Security and Risk Management: Double DES Encryption and Cybersecurity Failure Report
VerifiedAdded on 2023/06/10
|16
|3721
|400
AI Summary
This report covers Double DES Encryption and Decryption process along with a report on cybersecurity failure, its impact, and recommendations. It highlights the importance of managing risks and developing strict cybersecurity measures to prevent such attacks. The report also includes a summary of the Eastern health cyber-attack in Australia, its impact on the healthcare sector, and the consequences of data breaches.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
SECURITY AND RISK
MANAGEMENT
1
MANAGEMENT
1
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
TABLE OF CONTENTS
INTRODUCTION...........................................................................................................................3
MAIN BODY...................................................................................................................................3
Double DES Encryption to decryption code................................................................................3
Report on cybersecurity failure..................................................................................................12
CONCLUSION..............................................................................................................................15
REFERENCES..............................................................................................................................16
INTRODUCTION...........................................................................................................................3
MAIN BODY...................................................................................................................................3
Double DES Encryption to decryption code................................................................................3
Report on cybersecurity failure..................................................................................................12
CONCLUSION..............................................................................................................................15
REFERENCES..............................................................................................................................16
INTRODUCTION
Security and risk management refer as the ongoing process for finding the risks and proceed
to implement the plan for addressing them. Risk is identified by examining the likelihood that
termed as threats that will exploits the vulnerabilities and gives the major impact over any asset.
It is most important to manage the risk it helps in addressing all uncertainties around the assets
so that desired outcomes can be achieved (Wahlgren & Kowalski, (2018)). Encryption is the
process by which the readable messages can easily transforms into the unreadable form to protect
the information from unauthorised access. Whereas Decryption process used to convert
encrypted message into its original form. Following report will cover the Decryption of the
encrypted code along with the Data encryption standard steps. It will further highlight the cyber
security failure with its exploited vulnerability, remedy actions and recommendation for future
overcoming strategy.
MAIN BODY
Double DES Encryption to decryption code
Data encryption standard mainly known as the symmetric key algorithm for encrypting the
digital data. Where the key length is 56 bits. Where double DES uses the two keys to perform
operation on same plain text, in both instance different keys are required for encrypting the plain
text (Bateni, & Saeidi, (2019).
Given cypher text is = KNTGETRZTXRUQFACTIOSJNZA
Key values:
K1 = QWERTYUIOPLKJHGFDSAZXCVBNM
K2 = 627158943
DECRYPTION process
A B C D E F G H I J K L M
0 1 2 3 4 5 6 7 8 9 10 11 12
3
Security and risk management refer as the ongoing process for finding the risks and proceed
to implement the plan for addressing them. Risk is identified by examining the likelihood that
termed as threats that will exploits the vulnerabilities and gives the major impact over any asset.
It is most important to manage the risk it helps in addressing all uncertainties around the assets
so that desired outcomes can be achieved (Wahlgren & Kowalski, (2018)). Encryption is the
process by which the readable messages can easily transforms into the unreadable form to protect
the information from unauthorised access. Whereas Decryption process used to convert
encrypted message into its original form. Following report will cover the Decryption of the
encrypted code along with the Data encryption standard steps. It will further highlight the cyber
security failure with its exploited vulnerability, remedy actions and recommendation for future
overcoming strategy.
MAIN BODY
Double DES Encryption to decryption code
Data encryption standard mainly known as the symmetric key algorithm for encrypting the
digital data. Where the key length is 56 bits. Where double DES uses the two keys to perform
operation on same plain text, in both instance different keys are required for encrypting the plain
text (Bateni, & Saeidi, (2019).
