Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Network Security: Incident Response, Business Continuity, Data Breach, and Encryption

Verified

Added on 2023/06/10

AI Summary

This article discusses incident response, business continuity, data breach, and encryption in network security. It covers the importance of DNS and SNMP security, digital certificates, and SSL certificates. The article also provides mitigation techniques and recommendations for malware, social engineering, application, and wireless attacks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: NETWORK SECURITY
Network Security
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1
NETWORK SECURITY
Table of Contents
Answer to Question 1..........................................................................................................2
Answer to Question 5..........................................................................................................8
References..........................................................................................................................10

2
NETWORK SECURITY
Answer to Question 1
a) Incident response is an approach for addressing and managing a security breach or a cyber
attack. The goal of the incident response plan is to handle a situation (cyber security attack or
data breach) in such a way that the damages caused by an attack can be limited thus reducing the
recovery time and costs (Whitman, Mattord & Green, 2013). The incident response activities
should be conducted by Big Data Corporation’s computer security incident response team lead
by senior network security engineer (Ahmad, Maynard & Shanks, 2015). It is essential to
develop an incident response plan as responding to an incident quickly helps in minimizing the
losses of the company and further helps in mitigating the vulnerabilities exploited by the incident
response plan. Therefore, an incident response plan will help BigData Corporation to be prepared
for any unknown as well as any known method of identifying a security breach or a cyber
security attack.
The procedure of incident response that will be followed in BigData Corporation is
discussed in the following paragraphs-
The very first step of an incident response is to prepare a plan for the incident response.
This plan is important to test the company’s ability to respond to a security incident so that the
business damage can be reduced (Torres, 2014). The first step of developing an incident response
plan is to address the different business issues and assign roles to different individuals for
addressing the situation during a disaster. It is critically important to understand a business in
order to develop an incident response and a disaster recovery plan. It is foremost essential to
identify the risks associated with the company as an incident response plan is most likely to be
subjective. Therefore it is essential to monitor the key performance indicators to identify the

3
NETWORK SECURITY
areas of risks present in the organization so that it is possible to design an incident response plan
effectively. The final and the most significant steps of developing an incident response plan is
stress test the incident response plan that is developed. Testing is necessary as it unveils the
loopholes in the plan. Testing further ensures that a working plan is ready in times of need.
While preparing an incident response plan, it is needed to analyze the operating
environment of the company. The incident response plan should be related to the IT
infrastructure of the organization. It is essential to build a solid team so that the incident response
plan can be implemented effectively (Bada et al., 2014). After preparing the incident response
plan, it is essential to create quick response guides so that the incident response can be
effectively implemented in times of need.
The above discussed points are some basic steps that are recommended for the BigData
Corporation to develop the incident response plan. Since it is an IT service company, it is
essential to develop an incident response plan as an IR plan helps in easier disaster recovery. The
incident response procedures that will be followed in organization have to be well planned so
that it is able to serve its purpose.
b) Business continuity is one of the most significant factors for getting success in ICT industry.
Business continuity plan helps in ensuring that a business process can continue even during the
times of emergency or disaster (Sahebjamnia, Torabi & Mansouri, 2015). The factors that are
needed to be considered while preparing the business continuity plan including the disaster
recovery plan are as follows-
While developing a business continuity plan, it is essential to set a maximum tolerable
downtime by estimating the maximum number of worst case scenario. Identification of the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4
NETWORK SECURITY
maximum tolerable downtime helps in calculating the time a business will be able to continue
with its normal operation after the detection of the disaster.
After identification of the maximum tolerable downtime, it is essential to identify the
recovery point objective, which is the point to which the data in danger can be returned or
recovered to the original time (Wallace & Webber, 2017). This will be in associated with the last
data back up and therefore it is essential to set a recovery point in close intervals so that the
amount of data loss can be reduced.
Another significant step of developing a business continuity plan is to identify the
recovery time objective so that the data can be restored quite easily even the situation of
emergency (Bajgoric, 2014).
These are the significant factors that are needed to be considered for developing a
business continuity plan.
c) A data breach can be described as a security incident, where a sensitive and protected data is
copied, stolen or transmitted by an unauthorized individual (Romanosky, Hoffman & Acquisti,
2014). The data breach involves unauthorized exposure of the unstructured data which might
include files, documents and other sensitive information. It is an incident where the protected
data is disclosed in an unauthorized manner leading to a huge loss. The information that is leaked
in a data breach might include personal information, health information, personally identifiable
information and trade secrets (Cheng, Liu & Yao, 2017). The process by which the situation of
data breach can be handled is discussed in the following paragraphs-
The first and the foremost step of managing a data breach is to communicate that the
incident has occurred. Followed by this, it is necessary to disconnect all the affected systems

