, here we can applyidentity management system (Like ISE 2.0identity service Engine), that is verypopular now a days and need to parallel apply some access control policies onnetwork devices to set privileges, role and rules and keep promoting /awareness andprovide training to staff.Detect— Organizations need to quickly detect events that could pose risks to datasecurity with the help of some security device like IDS (intrusionDetection System)helps to quickly detect intrusion on network (As it was an old technique). Usuallyorganizations rely on continuous security monitoring by some monitoring tools andincident detection techniques and remedy tools. Organizations take action against adetected cybersecurity easily if they have some auto prevention system Example IPS(intrusion prevention System),Its not only detect but also prevent from unnecessaryattacks/ malware as it is embedded by AMP (Advanced malware protection ) thatis always connected with Cloud to update the latest signature of worms etc.Recover — Organizations develop and implement activities to restore capabilities byhaving some personal data centre services that were impacted by a security incident.This group of activities aims at supporting timely recovery to normal operations toreduce the impact from attack, it also includes recovery planning, improvements (e.g.,introduction of new policies or updates to existing policies).(Reference – CCNP Security SIAS)1 | P a g e
Understanding and Prioritizing Cybersecurity Alerts_2

Task 2. You are working as a security expert, evaluate whether the Te Mata Estatecompany has followed the recommended assurance and compliance components inenhancing the system security. At least three (3) components to be evaluated.Ans. There are three components that Te Mata Estate company shall followed to enhancingthe system security breaches are:1. Confidentiality:When protecting information, we want to be able to restrict access to those who can see it,everyone else should be disallowed from learning anything about its contents. This is theessence of confidentiality. For example, federal law requires that company restrict accessto unauthenticated user of sensitive information. The company must be sure that onlythose who are authorized have access to view data / files.2. Integrity:Integrity is the assurance that the information being accessed has not been altered and trulyrepresents what is intended. Just as a person with integrity means what he or she says and canbe trusted to consistently represent the truth, information integrity means information trulyrepresents its intended meaning. Information can lose its integrity through malicious intent,such as when someone who is not authorized makes a change in function to intentionallydown something. An example of this would be when a hacker is hired to go into thecompany’s system and shoot an attack in system to downgrade it.3. Authentication:The most common way to identify someone is through their physical appearance, but how dowe identify someone sitting behind a computer screen or any system.Tools for authenticationare used to ensure that the person accessing the information is, indeed, who they presentthemselves to be. Authentication can be accomplished by identifying someone through one ormore of three factors: something they know, something they have, orsomething they are.For example, the most common form of authentication today is the user ID and password.In this case, the authentication is done by confirming something that the user knows (their IDand password). But after successfully authentication next step is to push user anauthorization policy with access list.(Reference CCNA – security)2 | P a g e
Understanding and Prioritizing Cybersecurity Alerts_3

Task 3.a. Select three (3) information security risk management controls and three standards.b. Identify and analyse these six controls and standards, which the Te Mata Estatecompany could have utilised prior to setting up the information system.Ans. Three information security risk management controls are: IT Security Policies- This document sets the baseline standards of IT security policy for Government bureaux/departments. It states what aspects are of paramount importance.IT Security Guidelines: The document says on the policy requirements and sets the implementation standard on the security requirements specified in the Baseline IT Security Policy.Security Risk Assessment - This document provides the practical guidance and reference for security risk assessment & audit in the Government. Three information security risk Standard are:ISO 27001- This document provides the ISO standards of the requirements for establishing,implementing, maintaining and continually improving an information security managementsystem within the context of the organization.COBIT - The Control Objectives for Information and related Technology (COBIT) ispublished by the Standards Board of Information Systems Audit and Control Association(ISACA) providing a control framework for the governance and management of enterpriseIT.ITIL - This document introduces a collection of best practices in IT service management(ITSM) and focuses on the service processes of IT and considers the central role of the user. A company (Like Te Mata Estate) can utilise these controls and Standard by: Follow the policies and stay to the policies:The organization should establish, implement and maintenance the policies and Guidelines about the information security. This is to ensure the employees follow the rules to access to the information. Information security policies are very important in the organization because the information security policy will state the information security requirements.Hiring the qualification employees:To protect and secure the confidential information well, the organization should hire the IT experts and employee that have the right qualification or certified like (CCIE /ITIL etc)3 | P a g e
Understanding and Prioritizing Cybersecurity Alerts_4

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Cyber-Risk Assessment and Incident Management

Four Incident Management Practices to Fix in Order

Maintaining SLAs While Handling Major Incidents

Risk Analysis in Software Development

Signs of a Network Data Breach & How to Prevent One

IS Security and Risk Management