Cybersecurity Threats and Mitigation Strategies
VerifiedAdded on 2020/05/16
|10
|4262
|85
AI Summary
This assignment delves into the critical realm of cybersecurity, focusing on the significant threats posed to data privacy and security within web applications. It requires a thorough analysis of various attack vectors, including phishing, malware, and SQL injection, along with the development of effective detection, analysis, and mitigation strategies to counter these threats. The goal is to provide a comprehensive understanding of the evolving cybersecurity landscape and equip readers with practical tools to protect sensitive information in the digital age.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: INFORMATION SECURITY TECHNOLOGIES
Information Security Technologies
Name of the Student
Name of the University
Author’s Note
Information Security Technologies
Name of the Student
Name of the University
Author’s Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
INFORMATION SECURITY TECHNOLOGIES
Executive Summary
The paper reflects on the organization “Gigantic Corporation” that faces number of
Cybersecurity related issues. The main aim of the organization is to provide proper
understanding as well as knowledge about Cybersecurity risks to the stakeholders as well as to
the technologists of the organization so that they can be able to facilitate effective decision
making system within the organization. It is identified in this report that the organization
“Gigantic Corporation” faces number of threats as well as vulnerabilities that are mainly
associated with Cybersecurity. The threats as well as issues that the organization mainly faces
due to Cybersecurity includes cyber attack, hacking, Dos attack and more. It is identified that
the report illustrates various key agents due to which the Cybersecurity issues occur within the
organization. The paper also illustrates proper methods as well as steps that are helpful in
resolving the issues as well as challenges that the company generally faces due to the issue of
Cybersecurity. The steps that are mainly highlighted in this report in order to resolve the issues
as well as challenges of Cybersecurity generally includes adaptation of proper security methods,
use of firewall, development as well as implementation of proper risk reduction strategies as well
as use of proper security controls. It is analyzed from the report that all this methods or steps are
quite effective in resolving the challenges that the company generally faces due to Cybersecurity
threats. In addition to this, the paper undertakes a literature review by reviewing various articles
as well as journals in order to analyze the methods that needs to be employed for the security of
the company’s website from various Cybersecurity threats. It is identified that website generally
faces number of threats as well as challenges that are must be resolved by adopting proper
strategies or methods. The methods that are generally employed by the company in order to
resolve the issues that are related with the security of website includes keeping proper updates
about Cybersecurity issues, use of stronger passwords, installation of security applications,
utilization of robots txt file and an encrypted SSL protocol as well as use proper web application
firewall. The methods or steps that are employed are helpful in resolving the Cybersecurity
issues that the website is facing. In addition to this, it can be analyzed that the proper analysis of
Cybersecurity risks, its key agents as well as steps of mitigating issues are quite helpful in
providing proper understanding as well as information to both the technologist as well as
stakeholders of the company so that they can be able to provide effective decision making
system to the organization.
INFORMATION SECURITY TECHNOLOGIES
Executive Summary
The paper reflects on the organization “Gigantic Corporation” that faces number of
Cybersecurity related issues. The main aim of the organization is to provide proper
understanding as well as knowledge about Cybersecurity risks to the stakeholders as well as to
the technologists of the organization so that they can be able to facilitate effective decision
making system within the organization. It is identified in this report that the organization
“Gigantic Corporation” faces number of threats as well as vulnerabilities that are mainly
associated with Cybersecurity. The threats as well as issues that the organization mainly faces
due to Cybersecurity includes cyber attack, hacking, Dos attack and more. It is identified that
the report illustrates various key agents due to which the Cybersecurity issues occur within the
organization. The paper also illustrates proper methods as well as steps that are helpful in
resolving the issues as well as challenges that the company generally faces due to the issue of
Cybersecurity. The steps that are mainly highlighted in this report in order to resolve the issues
as well as challenges of Cybersecurity generally includes adaptation of proper security methods,
use of firewall, development as well as implementation of proper risk reduction strategies as well
as use of proper security controls. It is analyzed from the report that all this methods or steps are
quite effective in resolving the challenges that the company generally faces due to Cybersecurity
threats. In addition to this, the paper undertakes a literature review by reviewing various articles
as well as journals in order to analyze the methods that needs to be employed for the security of
the company’s website from various Cybersecurity threats. It is identified that website generally
faces number of threats as well as challenges that are must be resolved by adopting proper
strategies or methods. The methods that are generally employed by the company in order to
resolve the issues that are related with the security of website includes keeping proper updates
about Cybersecurity issues, use of stronger passwords, installation of security applications,
utilization of robots txt file and an encrypted SSL protocol as well as use proper web application
firewall. The methods or steps that are employed are helpful in resolving the Cybersecurity
issues that the website is facing. In addition to this, it can be analyzed that the proper analysis of
Cybersecurity risks, its key agents as well as steps of mitigating issues are quite helpful in
providing proper understanding as well as information to both the technologist as well as
stakeholders of the company so that they can be able to provide effective decision making
system to the organization.