Given cypher text is = KNTGETRZTXRUQFACTIOSJNZA
Key values:
K1 = QWERTYUIOPLKJHGFDSAZXCVBNM
K2 = 627158943
DECRYPTION process
A B C D E F G H I J K L M
0 1 2 3 4 5 6 7 8 9 10 11 12
3
N O P Q R S T U V W X Y Z
13 14 15 16 17 18 19 20 21 22 23 24 25
For decrypting specific method is:
P= D (K, C) = D(C-K) mod 26
16-10=4 mod 26
Where P= Plain text
D= Decryption
C= Cypher text
K= key
In case of double DES
P= Dk1 [Dk2 (C)]
First will perform by using K2 that is 627158943
1)P= D (k2, c) = (C-K2) mod 26
(6, 10) = (10-6) mod 26
= 4 mod 26
=4 (E)
2)P=D (2, 13) = (13-2) mod 26
= 11 mod 26
=11 (L)
3)P=D (7,19) = (19-7) mod 26
= 12 mod 26
=12 (M)
4)P=D (1,6)= (6-1) mod 26
13 14 15 16 17 18 19 20 21 22 23 24 25
For decrypting specific method is:
P= D (K, C) = D(C-K) mod 26
16-10=4 mod 26
Where P= Plain text
D= Decryption
C= Cypher text
K= key
In case of double DES
P= Dk1 [Dk2 (C)]
First will perform by using K2 that is 627158943
1)P= D (k2, c) = (C-K2) mod 26
(6, 10) = (10-6) mod 26
= 4 mod 26
=4 (E)
2)P=D (2, 13) = (13-2) mod 26
= 11 mod 26
=11 (L)
3)P=D (7,19) = (19-7) mod 26
= 12 mod 26
=12 (M)
4)P=D (1,6)= (6-1) mod 26
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
= 5 mod 26
=5 (F)
5)P=D(5,4)= (4-5) mod 26
= -1 mod 26
=25 (Z)
6)P=D(8, 19)= (19-8) mod 26
= 11 mod 26
=11 (L)
7)P=D(9, 17)= (17-9) mod 26
= 8 mod 26
=8 (I)
8)P=D(4, 25)= (25-4) mod 26
= 21 mod 26
=21 (V)
9)P=D(3, 19 )= (19-3) mod 26
= 16 mod 26
= 16 (Q)
10)P=D(6, 23 )= (23-6) mod 26
= 17mod 26
= 17 (R)
11)P=D(2, 17 )= (17-2) mod 26
= 15 mod 26
5
=5 (F)
5)P=D(5,4)= (4-5) mod 26
= -1 mod 26
=25 (Z)
6)P=D(8, 19)= (19-8) mod 26
= 11 mod 26
=11 (L)
7)P=D(9, 17)= (17-9) mod 26
= 8 mod 26
=8 (I)
8)P=D(4, 25)= (25-4) mod 26
= 21 mod 26
=21 (V)
9)P=D(3, 19 )= (19-3) mod 26
= 16 mod 26
= 16 (Q)
10)P=D(6, 23 )= (23-6) mod 26
= 17mod 26
= 17 (R)
11)P=D(2, 17 )= (17-2) mod 26
= 15 mod 26
5
= 15 (P)
12) P=D(7, 20)= (20-7) mod 26
= 13 mod 26
= 13 (N)
13)P=D(1, 16 )= (16-1) mod 26
= 15 mod 26
= 15 (P)
14)P=D(5,5 )= (5-5) mod 26
= 0 mod 26
= 0 (A)
15)P=D(8,0)= (0-8) mod 26
= -8mod 26
= 18 (S)
16)P=D(9, 2)= (2-9) mod 26
= -7mod 26
= 19 (T)
17)P=D(4, 19)= (19-4) mod 26
= 15mod 26
= 15 (P)
18)P=D(3, 8)= (8-3)mod 26
= 5 mod 26
= 5 (F)
12) P=D(7, 20)= (20-7) mod 26
= 13 mod 26
= 13 (N)
13)P=D(1, 16 )= (16-1) mod 26
= 15 mod 26
= 15 (P)
14)P=D(5,5 )= (5-5) mod 26
= 0 mod 26
= 0 (A)
15)P=D(8,0)= (0-8) mod 26
= -8mod 26
= 18 (S)
16)P=D(9, 2)= (2-9) mod 26
= -7mod 26
= 19 (T)
17)P=D(4, 19)= (19-4) mod 26
= 15mod 26
= 15 (P)
18)P=D(3, 8)= (8-3)mod 26
= 5 mod 26
= 5 (F)
19)P=D(6, 14)= (14-6)mod 26
= 8 mod 26
= 8 (I)
20)P=D(2,18)= (18-2)mod 26
= 16 mod 26
= 16 (Q)
21)P=D(7,9)= (9-7)mod 26
= 2 mod 26
= 2 (C)
22)P=D(1,13)= (13-1)mod 26
= 12 mod 26
= 12 (M)
23)P=D(5,25)= (25-5)mod 26
= 20 mod 26
= 20 (U)