5
NETWORK SECURITY
(that could be identified) from the network so that the spread of malware can be prevented thus
limiting the risk of data breach only to the affected systems. This step will further help in
enforcing the business continuity plan along with the preservation of the relevant information
that might help in data breach forensic investigations (Team, 2015). It is often seen that during
an incident of data breach, people are eager to get their systems back online or in working
condition thus causing a serious loss to the forensic artifacts and the evidences. It is essential to
gather and capture all the volatile information present from all the systems that are affected by
the data breach along with the network traffic logs so that it becomes easier to identify the source
of the data breach (Jarvis et al., 2014). After that, it is foremost necessary to create a forensic
image of the affected machines as evidence. After the proofs of the data breach is successfully
secured, it is essential to begin the system rebuild so that it becomes easier to restore the business
processes.
These are the most basic yet the significant steps that will be taken if any incident of data
breach is faced in BigData Corporation.
d) The comparative analysis of malware, social engineering, application and wireless attack is
represented in the following table.
Malware Social Engineering Application and wireless
Attack
Malware is a software that is
designed to disrupt, damage and
gain unauthorized access to a
computer system. Therefore,
malware is most certainly
Social engineering is an art of
gaining an access to buildings or
any systems by exploiting the
human psychology rather than
making use of other hacking
This attack can be described as a
malicious action against a
particular wireless system or
wireless network such as denial
of service attack, penetration and

6
NETWORK SECURITY
harmful to a computer user and
includes computer viruses,
worms, Trojan horses and
spyware.
Malware is designed
intentionally to cause damage to
the computer or the system in
which is it being exposed.
Malware is the term for
malicious software
(Raveendranath et al., 2014). It is
designed to cause damage to a
standalone computer while that
of social engineering and
wireless attacks can target an
entire network.
techniques (Krombholz et al.,
2015). In this attack, instead of
finding a vulnerability in the
installed software of the system.
A social engineer can duke an
employee by posing as a IT
support person.
Social engineering is one of the
most successful ways for the
criminals to get inside the
organization. This is because
once a social engineer has
password of a trusted employee,
the social engineer can easily
snoop around for gaining an
access to the sensitive data.
Therefore with social
engineering, a criminal can easily
get inside an organization and
gain access to the sensitive data
of the organization.
sabotaging attack.
Wireless attack is fairly common
and there are mainly three types
of wireless attacks that are more
prevalent. These attacks include
denial of service attack or DOS,
man in the middle attack and
ARP poisoning (Patel &
Aggarwal, 2013).
A Wi-Fi network is more
vulnerable to wireless attacks
with a public WIFI being
exposed to wireless attacks to a
large extent.
The mitigation techniques and the recommendations on malware, social engineering,
application and wireless attacks are discussed as follows-