2
INFORMATION SECURITY TECHNOLOGIES
Table of Contents
1. Risk assessment based on threat, vulnerabilities and consequences with mitigation Strategies. 3
1.1 Risk assessment based on threat, vulnerabilities and consequences.....................................3
1.2. Risk Mitigation and its Impact.............................................................................................5
2. Literature Review........................................................................................................................6
References........................................................................................................................................8
INFORMATION SECURITY TECHNOLOGIES
Table of Contents
1. Risk assessment based on threat, vulnerabilities and consequences with mitigation Strategies. 3
1.1 Risk assessment based on threat, vulnerabilities and consequences.....................................3
1.2. Risk Mitigation and its Impact.............................................................................................5
2. Literature Review........................................................................................................................6
References........................................................................................................................................8
3
INFORMATION SECURITY TECHNOLOGIES
1. Risk assessment based on threat, vulnerabilities and consequences with
mitigation Strategies
1.1 Risk assessment based on threat, vulnerabilities and consequences
Traditional data security approaches are not found to be much helpful in the current
corporate organizations thus these are needed to be mitigated accordingly. Risk assessment
should be done based on threats, vulnerabilities and consequences derived from the IT control
framework. The IT control framework is consists of three different steps such as objectives,
requirements and actual performance that have to be done to resolve the issues. With the help of
the IT control framework the consequences of Gigantic Corporation could be resolved properly.
The steps for assess the risks considering the IT control frame work include system
characterizing, threat identification, control environment analysis and calculating risk rating.
The entire operational and functional structure of the company is facing challenges due to
lack of security approaches (Buczak & Guven, 2016). In order to gain competitive advantages
and more umber of consumers from the company is needed to identify the risks, assess the risks
as well. However, after identifying and analyzing the risks respective control strategies are also
needed to be adopted by the Corporation. Six different steps are there those are widely used by
the companies to assess the identified risks of the company (Gordon et al., 2015). The Company
is facing risks in their supply chain, customer relationship and existing data storage system as
well. The identified risks of Gigantic Corporation are as follows:
Risks in supply chain: It has been found that the physical supply chain of the company
might face numerous risks. Not only this but also the supply chain also faces important role in
the supply chain of the company. If any of the equipment is delivered through the supply chain
then there will raise cyber security risks during the phases of cyber security (Liu et al., 2015). If
any risk is identified after the delivery of any of an equipment then it is little difficult to detect
the responsible person.
The attacking technology such as virus inclusion in the hardware and software is currently
referred to as a leading one that is highly taking place due to Trojan attack in order to serve the
purpose of external hacking. Other different types of hardware attacks are also there that include
the followings:
The protected memory might be accessed by the unauthorized users
While performing invasive operation hardware tempering might occur (Bonaci et al.,
2015)
With the insertion of different hidden methods, the casual authentication mechanism of
the system might not support the system application
For the other malware and penetrative purposes, the manufacturing backdoors might be
created
INFORMATION SECURITY TECHNOLOGIES
1. Risk assessment based on threat, vulnerabilities and consequences with
mitigation Strategies
1.1 Risk assessment based on threat, vulnerabilities and consequences
Traditional data security approaches are not found to be much helpful in the current
corporate organizations thus these are needed to be mitigated accordingly. Risk assessment
should be done based on threats, vulnerabilities and consequences derived from the IT control
framework. The IT control framework is consists of three different steps such as objectives,
requirements and actual performance that have to be done to resolve the issues. With the help of
the IT control framework the consequences of Gigantic Corporation could be resolved properly.
The steps for assess the risks considering the IT control frame work include system
characterizing, threat identification, control environment analysis and calculating risk rating.
The entire operational and functional structure of the company is facing challenges due to
lack of security approaches (Buczak & Guven, 2016). In order to gain competitive advantages
and more umber of consumers from the company is needed to identify the risks, assess the risks
as well. However, after identifying and analyzing the risks respective control strategies are also
needed to be adopted by the Corporation. Six different steps are there those are widely used by
the companies to assess the identified risks of the company (Gordon et al., 2015). The Company
is facing risks in their supply chain, customer relationship and existing data storage system as
well. The identified risks of Gigantic Corporation are as follows:
Risks in supply chain: It has been found that the physical supply chain of the company
might face numerous risks. Not only this but also the supply chain also faces important role in
the supply chain of the company. If any of the equipment is delivered through the supply chain
then there will raise cyber security risks during the phases of cyber security (Liu et al., 2015). If
any risk is identified after the delivery of any of an equipment then it is little difficult to detect
the responsible person.