24)P=D(8,0)= (0-8)mod 26
= -8 mod 26
= 18 (S)
25)P=D(9,6)= (6-9)mod 26
= -3 mod 26
= 23 (X)
26)P=D(4,19)= (19-4)mod 26
= 15 mod 26
= 15 (P)
7
= 8 mod 26
= 8 (I)
20)P=D(2,18)= (18-2)mod 26
= 16 mod 26
= 16 (Q)
21)P=D(7,9)= (9-7)mod 26
= 2 mod 26
= 2 (C)
22)P=D(1,13)= (13-1)mod 26
= 12 mod 26
= 12 (M)
23)P=D(5,25)= (25-5)mod 26
= 20 mod 26
= 20 (U)
24)P=D(8,0)= (0-8)mod 26
= -8 mod 26
= 18 (S)
25)P=D(9,6)= (6-9)mod 26
= -3 mod 26
= 23 (X)
26)P=D(4,19)= (19-4)mod 26
= 15 mod 26
= 15 (P)
7
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
27)P=D(3,16)= (16-3)mod 26
= 13 mod 26
= 13 (N)
Encrypted Text is: ELMFZLIVQRPNPASTPFIQCMUSXPN
Further decrypting it by using the K1 key to get the plain text
K1 = QWERTYUIOPLKJHGFDSAZXCVBNM
P= Dk1 [Dk2 (C)]
1) P=(16,4 )= D(4-16)mod26
=-12mod26
= 14 (O)
2) P=(22,11)= D(11-22)mod26
=-11mod26
= 15 (P)
3) P=(4,12)= D(12-4)mod26
=8mod26
= 8 (I)
4) P=(17,5)= D(5-17)mod26
=-12mod26
= 14 (O)
5) P=(19,25)= D(25-19)mod26
= 6mod26
= 6 (G)
= 13 mod 26
= 13 (N)
Encrypted Text is: ELMFZLIVQRPNPASTPFIQCMUSXPN
Further decrypting it by using the K1 key to get the plain text
K1 = QWERTYUIOPLKJHGFDSAZXCVBNM
P= Dk1 [Dk2 (C)]
1) P=(16,4 )= D(4-16)mod26
=-12mod26
= 14 (O)
2) P=(22,11)= D(11-22)mod26
=-11mod26
= 15 (P)
3) P=(4,12)= D(12-4)mod26
=8mod26
= 8 (I)
4) P=(17,5)= D(5-17)mod26
=-12mod26
= 14 (O)
5) P=(19,25)= D(25-19)mod26
= 6mod26
= 6 (G)
6) P=(24,11)= D(11-24)mod26
=-13mod26
= 13 (N)
7) P=(20,8)= D(8-20)mod26
=-12mod26
= 14 (O)
8) P=(8,21)= D(21-8)mod26
= 13 mod26
= 13(N)
9) P=(14,16)= D(16-14)mod26
=2mod26
= 2 (C)
10) P=(15,17)= D(17-15)mod26
=2mod26
= 2 (C)
11) P=(11,15)= D(15-11)mod26
=4mod26
= 4 (E)
12) P=(10,13)= D(13-10)mod26
=3mod26
= 3(D)
13)P=D(9,15)= (15-9)mod 26
= 6 mod 26
= 6 (G)
9
=-13mod26
= 13 (N)
7) P=(20,8)= D(8-20)mod26
=-12mod26
= 14 (O)
8) P=(8,21)= D(21-8)mod26
= 13 mod26
= 13(N)
9) P=(14,16)= D(16-14)mod26
=2mod26
= 2 (C)
10) P=(15,17)= D(17-15)mod26
=2mod26
= 2 (C)
11) P=(11,15)= D(15-11)mod26
=4mod26
= 4 (E)
12) P=(10,13)= D(13-10)mod26
=3mod26
= 3(D)
13)P=D(9,15)= (15-9)mod 26
= 6 mod 26
= 6 (G)
9
14)P=D(7,0)= (0-7)mod 26
= -7 mod 26
= 19 (T)
15)P=D(6,18)= (18-6)mod 26
= 12 mod 26
= 12 (M)
16)P=D(5,19)= (19-5)mod 26
= 14 mod 26
= 14 (O)
17)P=D(3,15)= (15-3)mod 26
= 12 mod 26
= 12 (M)
18)P=D(18,5)= (5-18)mod 26
= -13 mod 26
= 13 (N)
19)P=D(0,8)= (8-0)mod 26
= 8 mod 26
= 8(I)
20)P=D(25,16)= (16-25)mod 26
= 9 mod 26
= 9 (J)
21)P=D(23,2)= (2-23)mod 26
= -21 mod 26
= 5 (F)
= -7 mod 26
= 19 (T)
15)P=D(6,18)= (18-6)mod 26
= 12 mod 26
= 12 (M)
16)P=D(5,19)= (19-5)mod 26
= 14 mod 26
= 14 (O)
17)P=D(3,15)= (15-3)mod 26
= 12 mod 26
= 12 (M)
18)P=D(18,5)= (5-18)mod 26
= -13 mod 26
= 13 (N)
19)P=D(0,8)= (8-0)mod 26
= 8 mod 26
= 8(I)
20)P=D(25,16)= (16-25)mod 26
= 9 mod 26
= 9 (J)
21)P=D(23,2)= (2-23)mod 26
