Cyber Security Risks: Vulnerability Assessment of ABC Technologies
VerifiedAdded on 2023/03/23
|20
|6717
|27
Report
AI Summary
This report analyzes the cyber security posture of ABC Technologies, an Australian tech company concerned about network and data security. It identifies three key security vulnerabilities: phishing, malware infections, and weak password policies. Furthermore, it outlines five emerging threats, including ransomware, IoT device exploits, insider threats, DDoS attacks, and supply chain attacks, detailing the potential damage each could inflict. The report concludes with recommendations for protecting home and office networks, such as implementing multi-factor authentication, regularly updating software, and providing employee security awareness training. Desklib is a valuable resource for students, offering access to a wide range of solved assignments and past papers.
Running head: CYBER SECURITY
Professional Skills In Information Communication Technology: Cyber Security
Name of the Student
Name of the University
Author’s Note:
Professional Skills In Information Communication Technology: Cyber Security
Name of the Student
Name of the University
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
CYBER SECURITY
Executive Summary
The main aim of this report is to understand the case study of ABC Technologies. This
particular organizational management is highly concerned about their security and privacy of
networks, systems and confidential data. Hence, they have decided to implement cyber
security measures within their organization and business. A proper set of techniques is
needed for the purpose so that integrity of confidential data, programs and networks is
protected from any kind of unauthorized access and for his purpose it is important to involve
cyber security within their business and networks. This report has properly depicted every
detail related to cyber security after highlighting three security vulnerabilities and five
emerging threats. Moreover, three suitable recommendations are also provided in this report
for protecting home and office networks.
CYBER SECURITY
Executive Summary
The main aim of this report is to understand the case study of ABC Technologies. This
particular organizational management is highly concerned about their security and privacy of
networks, systems and confidential data. Hence, they have decided to implement cyber
security measures within their organization and business. A proper set of techniques is
needed for the purpose so that integrity of confidential data, programs and networks is
protected from any kind of unauthorized access and for his purpose it is important to involve
cyber security within their business and networks. This report has properly depicted every
detail related to cyber security after highlighting three security vulnerabilities and five
emerging threats. Moreover, three suitable recommendations are also provided in this report
for protecting home and office networks.
2
CYBER SECURITY
Table of Contents
Introduction................................................................................................................................3
Discussion..................................................................................................................................4
Explaining about Cyber Security with its Significance and Importance in ABCT................4
Identifying and Explaining about 3 Security Threats in System of ABCT with Proper
Justification............................................................................................................................6
Listing of 5 Different Kinds of Emerging Threat affecting Organization with Proper
Description regarding Damages caused by Attacks.............................................................10
Conclusion................................................................................................................................14
Recommendations....................................................................................................................15
References................................................................................................................................16
CYBER SECURITY
Table of Contents
Introduction................................................................................................................................3
Discussion..................................................................................................................................4
Explaining about Cyber Security with its Significance and Importance in ABCT................4
Identifying and Explaining about 3 Security Threats in System of ABCT with Proper
Justification............................................................................................................................6
Listing of 5 Different Kinds of Emerging Threat affecting Organization with Proper
Description regarding Damages caused by Attacks.............................................................10
Conclusion................................................................................................................................14
Recommendations....................................................................................................................15
References................................................................................................................................16
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
CYBER SECURITY
Introduction
Cyber security can be defined as the major practice to protect any type of system,
network and program from digital attack (Von Solms & Van Niekerk, 2013).
Cybersecurity is the collection of tools, policies, security concepts, security safeguards,
guidelines, risk management approaches, actions, training, best practices, assurance and
technologies that can be used to protect the cyber environment and organization and user’s
assets. Organization and user’s assets include connected computing devices, personnel,
infrastructure, applications, services, telecommunications systems, and the totality of
transmitted and/or stored information in the cyber environment.
These attacks have major aim to access, alter or even abolish sensitive information,
extortion of resources from the users and interruption of normal business procedures (Buczak
& Guven, 2015).
Cyber security is the set of technologies and processes designed to protect computers,
networks, programs, and data from attack, unauthorized access, change, or destruction.