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

7
NETWORK SECURITY
As a mitigation technique for the malware attacks or to prevent the attacks it is essential
to monitor the mails in a regular interval. Mails from an unauthorized person should not be read
or the attachments in them should not be opened. If an email cannot be authenticated, it should
be deleted in order to prevent a malware attack.
As a defense against the social engineering attacks, it is essential for an individual to
remain aware of the information that is being shared (Heartfield & Loukas, 2016). Furthermore,
it is essential to identify the assets which could be valuable for the criminals and those assets
should be protected. Furthermore, it is essential to keep software up to date as it can mitigate a
lot of risk.
In order to mitigate the risks associated with a wireless network, it is recommended that
the wireless network and the channel are encrypted so that any unauthorized person cannot gain
an access to the system.
e) DNS security is important as the failure of the DNS (Domain Name System) can render an
organization completely unreachable (Kührer et al., 2014). The SNMP security is important as it
play an important role in configuring and accessing the information from the different devices
and systems.
The DNS attacks can be prevented by keeping the resolver private and protected. The
configuration of the DNS should be as secure as possible so that cache poisoning (which is a
type of DNS attack) can be prevented (Zhang et al., 2014). The SNMP attacks can be prevented
by making use of updated antivirus.

8
NETWORK SECURITY
Answer to Question 5
a) A digital certificate is an attachment provided to an electronic message that is mainly used for
a security purposes. One of the most common uses of digital certificate is verifying the user who
is sending a message. It is a form of digital passport that allows a person or a system to securely
exchange data and information over the internet (Manjusha & Ramachandran, 2015). An
individual or a system who is wishing to send an encrypted message to a sender can make use of
a digital certificate. The digital certificate mainly contains an applicant’s public key and other
information that can verify the identity of a user. The recipient of the message makes use of the
public key of the sender to decode the digital signature.
Public key encryption is a cryptographic system that makes use of both public and the
private key in the encryption and the decryption. One of the most important elements of public
key system is that both the public and the private key is related in such a way that the public key
can be used to encrypt a message while only the corresponding private key can decrypt them
(Hofheinz & Jager, 2016). In this encryption technique where the key used for the encryption is
not same as it is used in decryption. A standard public key encryption is quite secure in
comparison to the conventional encryption algorithms. This is because the private key that is
required for decryption is only known to the recipient. Therefore the public key encryption
technology is secure as long as the attacker has no information other than the pubic key that has
been used to encrypt a message.
The conventional encryption algorithm on the other hand involves transformation of plain
text into cipher text messages so that only the intended receiver can decode them. Both the
sender and the receiver have to agree upon a particular secret key for encryption and decryption.

9
NETWORK SECURITY
This secret key is transmitted by public key encryption methods. In the conventional encryption
process, it is assumed that it is mathematically impossible to derive the plaintext from the sent
cipher text without the key (Kahate, 2013). One of the significant disadvantages of making use
of convectional encryption algorithm is that once the secret key is lost, it becomes practically
impossible to decode the sent message.
From the security point of view, it can be said that public key encryption is more secure
as the conventional algorithms has certain vulnerabilities in it (Hofheinz & Jager, 2016). The
conventional algorithm is more prone to brute force attack in comparison to the public key
algorithms.
b) SSL certificates can be described as small data files that help in binding a cryptographic key
to the organization’s detail digitally (Krishna et al., 2014).
The SSL certificate of ASB bank in New Zealand is evaluated. The validity period of this
certificate is 39 months. The encryption algorithm that is used to create the signature is the
public key encryption algorithm. The owner of this certificate is ASB bank and the issuer of this
certificate is FirstNet. Asymmetric public key is used to encrypt this certificate. The certificate
holder is ASB bank located in New Zealand.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