= -21 mod 26
= 5 (F)
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
22)P=D(2,12)= (12-2)mod 26
= 10 mod 26
= 10 (K)
23)P=D(21,20)= (20-21)mod 26
= -1 mod 26
= 25 (Z)
24)P=D(1,18)= (18-1)mod 26
= 17 mod 26
= 17 (R)
25)P=D(13,23)= (23-13)mod 26
= 10 mod 26
= 10 (K)
26)P=D(12,15)= (15-12)mod 26
= 3 mod 26
= 3 (D)
27)P=D(16,13)= (13-16)mod 26
= -3 mod 26
= 23 (X)
So final plain text is “OPIOGNONCCEDGTMOMNIJFKZRKDX”
11
= 10 mod 26
= 10 (K)
23)P=D(21,20)= (20-21)mod 26
= -1 mod 26
= 25 (Z)
24)P=D(1,18)= (18-1)mod 26
= 17 mod 26
= 17 (R)
25)P=D(13,23)= (23-13)mod 26
= 10 mod 26
= 10 (K)
26)P=D(12,15)= (15-12)mod 26
= 3 mod 26
= 3 (D)
27)P=D(16,13)= (13-16)mod 26
= -3 mod 26
= 23 (X)
So final plain text is “OPIOGNONCCEDGTMOMNIJFKZRKDX”
11
Report on cybersecurity failure
Failure in cyber security cause many life threatening situation which negatively impact
over the physical as well as emotional aspects of humans. It is found that in Australia there are
some incidents which shows the biggest data breach, ransomware and other cyber-attacks in the
country (Dobaj and et.al (2019)). Thus Eastern health cyber-attack is one of the greatest cyber
security failure in the country which held in the year 2021 march, it gives the major impact over
the 4 Hospitals in the Melbourne city, it creates lots of problem in treatment for the patients. Its
impact also causes delays in the surgeries for the patients. Nature of the cyber-attack is unknown
but still authorities considered it as ransomware attack. It is also found that ACSC (Australian
cyber security centre) have received nearly 500 ransomware reports in the year 2020-21.
Attack summary: In march Eastern health have experienced the cyber-attacks as most of the
health care professional are not able to access the patient’s details. Staffs were facing problem in
reviewing the critical medical histories of the patient because of the ransom ware attack that
cause the delays in urgent surgeries. Because of this attack Eastern health is forced to shut down
their some of the IT systems which also affects the functionalities and impact overall process.
But somehow Hospitals managed the urgent surgery as they elected the surgeries which should
be done in 30 days other than this are postponed (Alghamdi and et.al (2019)). This incident
shows that for the health care sector cyber security is very important as due to such attack the
consequences are much higher for the health care as they mainly aim to provides the critical
services to the patients. Also if there is any delay in medical treatment can cause the life
threatening situation for the patient. It is analysed that Hospitals are more attractive target for the
cyber-attacks because of nature of data they stored or hold on their patient.