Cyber security systems are composed of network security systems and computer (host)
security systems. Each of these has, at a minimum, a firewall, antivirus software, and an
intrusion detection system (IDS). IDSs help discover, determine, and identify unauthorized
use, duplication, alteration, and destruction of information systems. The security breaches
include external intrusions (attacks from outside the organization) and internal intrusions
(attacks from within the organization).
A proper deployment of cyber security measure is extremely stimulating as there are
several devices than organizational people and hackers can easily extract sensitive
information. An effective defence is to be created for getting security from such distinctive
attacks (Wang & Lu, 2013).
Cyber security emerges to be a critical issue because millions of electronic devices are inter-
connected via communication networks throughout critical power facilities, which has an
immediate impact on reliability of such a widespread infrastructure.
The users should understand and then comply with every principle of data security
such as selecting stronger passwords and ensuring data backups.
CYBER SECURITY
Introduction
Cyber security can be defined as the major practice to protect any type of system,
network and program from digital attack (Von Solms & Van Niekerk, 2013).
Cybersecurity is the collection of tools, policies, security concepts, security safeguards,
guidelines, risk management approaches, actions, training, best practices, assurance and
technologies that can be used to protect the cyber environment and organization and user’s
assets. Organization and user’s assets include connected computing devices, personnel,
infrastructure, applications, services, telecommunications systems, and the totality of
transmitted and/or stored information in the cyber environment.
These attacks have major aim to access, alter or even abolish sensitive information,
extortion of resources from the users and interruption of normal business procedures (Buczak
& Guven, 2015).
Cyber security is the set of technologies and processes designed to protect computers,
networks, programs, and data from attack, unauthorized access, change, or destruction.
Cyber security systems are composed of network security systems and computer (host)
security systems. Each of these has, at a minimum, a firewall, antivirus software, and an
intrusion detection system (IDS). IDSs help discover, determine, and identify unauthorized
use, duplication, alteration, and destruction of information systems. The security breaches
include external intrusions (attacks from outside the organization) and internal intrusions
(attacks from within the organization).
A proper deployment of cyber security measure is extremely stimulating as there are
several devices than organizational people and hackers can easily extract sensitive
information. An effective defence is to be created for getting security from such distinctive
attacks (Wang & Lu, 2013).
Cyber security emerges to be a critical issue because millions of electronic devices are inter-
connected via communication networks throughout critical power facilities, which has an
immediate impact on reliability of such a widespread infrastructure.
The users should understand and then comply with every principle of data security
such as selecting stronger passwords and ensuring data backups.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
CYBER SECURITY
This report discusses about the case study of ABCT organization. As there are several
significant scope and chances of cyber security attacks for the growth of interconnected
devices and the main challenges to cyber efforts are online payment, mobile connectivity, IoT
and cloud devices. An Australian technological organization, ABCT mainly ranges from
several specifications of highly advanced products of both software and hardware. They even
have a BYOD policy, however they are concerned about hacking and loss of customers. This
report will be broadly providing an idea of cyber security with identification of three security
vulnerability as well as five subsequent kinds of emerging risks, which may affect system of
this organization. Relevant recommendations would also be provided in this report.
Discussion
Explaining about Cyber Security with its Significance and Importance in ABCT
A successful approach of cyber security comprises of several layers of protection that
are being spread across several computers, data, programs and networks, which any
individual has intended to keep safe and secured (Buczak & Guven, 2015).
Cyber security is the set of technologies and processes designed to protect computers,
networks, programs, and data from attack, unauthorized access, change, or destruction.
Cyber security systems are composed of network security systems and computer (host)
security systems. Each of these has, at a minimum, a firewall, antivirus software, and an
intrusion detection system (IDS). IDSs help discover, determine, and identify unauthorized
use, duplication, alteration, and destruction of information systems. The security breaches
include external intrusions (attacks from outside the organization) and internal intrusions
(attacks from within the organization).