10
NETWORK SECURITY
References
Ahmad, A., Maynard, S. B., & Shanks, G. (2015). A case analysis of information systems and
security incident responses. International Journal of Information Management, 35(6),
717-723.
Bada, M., Creese, S., Goldsmith, M., Mitchell, C., & Phillips, E. (2014). Computer Security
Incident Response Teams (CSIRTs) An Overview. Global Cyber Security Capacity
Centre, 1-23.
Bajgoric, N. (2014). Business continuity management: a systemic framework for
implementation. Kybernetes, 43(2), 156-177.
Cheng, L., Liu, F., & Yao, D. (2017). Enterprise data breach: causes, challenges, prevention, and
future directions. Wiley Interdisciplinary Reviews: Data Mining and Knowledge
Discovery, 7(5), e1211.
Heartfield, R., & Loukas, G. (2016). A taxonomy of attacks and a survey of defence mechanisms
for semantic social engineering attacks. ACM Computing Surveys (CSUR), 48(3), 37.
Hofheinz, D., & Jager, T. (2016). Tightly secure signatures and public-key encryption. Designs,
Codes and Cryptography, 80(1), 29-61.
Hofheinz, D., & Jager, T. (2016). Tightly secure signatures and public-key encryption. Designs,
Codes and Cryptography, 80(1), 29-61.

11
NETWORK SECURITY
Jarvis, K., Milletary, J., Unit, D. S. C. T., & Intelligence, T. (2014). Inside a Targeted Point-of-
Sale Data Breach. Last accessed August, 20.
Kahate, A. (2013). Cryptography and network security. Tata McGraw-Hill Education.
Krishna, P. V., Misra, S., Joshi, D., Gupta, A., & Obaidat, M. S. (2014). Secure socket layer
certificate verification: a learning automata approach. Security and Communication
Networks, 7(11), 1712-1718.
Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2015). Advanced social engineering
attacks. Journal of Information Security and applications, 22, 113-122.
Kührer, M., Hupperich, T., Rossow, C., & Holz, T. (2014, August). Exit from Hell? Reducing
the Impact of Amplification DDoS Attacks. In USENIX Security Symposium (pp. 111-
125).
Manjusha, R., & Ramachandran, R. (2015). Secure authentication and access system for cloud
computing auditing services using associated digital certificate. Indian Journal of Science
and Technology, 8(S7), 220-227.
Patel, M. M., & Aggarwal, A. (2013, March). Security attacks in wireless sensor networks: A
survey. In Intelligent Systems and Signal Processing (ISSP), 2013 International
Conference on(pp. 329-333). IEEE.
Raveendranath, R., Rajamani, V., Babu, A. J., & Datta, S. K. (2014, July). Android malware
attacks and countermeasures: Current and future directions. In Control, Instrumentation,
Communication and Computational Technologies (ICCICCT), 2014 International
Conference on (pp. 137-143). IEEE.

12
NETWORK SECURITY
Romanosky, S., Hoffman, D., & Acquisti, A. (2014). Empirical analysis of data breach
litigation. Journal of Empirical Legal Studies, 11(1), 74-104.
Sahebjamnia, N., Torabi, S. A., & Mansouri, S. A. (2015). Integrated business continuity and
disaster recovery planning: Towards organizational resilience. European Journal of
Operational Research, 242(1), 261-273.
Team, V. R. (2015). 2015 data breach investigations report.
Torres, A. (2014). Incident response: How to fight back. SANS Institute InfoSec Reading Room.
Wallace, M., & Webber, L. (2017). The disaster recovery handbook: A step-by-step plan to
ensure business continuity and protect vital operations, facilities, and assets. Amacom.
Whitman, M. E., Mattord, H. J., & Green, A. (2013). Principles of incident response and disaster
recovery. Cengage Learning.
Zhang, Z. K., Cho, M. C. Y., Wang, C. W., Hsu, C. W., Chen, C. K., & Shieh, S. (2014,
November). IoT security: ongoing challenges and research opportunities. In Service-
Oriented Computing and Applications (SOCA), 2014 IEEE 7th International Conference
on (pp. 230-234). IEEE.

1 out of 13

+13062052269

info@desklib.com

Network Security: Incident Response, Business Continuity, Data Breach, and Encryption

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Application of Risk Mitigation and Planning Tools

Social Security Administration Security Audit

Cyber Security Report

Outline for a Security Program Management Tabletop

Incident Response Procedure, Business Continuity Plan, Data Breach, and Network Security

Enhancing Cyber Resilience Across Borders