The attacking technology such as virus inclusion in the hardware and software is currently
referred to as a leading one that is highly taking place due to Trojan attack in order to serve the
purpose of external hacking. Other different types of hardware attacks are also there that include
the followings:
The protected memory might be accessed by the unauthorized users
While performing invasive operation hardware tempering might occur (Bonaci et al.,
2015)
With the insertion of different hidden methods, the casual authentication mechanism of
the system might not support the system application
For the other malware and penetrative purposes, the manufacturing backdoors might be
created
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
INFORMATION SECURITY TECHNOLOGIES
All of these above mentioned hardware attack or cyber threats may pertain to different
devices or system also such as:
The network system used by the corporation
The banking or accounting system that has been used by the company
The surveillance system used by the company
The industrial control system used by the company
The communication infrastructure of the device
If the company fails to cover the cyber security basics then the common vulnerabilities and
the cyber attack might become much dangerous. Due to lack of technical expertise and security
alerts the cyber attackers can attack the server of the company with different cyber attacks
(Hong, Liu & Govindarasu, 2014). It is the responsibilities of the company to consider the most
suitable risk mitigate approaches to resolve the issues easily.
While identifying the system generally used by the company different threats ad risks
assessment working guides are also helpful to grade the system and the two different terms based
on which the assessments are widely done include severity and exposure. On the other hand, the
more threats and vulnerabilities those might face by the Gigantic Corporation are elaborated
below.
Malware: Malware is referred to as an all encompassing term which holds various types of
cyber threats including Trojan, viruses, worms etc. This is defined as a code that intents to steal
confidential storage data. In addition to this it can also destroy many data stored in the computers
(Carr, 2016). This might take place if the users try to download attached files and click on links
send by the unknown senders. If the company lacks to use updated firewalls then also malware
attack might take place.
Phishing: Phishing attacks are done through emails, and links from unknown senders. In
this case the attackers himself requests for data and due to lack of proper ideas those data might
be misused or hijacked by the attackers (Cavelty, 2014). The phishing emails include different
links those directs the users to the dummy site that would steal the users personnel data.
Password attack: If the password using by the company is found to be not enough strong
then, those can be easily hijacked by the users. And the data stored in the server of the company
would be affected easily by the unauthenticated users. It is the responsibility of the users to
secure their server with strong password to avoid external attacks.
Denial of Services (DOS): DOS attack is referred to as a disruption to the services of the
network used by the corporate company. This might take place while sending huge set of data
from the sender side through the network channel. It requests for several connections and if any
wrong request is accepted then issues or external attack might occur (Buczak & Guven, 2016).
There are different ways through which the attackers can achieve DOS attack but the most
common DOS attack is the Distributed Denial of Service (DDOS) attack. This can also take a
huge figure because in case of DDOS attack, it is difficult to detect the attack at the initial phase.
Spoofing attack: The spoofing attack is referred to as an attack that is widely employed by
the cyber scammers and the external hijackers even to individual, deceiving systems. Two
INFORMATION SECURITY TECHNOLOGIES
All of these above mentioned hardware attack or cyber threats may pertain to different
devices or system also such as:
The network system used by the corporation
The banking or accounting system that has been used by the company
The surveillance system used by the company
The industrial control system used by the company
The communication infrastructure of the device
If the company fails to cover the cyber security basics then the common vulnerabilities and
the cyber attack might become much dangerous. Due to lack of technical expertise and security
alerts the cyber attackers can attack the server of the company with different cyber attacks
(Hong, Liu & Govindarasu, 2014). It is the responsibilities of the company to consider the most
suitable risk mitigate approaches to resolve the issues easily.
While identifying the system generally used by the company different threats ad risks
assessment working guides are also helpful to grade the system and the two different terms based
on which the assessments are widely done include severity and exposure. On the other hand, the
more threats and vulnerabilities those might face by the Gigantic Corporation are elaborated
below.
Malware: Malware is referred to as an all encompassing term which holds various types of
cyber threats including Trojan, viruses, worms etc. This is defined as a code that intents to steal
confidential storage data. In addition to this it can also destroy many data stored in the computers
(Carr, 2016). This might take place if the users try to download attached files and click on links
send by the unknown senders. If the company lacks to use updated firewalls then also malware
attack might take place.
Phishing: Phishing attacks are done through emails, and links from unknown senders. In
this case the attackers himself requests for data and due to lack of proper ideas those data might
be misused or hijacked by the attackers (Cavelty, 2014). The phishing emails include different
links those directs the users to the dummy site that would steal the users personnel data.