The major functionality of the cyber security includes security of systems or
confidential information from several cyber risks. This rapid acceptance of any cloud based
application as well as work load is responsible for extending security requirements beyond a
outdated data centre and even inflexible data security mandate like NIST cyber security
framework (Hahn, Ashok, Sridhar & Govindarasu, 2013).
Numerous vulnerability assessment activities have been performed on the testbed to
explore potential security weaknesses in the software and communication protocols.
Discovered vulnerabilities are then shared with the product vendor so they can develop and
release appropriate mitigations. Our vulnerability identification process has followed well
documented security testing methodologies, such as NIST 800-115: “Technical Guide to
CYBER SECURITY
This report discusses about the case study of ABCT organization. As there are several
significant scope and chances of cyber security attacks for the growth of interconnected
devices and the main challenges to cyber efforts are online payment, mobile connectivity, IoT
and cloud devices. An Australian technological organization, ABCT mainly ranges from
several specifications of highly advanced products of both software and hardware. They even
have a BYOD policy, however they are concerned about hacking and loss of customers. This
report will be broadly providing an idea of cyber security with identification of three security
vulnerability as well as five subsequent kinds of emerging risks, which may affect system of
this organization. Relevant recommendations would also be provided in this report.
Discussion
Explaining about Cyber Security with its Significance and Importance in ABCT
A successful approach of cyber security comprises of several layers of protection that
are being spread across several computers, data, programs and networks, which any
individual has intended to keep safe and secured (Buczak & Guven, 2015).
Cyber security is the set of technologies and processes designed to protect computers,
networks, programs, and data from attack, unauthorized access, change, or destruction.
Cyber security systems are composed of network security systems and computer (host)
security systems. Each of these has, at a minimum, a firewall, antivirus software, and an
intrusion detection system (IDS). IDSs help discover, determine, and identify unauthorized
use, duplication, alteration, and destruction of information systems. The security breaches
include external intrusions (attacks from outside the organization) and internal intrusions
(attacks from within the organization).
The major functionality of the cyber security includes security of systems or
confidential information from several cyber risks. This rapid acceptance of any cloud based
application as well as work load is responsible for extending security requirements beyond a
outdated data centre and even inflexible data security mandate like NIST cyber security
framework (Hahn, Ashok, Sridhar & Govindarasu, 2013).
Numerous vulnerability assessment activities have been performed on the testbed to
explore potential security weaknesses in the software and communication protocols.
Discovered vulnerabilities are then shared with the product vendor so they can develop and
release appropriate mitigations. Our vulnerability identification process has followed well
documented security testing methodologies, such as NIST 800-115: “Technical Guide to
5
CYBER SECURITY
Information Security Testing and Assessment”, which focuses on various scanning and
cracking techniques along with a thorough review of implemented technologies and
configurations. In addition to the documented methodology, our analysis has also included
manual inspection techniques using various open-source tools and software fuzzing tests
based on the Mu Security Analyzer.
For the core purpose of securing a computer system, it is extremely vital and
significant to understand all types of attacks, which could be made against it and such threats
could be broadly classified into few levels according to their vulnerabilities. The major and
broad types of cyber threats include backdoor attacks, denial of service or denial of service
attack, eaves dropping, phishing, multi vector polymorphic attack, spoofing, social-
engineering attack, privilege escalation, tampering and finally direct access attacks
(Elmaghraby & Losavio, 2014).
In all of the interactions the information generation and exchange is at least bilateral and
communicative. Actions often call and use information which, in turn, generates new
information related to the services, including bettering those services on analysis.
With computing systems the kernel of security concerns is the information handled by the
system. The three general areas to be secured are
(1) The “privacy” and confidentiality of the information
(2) The integrity and authenticity of the information and
(3) The availability of the information for its use and services.
The culture of information security is highly affected in this type of attack and
employee behaviour comprises of a significant impact on IS within a specific organization.
The entire culture of information security is required to be analysed on a priority basis and
hence the issues are eradicated on time.
Cyber security comprises of a significant impact on the organization of ABCT
(Cherdantseva et al., 2016).
