Operation Security Policies and Controls

Verified

Added on 2020/04/21

AI Summary

This assignment delves into the critical topic of operation security, focusing on policies and controls designed to prevent and mitigate ransomware attacks. It outlines a range of measures, including software patching, reputable security suite implementation, network disconnection protocols, and the utilization of preventive kits like Crypto Locker Prevention. The emphasis lies on protecting sensitive data, particularly financial records, and employing both physical and administrative control methods to enhance cybersecurity posture.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: OPERATION SECURITY
Operation Security
[Name of the Student]
[Name of the University]
[Author note]

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

1OPERATION SECURITY
Table of Contents
Introduction:....................................................................................................................................2
Discussion:.......................................................................................................................................2
Policies for Mitigating attacks and supporting reasons for the policies:.....................................2
1. Backing up of data:..............................................................................................................2
2. Looking into the hidden file extensions:.............................................................................2
3. Use of filters in the Emails:.................................................................................................3
4. Disabling of the files that are running from the folders of AppData/ LocalAppData:........3
5. Disabling of the RDP:..........................................................................................................3
6. Patching and Updating of software:....................................................................................3
7. Using of the Reputable security suite:.................................................................................3
8. Disconnecting from any type of network:...........................................................................4
9. Use of different preventive kits:..........................................................................................4
Conclusion:......................................................................................................................................4
References:......................................................................................................................................5

2OPERATION SECURITY
Introduction:
LLC is a pharmaceutical company which is located in the Midwest of the US and is
employing around 150 employees. Recently the company has suffered from a Ransomware
attack but it has been able to recover from the attack by taking assistance from a third party IT
service company. Now the company has decided to adopt some policies so as to overcome the
situations similar to the ransomware attack (Choi, Scott, & LeClair, 2016). This report discusses
about some policies and how these policies can help the company along with the reasons which
will support the policies.
Discussion:
Policies for Mitigating attacks and supporting reasons for the policies:
Several policies can be adopted for the purpose of protecting the company details from
any type of cyber-attacks. Some of the important policies that can be adopted by the company for
protection of their data are listed below:
1. Backing up of data: This is the most important way in which the company can avoid
threats similar to that of the Ransomware attack. This policy includes the creation of backup on a
regular basis along with updating the backups. This is an administrative control and also acts as a
preventive method for losing any data.
2. Looking into the hidden file extensions: This process includes the re enabling of
looking into the full file extensions which will initially help in spotting the suspicious files. Fie
extensions with “. PDF.EXE” are the main files which the attackers use for getting into the

3OPERATION SECURITY
system of the users (Brewer, 2016). This is also a preventative policy that can be adopted by the
administrative department of the company.
3. Use of filters in the Emails: This include the use of the mail scanner at the gateway so
as to avoid the files with an extension of “.EXE” and helps in denying the files which are having
two extensions. This a detective method used to prevent any threats.
4. Disabling of the files that are running from the folders of AppData/
LocalAppData: The company can make rules within the Windows or with Intrusions prevention
software’s that will help in disallowing of a particular behaviour if any type of attack attempts is
made (Song, Kim, & Lee, 2016). This is a physical method that can be adopted to prevent any
threats.
5. Disabling of the RDP: Most of the attacks are considered to be done by the use of
Remote Desktop Protocol or RDP. So by disabling the RDP the company can avoid many types
of attacks (Berriz, 2014). This a physical control method that can be adopted by the admiration.
6. Patching and Updating of software: The software that are outdated can be very much
advantageous for the attackers. This type of attacks can be avoided by the company if they
continue in updating their software’s in frequent intervals. The vendors of the software’s often
release their security updates and if the company enables the automatic update then they can visit
the vendors site automatically and update the software. Automatic update also helps in avoiding
the risks of getting harmed when the malware authors disguise themselves as software updates
(Touchette, 2016). This is a preventive policy that can be adopted by the company for the
purpose of preventing any threats.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

4OPERATION SECURITY
7. Using of the Reputable security suite: the company can adopt the policy of installing
both the anti-malware software and a software firewall which will help in identifying of any
types of threats and suspicious behaviours. The attacks can be of various types so to avoid this
both type of security is necessary (Roa, 2017). This is a physical preventive control policy.
8. Disconnecting from any type of network: Any types of attack like the Ransomware
can be easily avoided if the company immediately disconnects all its systems from the network
after identifying the characteristics on the screen. This is a physical preventive control policy in
which the administrators have to disconnect themselves from the network in order to protect their
privacy.
9. Use of different preventive kits: One such kit is the Crypto Locker Prevention kit
which helps in automating the process of disabling the running files in the App data and the
Local App data by the group policies along with disabling of the executable files that are running
from the temp directory (Richardson & North, 2017). This is a physical preventive control policy
for protection of the data of the company.
Conclusion:
The adaptation of the policies discussed above along with the control measures will
greatly help in the identification of the threats and avoid the threats in a very easy way. The
policies should put more emphasis in protecting the accounting data of the company as the
accounts forms the backbone of any type of organisation. All the policies stated above are
physical and administrative control method which helps in detecting preventing and correcting
any type of flaw of the company.

5OPERATION SECURITY

6OPERATION SECURITY
References:
Brewer, R. (2016). Ransomware attacks: detection, prevention and cure. Network
Security, 2016(9), 5-9.
Song, S., Kim, B., & Lee, S. (2016). The effective ransomware prevention technique using
process monitoring on android platform. Mobile Information Systems, 2016.
Choi, K. S., Scott, T. M., & LeClair, D. P. (2016). Ransomware against police: diagnosis of risk
factors via application of cyber-routine activities theory. International Journal of
Forensic Science & Pathology.
Berriz, C. (2014). Cybersecurity and United States Policy Issues. Global Security Studies, 5(3).
Touchette, F. (2016). The evolution of malware. Network Security, 2016(1), 11-14.
Roa, R. E. E. (2017). Ransomware Attacks on the Healthcare Industry (Doctoral dissertation,
Utica College).
Richardson, R., & North, M. (2017). Ransomware: Evolution, Mitigation and
Prevention. International Management Review, 13(1), 10.

1 out of 7

+13062052269

info@desklib.com

Operation Security Policies and Controls

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

CCE 3070 Network Management: Design and Support A disaster

Information Governance and Cyber Security: Risks and Mitigation Strategies

INFORMATION TECHNOLOGY MANAGEMENT.

Overview of Network Security: Types, Working Mechanism, Threats, Mitigation Tools

Cyber Security Breaches: Types, Prevention and Recommendations

IT Security Management