Due to poor security in Eastern health have invited the cyber attackers to cause some
criminal activities. It is important for them to develop strict cyber security to prevent from such
attacks. Because of this personal data of employees and patient have been stolen by the attackers,
as complete database of the patient attacked that compromises the data privacy of the patients.
As it is suggested by the governmental officials it is found that data breaches include the basic
information which is regarding patient’s registration form for the appointments, that covers the
personal information of patient which is their age, phone no, address emails etc. it is also found
that attackers were able to theft the data of the employees that are working for almost 14 years
for the Eastern health. It is identified that approx. 200000 files were taken by the attackers in
Failure in cyber security cause many life threatening situation which negatively impact
over the physical as well as emotional aspects of humans. It is found that in Australia there are
some incidents which shows the biggest data breach, ransomware and other cyber-attacks in the
country (Dobaj and et.al (2019)). Thus Eastern health cyber-attack is one of the greatest cyber
security failure in the country which held in the year 2021 march, it gives the major impact over
the 4 Hospitals in the Melbourne city, it creates lots of problem in treatment for the patients. Its
impact also causes delays in the surgeries for the patients. Nature of the cyber-attack is unknown
but still authorities considered it as ransomware attack. It is also found that ACSC (Australian
cyber security centre) have received nearly 500 ransomware reports in the year 2020-21.
Attack summary: In march Eastern health have experienced the cyber-attacks as most of the
health care professional are not able to access the patient’s details. Staffs were facing problem in
reviewing the critical medical histories of the patient because of the ransom ware attack that
cause the delays in urgent surgeries. Because of this attack Eastern health is forced to shut down
their some of the IT systems which also affects the functionalities and impact overall process.
But somehow Hospitals managed the urgent surgery as they elected the surgeries which should
be done in 30 days other than this are postponed (Alghamdi and et.al (2019)). This incident
shows that for the health care sector cyber security is very important as due to such attack the
consequences are much higher for the health care as they mainly aim to provides the critical
services to the patients. Also if there is any delay in medical treatment can cause the life
threatening situation for the patient. It is analysed that Hospitals are more attractive target for the
cyber-attacks because of nature of data they stored or hold on their patient.
Due to poor security in Eastern health have invited the cyber attackers to cause some
criminal activities. It is important for them to develop strict cyber security to prevent from such
attacks. Because of this personal data of employees and patient have been stolen by the attackers,
as complete database of the patient attacked that compromises the data privacy of the patients.
As it is suggested by the governmental officials it is found that data breaches include the basic
information which is regarding patient’s registration form for the appointments, that covers the
personal information of patient which is their age, phone no, address emails etc. it is also found
that attackers were able to theft the data of the employees that are working for almost 14 years
for the Eastern health. It is identified that approx. 200000 files were taken by the attackers in
eastern health’s that involves the patient’s treatment and other data, following files also include
the diagnosis procedures, laboratory details (Lundgren, & Bergström, (2019)). Thus all this
information is theft then in such it can be a life threating event for the patient what if they get call
from the attackers and asked for the huge amount. Thus all these activities create an uncertainty
in the country regarding this issue.
Exploited vulnerability: Exploitation refer as the programmed software that be enables the
unauthorised person to take control over the system and proceed to exploit its vulnerabilities.
Vulnerability in the Cyber security mainly understood as weakness in any data and in processes
for controlling the system. Thus these vulnerabilities become the sources for the cyber-attacks. It
is found that drawbacks in the system leads the hackers to develop the alternatives which helps
them to perform the criminal or illegal activities (Haji, Tan & Costa, (2019)). Thus ransomware
is one of the malicious software that is developed for encrypting the victim’s data. In such
hackers demands for the ransom against providing the encryption key, thus if the ransom demand
is not meet then they deleted the encrypted key which results in loss of data for forever.
Regarding Eastern health is found that nature of the attack is quite similar to the ransom cyber-
attack. Thus if they have the strong security then there will be no such situation can be seen, it is
essential for the Cyber security team to configure all security measures to reduce the chances for
attacks.