Password attack: If the password using by the company is found to be not enough strong
then, those can be easily hijacked by the users. And the data stored in the server of the company
would be affected easily by the unauthenticated users. It is the responsibility of the users to
secure their server with strong password to avoid external attacks.
Denial of Services (DOS): DOS attack is referred to as a disruption to the services of the
network used by the corporate company. This might take place while sending huge set of data
from the sender side through the network channel. It requests for several connections and if any
wrong request is accepted then issues or external attack might occur (Buczak & Guven, 2016).
There are different ways through which the attackers can achieve DOS attack but the most
common DOS attack is the Distributed Denial of Service (DDOS) attack. This can also take a
huge figure because in case of DDOS attack, it is difficult to detect the attack at the initial phase.
Spoofing attack: The spoofing attack is referred to as an attack that is widely employed by
the cyber scammers and the external hijackers even to individual, deceiving systems. Two
5
INFORMATION SECURITY TECHNOLOGIES
different types of spoofing that could hamper the cyber security of the corporation are IP
spoofing and ARP spoofs attack (Ben-Asher & Gonzalez, 2015). These kinds of manmade
attacks are initiated by the spoofers himself through unknown sources and unauthenticated users.
While sending data from the sender to the receiver these kinds of attacks took place.
1.2. Risk Mitigation and its Impact
For the mitigation of the risk analyzed for the development of the Cybersecurity solution
for Gigantic Corporation a network security plan should be developed and the vulnerability of
the system should be analyzed. The network security threats are analyzed according to their level
of impact on the current business process of the organization and the risk mitigation plan is
prepared. For the loss of confidentiality and the integrity of the resources of the organization that
have an severe impact on the growth of the organization, the servers installed in the network is
required to be configured according to the business policy and proper antivirus or spyware
program must be installed in the server for identification of the malicious codes that can be used
by the attackers to control the network (Hall, 2016). The attacker can use the malicious codes for
accessing the important information from the organizational servers such as the information of
the employees, other sensitive information for fooling the users and enforce distributed denial of
service attacks such that the network resources are unavailable to the users connected in the
network. A strong authentication mechanism should be applied for identification of the users
using the system. The username and the password formation must be strong such that it cannot
be easily cracked by the attackers (EugeneJennex, 2014). The password should be a combination
of special character and alpha numeric such that it cannot be cracked using brute force attacks.
The remote connection of the network should also be secured with the implementation of a
firewall and configuring it to block the unauthorized request coming from the unknown sources.
There are risk of drop of the performance of the network and increase in demand for
accessing the resources of the network, in such situation it would cause delay and incur loss of
data. The risks have a medium impact on the performance of the organization and can cause
restriction of the users to access the core elements of the network. The risk can cause failure of
the hardware and the software of the organizational network. There are risk of sabotage attacks
and it can be mitigated with the configuration of the routers and the servers installed in the
network (Jennex&Durcikova, 2013). The services that are running in the network unnecessarily
such as the SNMP, TELNET and FTP should be stopped such that the hackers does not finds a
way to intrude into the network. The organizational assets should be secured with password and
authentication such that the remote user does not have access to the core components. The drop
of the data packets in the network can cause corruption of the information and thus the drop of
packets should be avoided for improvement of the performance of the network (Haimes, 2015).
A penetration testing should be performed with the inclusion of a group of friendly system tester
such that the flaws in the current information system and the organization should be identified.
On proper identification of the open paths and vulnerability of the network the network should
be configured to block the open ports and the unnecessary services should be stopped for
eliminating the vulnerability of the network and securing the network from external agents.
INFORMATION SECURITY TECHNOLOGIES
different types of spoofing that could hamper the cyber security of the corporation are IP
spoofing and ARP spoofs attack (Ben-Asher & Gonzalez, 2015). These kinds of manmade
attacks are initiated by the spoofers himself through unknown sources and unauthenticated users.
While sending data from the sender to the receiver these kinds of attacks took place.
1.2. Risk Mitigation and its Impact
For the mitigation of the risk analyzed for the development of the Cybersecurity solution
for Gigantic Corporation a network security plan should be developed and the vulnerability of
the system should be analyzed. The network security threats are analyzed according to their level
of impact on the current business process of the organization and the risk mitigation plan is
prepared. For the loss of confidentiality and the integrity of the resources of the organization that
have an severe impact on the growth of the organization, the servers installed in the network is
required to be configured according to the business policy and proper antivirus or spyware
program must be installed in the server for identification of the malicious codes that can be used
by the attackers to control the network (Hall, 2016). The attacker can use the malicious codes for
accessing the important information from the organizational servers such as the information of
the employees, other sensitive information for fooling the users and enforce distributed denial of
service attacks such that the network resources are unavailable to the users connected in the
network. A strong authentication mechanism should be applied for identification of the users
using the system. The username and the password formation must be strong such that it cannot
be easily cracked by the attackers (EugeneJennex, 2014). The password should be a combination
of special character and alpha numeric such that it cannot be cracked using brute force attacks.