Risk assessment in SCADA systems shall help to prioritise (1) the components of a system in
terms of their importance to the successful operation of the system or in terms of their level
of vulnerability to an attack, and (2) threats in terms of the danger they pose and their
likelihood. Risk assessment shall assist the managers and engineers of SCADA systems with
CYBER SECURITY
Information Security Testing and Assessment”, which focuses on various scanning and
cracking techniques along with a thorough review of implemented technologies and
configurations. In addition to the documented methodology, our analysis has also included
manual inspection techniques using various open-source tools and software fuzzing tests
based on the Mu Security Analyzer.
For the core purpose of securing a computer system, it is extremely vital and
significant to understand all types of attacks, which could be made against it and such threats
could be broadly classified into few levels according to their vulnerabilities. The major and
broad types of cyber threats include backdoor attacks, denial of service or denial of service
attack, eaves dropping, phishing, multi vector polymorphic attack, spoofing, social-
engineering attack, privilege escalation, tampering and finally direct access attacks
(Elmaghraby & Losavio, 2014).
In all of the interactions the information generation and exchange is at least bilateral and
communicative. Actions often call and use information which, in turn, generates new
information related to the services, including bettering those services on analysis.
With computing systems the kernel of security concerns is the information handled by the
system. The three general areas to be secured are
(1) The “privacy” and confidentiality of the information
(2) The integrity and authenticity of the information and
(3) The availability of the information for its use and services.
The culture of information security is highly affected in this type of attack and
employee behaviour comprises of a significant impact on IS within a specific organization.
The entire culture of information security is required to be analysed on a priority basis and
hence the issues are eradicated on time.
Cyber security comprises of a significant impact on the organization of ABCT
(Cherdantseva et al., 2016).
Risk assessment in SCADA systems shall help to prioritise (1) the components of a system in
terms of their importance to the successful operation of the system or in terms of their level
of vulnerability to an attack, and (2) threats in terms of the danger they pose and their
likelihood. Risk assessment shall assist the managers and engineers of SCADA systems with
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
CYBER SECURITY
the development of adequate security policies, with the design of secure system and with the
rational allocation of often scarce resources.
Security requirements for SCADA are identified so that integrity and availability have the
highest priority, while confidentiality is secondary. The vulnerabilities of a system are
identified using existing vulnerability identification libraries. Each vulnerability is classified
as reconnaissance, breach, penetrate, escalation or damage. Time-to-compromise a device is
calculated. It depends on the known vulnerabilities of the target system and the skills of an
attacker.
Since they allow their staff time flexibility by allowing work from home only after
utilization of VPN connection and even comprises of a specific BYOD policy for the staff,
who are working onsite; it is extremely important and significant for them to maintain cyber
security under every circumstance. This particular organization had been a subsequent dupe
of various recent cyber threats and hence they are eventually concerned that the
organizational data may be compromised and the hackers may get hold of customers’ data
(Wells, Camelio, Williams & White, 2014).
The first step towards preventing, detecting, and mitigating the effects of cyber-attacks in
manufacturing is to understand and overcome the current weaknesses in areas, such as
design systems, production control, QC, and manufacturing cyber-security research and
education. One of the most important barriers for cyber-security in manufacturing is that
industry is more concerned with attacks aimed at intellectual property (IP) theft. This is
warranted as computer security has traditionally focused on protecting information.
It could even result in the loss of income and hence ABCT requires to improvise the
security system as well as security related policies and procedures. A document on cyber
security is required to be prepared for training the staff for reducing cyber attacks. The virtual
private networks or wireless networks are required to be secured in ABCT for protecting the
entire scope and customers’ data.
Identifying and Explaining about 3 Security Threats in System of ABCT with Proper
Justification
Three security vulnerability in the respective system of this organization that could be
possible are as follows:
CYBER SECURITY
the development of adequate security policies, with the design of secure system and with the
rational allocation of often scarce resources.