The things which causes the vulnerabilities are complexity, familiarity, connectivity. As
it is stated that if the system is more complex then it increases the chances for the
misconfigurations also if the same code, software and other hardware application are found then
hackers can easily have identified the information and they will be able to analyse the known
vulnerabilities. As health care are actively adapting the technology to ease the treatment or care
process for the patient, but it also creating the chances for the cyber security attacks as Easter
health is one of the example of cyber-attacks where the all data has been hacked because of the
system vulnerabilities (MATULEVICIUSˇa & Savukynas (2019)). It is also notified that
healthcare sector in the country have become the attack prone where it encounters the most of the
data breaches cases, this sector has suffered the most because of lagging security process.
Remedy Action taken: Eastern health have taken the preventive measures after the cyber-attack
they improvised their security processes, authorities also shown their responds towards the
victims and committed that to not let down the attackers to access the patient’s information.
13
the diagnosis procedures, laboratory details (Lundgren, & Bergström, (2019)). Thus all this
information is theft then in such it can be a life threating event for the patient what if they get call
from the attackers and asked for the huge amount. Thus all these activities create an uncertainty
in the country regarding this issue.
Exploited vulnerability: Exploitation refer as the programmed software that be enables the
unauthorised person to take control over the system and proceed to exploit its vulnerabilities.
Vulnerability in the Cyber security mainly understood as weakness in any data and in processes
for controlling the system. Thus these vulnerabilities become the sources for the cyber-attacks. It
is found that drawbacks in the system leads the hackers to develop the alternatives which helps
them to perform the criminal or illegal activities (Haji, Tan & Costa, (2019)). Thus ransomware
is one of the malicious software that is developed for encrypting the victim’s data. In such
hackers demands for the ransom against providing the encryption key, thus if the ransom demand
is not meet then they deleted the encrypted key which results in loss of data for forever.
Regarding Eastern health is found that nature of the attack is quite similar to the ransom cyber-
attack. Thus if they have the strong security then there will be no such situation can be seen, it is
essential for the Cyber security team to configure all security measures to reduce the chances for
attacks.
The things which causes the vulnerabilities are complexity, familiarity, connectivity. As
it is stated that if the system is more complex then it increases the chances for the
misconfigurations also if the same code, software and other hardware application are found then
hackers can easily have identified the information and they will be able to analyse the known
vulnerabilities. As health care are actively adapting the technology to ease the treatment or care
process for the patient, but it also creating the chances for the cyber security attacks as Easter
health is one of the example of cyber-attacks where the all data has been hacked because of the
system vulnerabilities (MATULEVICIUSˇa & Savukynas (2019)). It is also notified that
healthcare sector in the country have become the attack prone where it encounters the most of the
data breaches cases, this sector has suffered the most because of lagging security process.
Remedy Action taken: Eastern health have taken the preventive measures after the cyber-attack
they improvised their security processes, authorities also shown their responds towards the
victims and committed that to not let down the attackers to access the patient’s information.
13
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
Major action they have taken is to shut down the IT system to further restricts the cybercrime
activities, as many of the IT system in the eastern health went offline as a precautionary measure
in order to rectify the situation. As they have divided their processes into the categories as
emergence surgeries can be taken out but other can be postponed. It is also found that higher
authorities have made the statement which states that health care sector must require to consider
the following three things which are to install the strong anti-virus system infrastructure,
endpoint security and IT track tools, it helps in preventing any malicious activities.
In eastern Health most of the services that are immediately provided by the It
professionals to restore the information, also with the support of the staff the risk has been
mitigated and continues the investigation for knowing the impacts of the attack. They have
undertaken some measures to identify the total number of the files that contains the important or
personal health information of the patient. It is also found that there are no evidences are found
that information which is stolen is misused also there is no such banking information is involved.
Thus immediate action has helped in reducing the after impact of the attack, thus no such
vulnerability has been found some data were easily recovered.
Recommended future mitigation strategy:
Cyber security concern is raise in the health care sector, as it is one of the leading sector
to become a target of cyber-attacks as use of technologies in health care is increasing which leads
to invite the malicious attacks (Tang and et.al (2018). It has been stated that Health care region
must require to focus on their security plans and to install the systems which helps in preventing
from such. Strategies which they can implement are as follows:
To prohibits the administrative privileges:
As it is found that the users that have the administrative advantages mainly makes the
significant changes in the system configuration, as prohibiting such will help in decreasing the
damage of adversary’s malware.