The remote connection of the network should also be secured with the implementation of a
firewall and configuring it to block the unauthorized request coming from the unknown sources.
There are risk of drop of the performance of the network and increase in demand for
accessing the resources of the network, in such situation it would cause delay and incur loss of
data. The risks have a medium impact on the performance of the organization and can cause
restriction of the users to access the core elements of the network. The risk can cause failure of
the hardware and the software of the organizational network. There are risk of sabotage attacks
and it can be mitigated with the configuration of the routers and the servers installed in the
network (Jennex&Durcikova, 2013). The services that are running in the network unnecessarily
such as the SNMP, TELNET and FTP should be stopped such that the hackers does not finds a
way to intrude into the network. The organizational assets should be secured with password and
authentication such that the remote user does not have access to the core components. The drop
of the data packets in the network can cause corruption of the information and thus the drop of
packets should be avoided for improvement of the performance of the network (Haimes, 2015).
A penetration testing should be performed with the inclusion of a group of friendly system tester
such that the flaws in the current information system and the organization should be identified.
On proper identification of the open paths and vulnerability of the network the network should
be configured to block the open ports and the unnecessary services should be stopped for
eliminating the vulnerability of the network and securing the network from external agents.
6
INFORMATION SECURITY TECHNOLOGIES
There are risks of link failure in the network and it can have a negative impact on the
network and thus redundant link must be created such that the every part of the network can be
reached using multiple paths. This increase the availability of the network resources and in case
if a link between the source and the destination address is broken the redundant link can be used
for transferring the data packets in the network and maintain the communication between the
nodes installed in different location of the network (Bahr, 2014). The software and operating
system used in the server should be updated and patched such that it is always secured. The risk
of financial loss caused due to accidents and involvement of the employees working in the
organization can be mitigated with the installation of an IPS and IDS system in the network and
monitoring the current usage of the network resources of the network (Curran, Berry &Sangsuk,
2014). The servers must be installed with a network monitoring tool such that the network
administrator can monitor the flow of the data in the network and manage the network
components connected in the network. The server loads can also be analyzed for balancing the
loads mitigate the risk of server overload and unavailability of the data residing in the servers.
For the management of the users the users needed to be grouped and their usage pattern should
be identified for making the management process easy (García-Herrero et al., 2013). The
network monitoring tool should be configured according to the usage and it should be configure
to generate notification to the network administrator if any network change or abnormality in the
data traffic is noted.
The routers, switches, servers and the other core components of the network should be
installed in a separate room and the normal users must be restricted to enter the room from
mitigation of the risk from physical access. The risk of malware can be prevented by providing a
training to the users to avoid installing of unknown software applications and avoiding of
downloading unknown attachment from unknown sources. The routers installed in the network
should also be configured with access control list such that the users cannot access the core
servers (Chemweno et al., 2015). The request coming from different sources should be verified
and an internal mail server should be configured for mitigation of the risk of phasing attacks and
enabling the users to communicate with each other using the intranet of the organization. A data
recovery and backup plan must be created for handing the emergency situation and the data
should be backed up at a regular interval such that if the security of the network is compromised
the backup servers can be used for retrieval of the information (EugeneJennex, 2014). The
backup should be stored in remote location and cloud solution can also be deployed for remote
storage and increasing the security of the network solution.
2. Literature Review
It is identified that in order to protect the website from Cybersecurity issues, it is quite
important to follow some of the significant steps. According to Matthews (2017), the company
needs to be keeping themselves up to date in order to avoid the issues that are associated with
Cybersecurity. It is identified that if the company has proper information or knowledge about the
possibility of the security risks then the website can be easily protected against the risks. The
company must follow updates at various tech sites and must use that information as a fresh
precaution for protecting the website. It is stated by Goud (2017) that computer users in the
office generally provide an easy access route to the website servers and therefore it is very much
INFORMATION SECURITY TECHNOLOGIES
There are risks of link failure in the network and it can have a negative impact on the
network and thus redundant link must be created such that the every part of the network can be
reached using multiple paths. This increase the availability of the network resources and in case
if a link between the source and the destination address is broken the redundant link can be used
for transferring the data packets in the network and maintain the communication between the
nodes installed in different location of the network (Bahr, 2014). The software and operating
system used in the server should be updated and patched such that it is always secured. The risk
of financial loss caused due to accidents and involvement of the employees working in the
organization can be mitigated with the installation of an IPS and IDS system in the network and
monitoring the current usage of the network resources of the network (Curran, Berry &Sangsuk,
2014). The servers must be installed with a network monitoring tool such that the network
administrator can monitor the flow of the data in the network and manage the network
components connected in the network. The server loads can also be analyzed for balancing the
loads mitigate the risk of server overload and unavailability of the data residing in the servers.