Security requirements for SCADA are identified so that integrity and availability have the
highest priority, while confidentiality is secondary. The vulnerabilities of a system are
identified using existing vulnerability identification libraries. Each vulnerability is classified
as reconnaissance, breach, penetrate, escalation or damage. Time-to-compromise a device is
calculated. It depends on the known vulnerabilities of the target system and the skills of an
attacker.
Since they allow their staff time flexibility by allowing work from home only after
utilization of VPN connection and even comprises of a specific BYOD policy for the staff,
who are working onsite; it is extremely important and significant for them to maintain cyber
security under every circumstance. This particular organization had been a subsequent dupe
of various recent cyber threats and hence they are eventually concerned that the
organizational data may be compromised and the hackers may get hold of customers’ data
(Wells, Camelio, Williams & White, 2014).
The first step towards preventing, detecting, and mitigating the effects of cyber-attacks in
manufacturing is to understand and overcome the current weaknesses in areas, such as
design systems, production control, QC, and manufacturing cyber-security research and
education. One of the most important barriers for cyber-security in manufacturing is that
industry is more concerned with attacks aimed at intellectual property (IP) theft. This is
warranted as computer security has traditionally focused on protecting information.
It could even result in the loss of income and hence ABCT requires to improvise the
security system as well as security related policies and procedures. A document on cyber
security is required to be prepared for training the staff for reducing cyber attacks. The virtual
private networks or wireless networks are required to be secured in ABCT for protecting the
entire scope and customers’ data.
Identifying and Explaining about 3 Security Threats in System of ABCT with Proper
Justification
Three security vulnerability in the respective system of this organization that could be
possible are as follows:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
CYBER SECURITY
i) Phishing: Phishing is the first security vulnerability or threat within the distinctive
system of ABCT (Craigen, Diakun-Thibault & Purse, 2014).
The absence of a concise, universally acceptable definition that captures the
multidimensionality of cybersecurity impedes technological and scientific advances by
reinforcing the predominantly technical view of cybersecurity while separating disciplines
that should be acting in concert to resolve complex cybersecurity challenges. It has become
increasingly apparent that cybersecurity is interdisciplinary. The more inclusive, unifying
definition presented in this article aims to facilitate interdisciplinary approaches to
cybersecurity. We hope that the definition will be embraced by the multiple disciplines
engaged in cybersecurity efforts, thereby opening the door to greater understanding and
collaboration needed to address the growing and complex threats to cyberspace and
cyberspace-enabled systems.
It is a fraud attempt to obtain confidential data such as passwords, username and
details of debit and credit card after disguising oneself as the major trustworthy entity in the
electronic communication. Phishing is majorly carried out by spoofing of electronic mails or
even instant messaging. This particular security vulnerability often directs the users in
entering private information at a false or forged web site that can match to the look and feel
of the legal site (Abawajy, 2014).
Phishing is an increasingly sophisticated attack in which cyber criminals use spoofed emails
and fake web sites to deceit people into giving up personal information. Phishing attacks
exploit the fact that users tend to trust email messages and web sites based on cues that
actually provide little or no meaningful trust information. They tend to target the most
common activities (email and web) that the majority of users spend substantial times on.
Phishing is termed as one of the major examples of social engineering techniques that
are utilized for deceiving the users. The employees of ABC Technologies could be easily
lured by proper communications purporting that are to be done from a specific trusted party
like auction site, online payment processors and many more (Dunn Cavelty, 2013).
This focus on vulnerabilities results in two noteworthy characteristics of the threat
representation: First, the protective capacity of space is obliterated; there is no place that is
safe from an attack. Second, the threat becomes quasi-universal, because it is now
everywhere, creating a sense of “imminent but inexact catastrophe, lurking just beneath the
surface of normal, technologized […] everyday life”. Threats or dangers are no longer
CYBER SECURITY
i) Phishing: Phishing is the first security vulnerability or threat within the distinctive
system of ABCT (Craigen, Diakun-Thibault & Purse, 2014).