Multi factor authentication:
It will help in preventing the cyber adversary from unauthorised access to devices and
network. It also helps in reducing the chances for steal legitimate factors and to lay out other
malicious activities. As per the ACSC (Australian cyber security centre), they suggest the
multiple authentication for restricting the access for sensitive information.
activities, as many of the IT system in the eastern health went offline as a precautionary measure
in order to rectify the situation. As they have divided their processes into the categories as
emergence surgeries can be taken out but other can be postponed. It is also found that higher
authorities have made the statement which states that health care sector must require to consider
the following three things which are to install the strong anti-virus system infrastructure,
endpoint security and IT track tools, it helps in preventing any malicious activities.
In eastern Health most of the services that are immediately provided by the It
professionals to restore the information, also with the support of the staff the risk has been
mitigated and continues the investigation for knowing the impacts of the attack. They have
undertaken some measures to identify the total number of the files that contains the important or
personal health information of the patient. It is also found that there are no evidences are found
that information which is stolen is misused also there is no such banking information is involved.
Thus immediate action has helped in reducing the after impact of the attack, thus no such
vulnerability has been found some data were easily recovered.
Recommended future mitigation strategy:
Cyber security concern is raise in the health care sector, as it is one of the leading sector
to become a target of cyber-attacks as use of technologies in health care is increasing which leads
to invite the malicious attacks (Tang and et.al (2018). It has been stated that Health care region
must require to focus on their security plans and to install the systems which helps in preventing
from such. Strategies which they can implement are as follows:
To prohibits the administrative privileges:
As it is found that the users that have the administrative advantages mainly makes the
significant changes in the system configuration, as prohibiting such will help in decreasing the
damage of adversary’s malware.
Multi factor authentication:
It will help in preventing the cyber adversary from unauthorised access to devices and
network. It also helps in reducing the chances for steal legitimate factors and to lay out other
malicious activities. As per the ACSC (Australian cyber security centre), they suggest the
multiple authentication for restricting the access for sensitive information.
To implement the firewalls and antivirus software’s:
It is the most important and effective method for risk mitigation strategy as installing the
firewalls and antivirus helps in mitigating the attacks (Sukiatmodjo,(2019)). These technologies
help in providing the additional obstacles to the computer network so that it restricts the
malicious activities. Where firewall acts as an buffer approach in between the outside world and
in the network so that organisation can easily control and measure the on-going traffic to analyse
such threats likelihood so that preventive measures can be taken out. Similarly, antivirus
software will help in finding the device and network to determine the chance of any attack
activity.
Therefore, these are some recommendation which any organisation can take in order to
mitigate such risks. As for the Eastern health it is important to strong their IT system and to
timely update the software so that they can easily mitigate the chance for malicious attack. As to
train the staff to better controls the system so that they will not have to face such vulnerable
situation again.
CONCLUSION
From the above report it is concluded that cyber security plays a significant role in
preventing from such vulnerable or malicious activities. It is important for cyber security team to
maintain the system and to make it efficient to fight from any attack. Above report have
illustrated the description about the double DES it also covers the operational performance about
the decryption function, as by using the 2 keys the cipher text has been decoded to generate the
plain text. Further it covered the report which discuss the cyber attack incident that highlights the
Eastern health incident where the data have been stolen by the attacker as no staff were able to
access the patient’s details. It concluded with covering the elements such as attack summary,
exploited vulnerabilities, recommendations and actions.
REFERENCES
Books and journals
15
It is the most important and effective method for risk mitigation strategy as installing the
firewalls and antivirus helps in mitigating the attacks (Sukiatmodjo,(2019)). These technologies
help in providing the additional obstacles to the computer network so that it restricts the
malicious activities. Where firewall acts as an buffer approach in between the outside world and
in the network so that organisation can easily control and measure the on-going traffic to analyse
such threats likelihood so that preventive measures can be taken out. Similarly, antivirus
software will help in finding the device and network to determine the chance of any attack
activity.
Therefore, these are some recommendation which any organisation can take in order to
mitigate such risks. As for the Eastern health it is important to strong their IT system and to
timely update the software so that they can easily mitigate the chance for malicious attack. As to
train the staff to better controls the system so that they will not have to face such vulnerable
situation again.