For the management of the users the users needed to be grouped and their usage pattern should
be identified for making the management process easy (García-Herrero et al., 2013). The
network monitoring tool should be configured according to the usage and it should be configure
to generate notification to the network administrator if any network change or abnormality in the
data traffic is noted.
The routers, switches, servers and the other core components of the network should be
installed in a separate room and the normal users must be restricted to enter the room from
mitigation of the risk from physical access. The risk of malware can be prevented by providing a
training to the users to avoid installing of unknown software applications and avoiding of
downloading unknown attachment from unknown sources. The routers installed in the network
should also be configured with access control list such that the users cannot access the core
servers (Chemweno et al., 2015). The request coming from different sources should be verified
and an internal mail server should be configured for mitigation of the risk of phasing attacks and
enabling the users to communicate with each other using the intranet of the organization. A data
recovery and backup plan must be created for handing the emergency situation and the data
should be backed up at a regular interval such that if the security of the network is compromised
the backup servers can be used for retrieval of the information (EugeneJennex, 2014). The
backup should be stored in remote location and cloud solution can also be deployed for remote
storage and increasing the security of the network solution.
2. Literature Review
It is identified that in order to protect the website from Cybersecurity issues, it is quite
important to follow some of the significant steps. According to Matthews (2017), the company
needs to be keeping themselves up to date in order to avoid the issues that are associated with
Cybersecurity. It is identified that if the company has proper information or knowledge about the
possibility of the security risks then the website can be easily protected against the risks. The
company must follow updates at various tech sites and must use that information as a fresh
precaution for protecting the website. It is stated by Goud (2017) that computer users in the
office generally provide an easy access route to the website servers and therefore it is very much
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
7
INFORMATION SECURITY TECHNOLOGIES
necessary to use stronger passwords as well as providing the facility of scanning all devices for
various types of malware. It is identified that it is also necessary to install proper security
applications in order to secure the website from various types of Cybersecurity issues. It is
opined by Deshpande, Nair, and Shah (2017) that installation of security applications helps in
providing free plugin that generally assists in providing an additional level of protection by
hiding the website CMS. By doing this, the company can become much more resilient against
various types of automated hacking tools that generally scot the web.
According to Wolters and Jansen (2017), the company must utilize robots txt file for
discouraging the search engines in order to avoid indexing admin pages by various search
engines. In addition to this, it is identified that website faces number of concerns due to file
uploads. Due to numerous file uploads, bugs generally get enter and assists in allowing the
hacker to get access of unlimited data from the website (Kessler, Dardick & Holton, 2017). One
of the best solution of avoid the problem of hacking is to prevent access to any of the files that
are uploaded in the website. The files must be stored outside the root directory and proper script
must be utilized in order to access the information whenever necessary. It is stated by Fowler et
al. (2017) that utilization of an encrypted SSL protocol for transferring the personal information
as well as data between the database as well as website is considered as one of the significant
step as it generally helps in preventing the information being read as well as transit without
appropriate authenticity. Furthermore, proper backup system must be present so that when the
hard disk drive fails then the data will be easily recovered with the help of the backup system.
One of the important steps that must be taken in order to secure the website from various types of
security issue is to utilize proper web application firewall. It is stated by Majhi (2015) that web
application firewall is mainly sets between the servers of the website as well as data connection
in order to read each of the data that is passing through it. It is identified once the application of
firewall is installed within the system it assists in blocking all the hacking attempts as well as
assists in filtering out different types of unwanted traffic like spammers and malicious bots.
INFORMATION SECURITY TECHNOLOGIES
necessary to use stronger passwords as well as providing the facility of scanning all devices for
various types of malware. It is identified that it is also necessary to install proper security
applications in order to secure the website from various types of Cybersecurity issues. It is
opined by Deshpande, Nair, and Shah (2017) that installation of security applications helps in
providing free plugin that generally assists in providing an additional level of protection by
hiding the website CMS. By doing this, the company can become much more resilient against
various types of automated hacking tools that generally scot the web.