The absence of a concise, universally acceptable definition that captures the
multidimensionality of cybersecurity impedes technological and scientific advances by
reinforcing the predominantly technical view of cybersecurity while separating disciplines
that should be acting in concert to resolve complex cybersecurity challenges. It has become
increasingly apparent that cybersecurity is interdisciplinary. The more inclusive, unifying
definition presented in this article aims to facilitate interdisciplinary approaches to
cybersecurity. We hope that the definition will be embraced by the multiple disciplines
engaged in cybersecurity efforts, thereby opening the door to greater understanding and
collaboration needed to address the growing and complex threats to cyberspace and
cyberspace-enabled systems.
It is a fraud attempt to obtain confidential data such as passwords, username and
details of debit and credit card after disguising oneself as the major trustworthy entity in the
electronic communication. Phishing is majorly carried out by spoofing of electronic mails or
even instant messaging. This particular security vulnerability often directs the users in
entering private information at a false or forged web site that can match to the look and feel
of the legal site (Abawajy, 2014).
Phishing is an increasingly sophisticated attack in which cyber criminals use spoofed emails
and fake web sites to deceit people into giving up personal information. Phishing attacks
exploit the fact that users tend to trust email messages and web sites based on cues that
actually provide little or no meaningful trust information. They tend to target the most
common activities (email and web) that the majority of users spend substantial times on.
Phishing is termed as one of the major examples of social engineering techniques that
are utilized for deceiving the users. The employees of ABC Technologies could be easily
lured by proper communications purporting that are to be done from a specific trusted party
like auction site, online payment processors and many more (Dunn Cavelty, 2013).
This focus on vulnerabilities results in two noteworthy characteristics of the threat
representation: First, the protective capacity of space is obliterated; there is no place that is
safe from an attack. Second, the threat becomes quasi-universal, because it is now
everywhere, creating a sense of “imminent but inexact catastrophe, lurking just beneath the
surface of normal, technologized […] everyday life”. Threats or dangers are no longer
8
CYBER SECURITY
perceived as coming exclusively from a certain direction—traditionally, the outside—but are
system-inherent; the threat is a quasi-latent characteristic of the system, which feeds a
permanent sense of vulnerability and inevitable disaster.
The respective attempts for dealing with few significant phishing incidents majorly
involve user training, technical security measures and user training.
ii) SQL Injection Attacks: The second distinctive and important security vulnerability
within the subsequent system of ABCT is SQL injection attack. It can be referred to as a
technique of code injection, which can be used for criticising data driven application, where
the malicious SQL statement is being injected into the entry field for better accomplishment
(Cavelty, 2014).
The inward-looking focus on the other hand is about vulnerabilities in (computer) systems. In
computer security, a vulnerability is understood as the confluence of three elements that in
themselves combine the inward and the outward looking perspective: a system susceptibility
or flaw, an attacker’s knowledge of and access to the flaw, and an attacker’s capability to
exploit the flaw (i.e. NIST 2002: 15). The result of a successful utilization of a vulnerability is
a compromise of the systems information security. Due to the characteristics of digitally
stored information, an intruder can delay, disrupt, corrupt, exploit, destroy, steal, and modify
information, with various implications.
This SQL injection should eventually exploit the security vulnerability within the
software of an application and hence users’ inputs could either be inappropriately filtered for
sequential literal escape character that is being implanted in a SQL statement as well as user
inputs not being strongly typed or performed (Ben-Asher & Gonzalez, 2015).
Detailed instructions stated that the local corporate network is connected to the Internet
through a router that routes Internet traffic to and from the local network. The network has
two zones or sub-networks: one containing a public web server, and the other containing a
private file server (with payroll, accounting, sales, marketing data, etc.) and a private cluster
of workstation computers that company employees use for their daily work. The public web
server runs two services (httpd and ftpd) and enables shoppers on the Internet to buy
products using the company’s website. The fileserver stores the company’s data and runs two
services (ftpd and nfsd) that allow access to the data over the network. The employees of the
company use their workstations to access the Internet, as well as the data stored on the
CYBER SECURITY
perceived as coming exclusively from a certain direction—traditionally, the outside—but are
system-inherent; the threat is a quasi-latent characteristic of the system, which feeds a
permanent sense of vulnerability and inevitable disaster.