CONCLUSION
From the above report it is concluded that cyber security plays a significant role in
preventing from such vulnerable or malicious activities. It is important for cyber security team to
maintain the system and to make it efficient to fight from any attack. Above report have
illustrated the description about the double DES it also covers the operational performance about
the decryption function, as by using the 2 keys the cipher text has been decoded to generate the
plain text. Further it covered the report which discuss the cyber attack incident that highlights the
Eastern health incident where the data have been stolen by the attacker as no staff were able to
access the patient’s details. It concluded with covering the elements such as attack summary,
exploited vulnerabilities, recommendations and actions.
REFERENCES
Books and journals
15
Alghamdi, B. S. and et.al (2019). A Context Establishment Framework for Cloud Computing
Information Security Risk Management Based on the STOPE View. Int. J. Netw.
Secur.. 21(1). 166-176.
Bateni, H., & Saeidi, P. (2019). The effect of information quality integrity on information
security risk management.
Dobaj, J. and et.al (2019, September). Towards integrated quantitative security and safety risk
assessment. In International Conference on Computer Safety, Reliability, and
Security (pp. 102-116). Springer, Cham.
Haji, S., Tan, Q., & Costa, R. S. (2019). A hybrid model for information security risk
assessment. Int. j. adv. trends comput. sci. eng., (ART-2019-111611).
Lundgren, M., & Bergström, E. (2019, June). Security-related stress: A perspective on
information security risk management. In 2019 International Conference on Cyber
Security and Protection of Digital Services (Cyber Security) (pp. 1-8). IEEE.
MATULEVICIUSˇa, R., & Savukynas, R. (2019, January). Application of the Reference Model
for Security Risk Management in the Internet of Things Systems. In Databases and
Information Systems X: Selected Papers from the Thirteenth International Baltic
Conference, DB&IS 2018 (Vol. 315, p. 65). IOS Press.
Sukiatmodjo, A. (2019). Speed and power consumption comparison between DES and AES
algorithm in arduino (Doctoral dissertation, UNIKA SOEGIJAPRANATA
SEMARANG).
Tang, H. and et.al (2018). A network coding and DES based dynamic encryption scheme for
moving target defense. IEEE Access. 6. 26059-26068.
Wahlgren, G., & Kowalski, S. J. (2018). IT security risk management model for handling IT-
related security incidents: the need for a new escalation approach. In Security and
Privacy Management, Techniques, and Protocols (pp. 129-151). IGI Global.
Information Security Risk Management Based on the STOPE View. Int. J. Netw.
Secur.. 21(1). 166-176.
Bateni, H., & Saeidi, P. (2019). The effect of information quality integrity on information
security risk management.
Dobaj, J. and et.al (2019, September). Towards integrated quantitative security and safety risk
assessment. In International Conference on Computer Safety, Reliability, and
Security (pp. 102-116). Springer, Cham.
Haji, S., Tan, Q., & Costa, R. S. (2019). A hybrid model for information security risk
assessment. Int. j. adv. trends comput. sci. eng., (ART-2019-111611).
Lundgren, M., & Bergström, E. (2019, June). Security-related stress: A perspective on
information security risk management. In 2019 International Conference on Cyber
Security and Protection of Digital Services (Cyber Security) (pp. 1-8). IEEE.
MATULEVICIUSˇa, R., & Savukynas, R. (2019, January). Application of the Reference Model
for Security Risk Management in the Internet of Things Systems. In Databases and
Information Systems X: Selected Papers from the Thirteenth International Baltic
Conference, DB&IS 2018 (Vol. 315, p. 65). IOS Press.
Sukiatmodjo, A. (2019). Speed and power consumption comparison between DES and AES
algorithm in arduino (Doctoral dissertation, UNIKA SOEGIJAPRANATA
SEMARANG).
Tang, H. and et.al (2018). A network coding and DES based dynamic encryption scheme for
moving target defense. IEEE Access. 6. 26059-26068.
Wahlgren, G., & Kowalski, S. J. (2018). IT security risk management model for handling IT-
related security incidents: the need for a new escalation approach. In Security and
Privacy Management, Techniques, and Protocols (pp. 129-151). IGI Global.
1 out of 16
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.