According to Wolters and Jansen (2017), the company must utilize robots txt file for
discouraging the search engines in order to avoid indexing admin pages by various search
engines. In addition to this, it is identified that website faces number of concerns due to file
uploads. Due to numerous file uploads, bugs generally get enter and assists in allowing the
hacker to get access of unlimited data from the website (Kessler, Dardick & Holton, 2017). One
of the best solution of avoid the problem of hacking is to prevent access to any of the files that
are uploaded in the website. The files must be stored outside the root directory and proper script
must be utilized in order to access the information whenever necessary. It is stated by Fowler et
al. (2017) that utilization of an encrypted SSL protocol for transferring the personal information
as well as data between the database as well as website is considered as one of the significant
step as it generally helps in preventing the information being read as well as transit without
appropriate authenticity. Furthermore, proper backup system must be present so that when the
hard disk drive fails then the data will be easily recovered with the help of the backup system.
One of the important steps that must be taken in order to secure the website from various types of
security issue is to utilize proper web application firewall. It is stated by Majhi (2015) that web
application firewall is mainly sets between the servers of the website as well as data connection
in order to read each of the data that is passing through it. It is identified once the application of
firewall is installed within the system it assists in blocking all the hacking attempts as well as
assists in filtering out different types of unwanted traffic like spammers and malicious bots.
8
INFORMATION SECURITY TECHNOLOGIES
References
Bahr, N. J. (2014). System safety engineering and risk assessment: a practical approach. CRC
Press.
Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, 51-61.
Bonaci, T., Herron, J., Yusuf, T., Yan, J., Kohno, T., & Chizeck, H. J. (2015). To make a robot
secure: An experimental analysis of cyber security threats against teleoperated surgical
robots. arXiv preprint arXiv:1504.04339.
Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for
cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2),
1153-1176.
Carr, M. (2016). Public–private partnerships in national cyber‐security strategies. International
Affairs, 92(1), 43-62.
Cavelty, M. D. (2014). Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and Engineering Ethics, 20(3), 701-715.
Chemweno, P., Pintelon, L., Van Horenbeek, A., &Muchiri, P. (2015). Development of a risk
assessment selection methodology for asset maintenance decision making: An analytic
network process (ANP) approach. International Journal of Production Economics, 170,
663-676.
Curran, J., Berry, K., &Sangsuk, K. (2014). Organizational Network Analysis of Organizations
that Serve Men Who Have Sex with Men and Transgender People in Chiang Mai,
Thailand.
Deshpande, V. M., Nair, D. M. K., & Shah, D. (2017). Major Web Application Threats for Data
Privacy & Security–Detection, Analysis and Mitigation Strategies. under review in
International Journal of Scientific Research in Science and Technology PRINT ISSN,
2395-6011.
Eugene Jennex, M. (2014). A proposed method for assessing knowledge loss risk with departing
personnel. VINE: The journal of information and knowledge management systems,
44(2), 185-209.
Fowler, S., Sweetman, C., Ravindran, S., Joiner, K. F., & Sitnikova, E. (2017). Developing
cyber-security policies that penetrate Australian defence acquisitions. Australian Defence
Force Journal, (202), 17.
García-Herrero, S., Mariscal, M. A., Gutiérrez, J. M., &Toca-Otero, A. (2013). Bayesian
network analysis of safety culture and organizational culture in a nuclear power plant.
Safety science, 53, 82-95.
INFORMATION SECURITY TECHNOLOGIES
References
Bahr, N. J. (2014). System safety engineering and risk assessment: a practical approach. CRC
Press.
Ben-Asher, N., & Gonzalez, C. (2015). Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, 51-61.
Bonaci, T., Herron, J., Yusuf, T., Yan, J., Kohno, T., & Chizeck, H. J. (2015). To make a robot
secure: An experimental analysis of cyber security threats against teleoperated surgical
robots. arXiv preprint arXiv:1504.04339.
Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for
cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2),
1153-1176.
Carr, M. (2016). Public–private partnerships in national cyber‐security strategies. International
Affairs, 92(1), 43-62.
Cavelty, M. D. (2014). Breaking the cyber-security dilemma: Aligning security needs and
removing vulnerabilities. Science and Engineering Ethics, 20(3), 701-715.
Chemweno, P., Pintelon, L., Van Horenbeek, A., &Muchiri, P. (2015). Development of a risk
assessment selection methodology for asset maintenance decision making: An analytic
network process (ANP) approach. International Journal of Production Economics, 170,
663-676.
Curran, J., Berry, K., &Sangsuk, K. (2014). Organizational Network Analysis of Organizations
that Serve Men Who Have Sex with Men and Transgender People in Chiang Mai,
Thailand.
Deshpande, V. M., Nair, D. M. K., & Shah, D. (2017). Major Web Application Threats for Data
Privacy & Security–Detection, Analysis and Mitigation Strategies. under review in
International Journal of Scientific Research in Science and Technology PRINT ISSN,
2395-6011.
Eugene Jennex, M. (2014). A proposed method for assessing knowledge loss risk with departing
personnel. VINE: The journal of information and knowledge management systems,
44(2), 185-209.
Fowler, S., Sweetman, C., Ravindran, S., Joiner, K. F., & Sitnikova, E. (2017). Developing
cyber-security policies that penetrate Australian defence acquisitions. Australian Defence
Force Journal, (202), 17.
García-Herrero, S., Mariscal, M. A., Gutiérrez, J. M., &Toca-Otero, A. (2013). Bayesian
network analysis of safety culture and organizational culture in a nuclear power plant.
Safety science, 53, 82-95.
9
INFORMATION SECURITY TECHNOLOGIES
Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Zhou, L. (2015). Externalities and the magnitude
of cyber security underinvestment by private sector firms: a modification of the Gordon-
Loeb model. Journal of Information Security, 6(1), 24.
Goud, N. S. (2017). Analysis of Machine Learning Algorithms to Protect from Phishing in Web
Data Mining. International Journal of Computer Applications, 159(1).
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
Hall, J. L. (2016). Columbia and Challenger: organizational failure at NASA. Space Policy, 37,
127-133.
Hong, J., Liu, C. C., & Govindarasu, M. (2014). Integrated anomaly detection for cyber security
of the substations. IEEE Transactions on Smart Grid, 5(4), 1643-1653.
Jennex, M. E., &Durcikova, A. (2013, January). Assessing knowledge loss risk. In System
Sciences (HICSS), 2013 46th Hawaii International Conference on (pp. 3478-3487).
IEEE.
Kessler, G., Dardick, G., & Holton, D. (2017, January). Using Journals to Assess Non-STEM
Student Learning in STEM Courses: A Case Study in Cybersecurity Education.
In Proceedings of the 50th Hawaii International Conference on System Sciences.
Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M., & Liu, M. (2015, August).
Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents. In USENIX
Security Symposium (pp. 1009-1024).
Majhi, S. K. (2015). Cybersecurity Issues and Challenges: A view. International Journal of
Global Research in Computer Science (UGC Approved Journal), 6(1), 01-08.
Matthews, C. (2017). Real protection for virtual borders. Public Sector, 40(3), 9.
Wolters, P. T. J., & Jansen, C. J. H. (2017). Every business has duties of care in the field of cyber
security. Cyber security guide for businesses.
INFORMATION SECURITY TECHNOLOGIES
Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Zhou, L. (2015). Externalities and the magnitude
of cyber security underinvestment by private sector firms: a modification of the Gordon-
Loeb model. Journal of Information Security, 6(1), 24.
Goud, N. S. (2017). Analysis of Machine Learning Algorithms to Protect from Phishing in Web
Data Mining. International Journal of Computer Applications, 159(1).
Haimes, Y. Y. (2015). Risk modeling, assessment, and management. John Wiley & Sons.
Hall, J. L. (2016). Columbia and Challenger: organizational failure at NASA. Space Policy, 37,
127-133.
Hong, J., Liu, C. C., & Govindarasu, M. (2014). Integrated anomaly detection for cyber security
of the substations. IEEE Transactions on Smart Grid, 5(4), 1643-1653.
Jennex, M. E., &Durcikova, A. (2013, January). Assessing knowledge loss risk. In System
Sciences (HICSS), 2013 46th Hawaii International Conference on (pp. 3478-3487).
IEEE.
Kessler, G., Dardick, G., & Holton, D. (2017, January). Using Journals to Assess Non-STEM
Student Learning in STEM Courses: A Case Study in Cybersecurity Education.
In Proceedings of the 50th Hawaii International Conference on System Sciences.
Liu, Y., Sarabi, A., Zhang, J., Naghizadeh, P., Karir, M., Bailey, M., & Liu, M. (2015, August).
Cloudy with a Chance of Breach: Forecasting Cyber Security Incidents. In USENIX
Security Symposium (pp. 1009-1024).
Majhi, S. K. (2015). Cybersecurity Issues and Challenges: A view. International Journal of
Global Research in Computer Science (UGC Approved Journal), 6(1), 01-08.
Matthews, C. (2017). Real protection for virtual borders. Public Sector, 40(3), 9.
Wolters, P. T. J., & Jansen, C. J. H. (2017). Every business has duties of care in the field of cyber
security. Cyber security guide for businesses.
1 out of 10
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.