The respective attempts for dealing with few significant phishing incidents majorly
involve user training, technical security measures and user training.
ii) SQL Injection Attacks: The second distinctive and important security vulnerability
within the subsequent system of ABCT is SQL injection attack. It can be referred to as a
technique of code injection, which can be used for criticising data driven application, where
the malicious SQL statement is being injected into the entry field for better accomplishment
(Cavelty, 2014).
The inward-looking focus on the other hand is about vulnerabilities in (computer) systems. In
computer security, a vulnerability is understood as the confluence of three elements that in
themselves combine the inward and the outward looking perspective: a system susceptibility
or flaw, an attacker’s knowledge of and access to the flaw, and an attacker’s capability to
exploit the flaw (i.e. NIST 2002: 15). The result of a successful utilization of a vulnerability is
a compromise of the systems information security. Due to the characteristics of digitally
stored information, an intruder can delay, disrupt, corrupt, exploit, destroy, steal, and modify
information, with various implications.
This SQL injection should eventually exploit the security vulnerability within the
software of an application and hence users’ inputs could either be inappropriately filtered for
sequential literal escape character that is being implanted in a SQL statement as well as user
inputs not being strongly typed or performed (Ben-Asher & Gonzalez, 2015).
Detailed instructions stated that the local corporate network is connected to the Internet
through a router that routes Internet traffic to and from the local network. The network has
two zones or sub-networks: one containing a public web server, and the other containing a
private file server (with payroll, accounting, sales, marketing data, etc.) and a private cluster
of workstation computers that company employees use for their daily work. The public web
server runs two services (httpd and ftpd) and enables shoppers on the Internet to buy
products using the company’s website. The fileserver stores the company’s data and runs two
services (ftpd and nfsd) that allow access to the data over the network. The employees of the
company use their workstations to access the Internet, as well as the data stored on the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9
CYBER SECURITY
fileserver. The firewall prevents unwanted Internet connections from entering the local
network, and it also checks the traffic between the different components of the local network.
The SQL injection can be majorly known as the attack vector for the significant web
site of ABC Technologies, however these could be easily utilized for attacking the respective
SQL database. The identity could be easily spoofed and confidential data of ABCT could be
eventually tampered, hence causing issues of repudiation like rejecting of transactions and
modifying of balance or agreeing the entire disclosure of system data (Knowles, Prince,
Hutchison, Disso & Jones, 2015).
The availability of a comprehensive and robust set of security metrics is essential for
organizations to meet various business objectives. A challenge arises in the risk management
of industrial control systems because standards and methodologies for traditional
information technology systems cannot be applied directly. For traditional information
technology systems, the order of prioritized security goals on which these approaches are
based is typically confidentiality, integrity and then availability (CIA).
Moreover, the data could even be destroyed or made unavailable, which could be
extremely vulnerable for this particular organization.
iii) Denial of Service: The next important and noteworthy security vulnerability that
can be extremely vulnerable for the system of ABCT is DoS. The attack of DoS is a type of
cyber-attack, where the significant wrongdoer eventually seeks into a machine and network
for the core purpose of making this network resource or machine completely unavailable to
its respective intended users either by temporarily and indefinitely upsetting the service of the
company host linked to Internet (Fielder, Panaousis, Malacaria, Hankin & Smeraldi, 2016).
One of the biggest issues facing organisations today is how they are able to defend
themselves from potential cyber attacks. The range and scope of these unknown attacks
create the need for organisations to prioritise the manner in which they defend themselves.
With this each organisation needs to consider the threats that they are most at risk from and
act in such a way so as to reduce the vulnerability across as many relevant vulnerabilities as
possible.
This type of DoS attack is usually executed by flooding every specific targeted
resource or machine with all types of redundant requests within the major attempt of
overloading the systems and also preventing few or legal requests from getting fulfilled. The
CYBER SECURITY
fileserver. The firewall prevents unwanted Internet connections from entering the local
network, and it also checks the traffic between the different components of the local network.
The SQL injection can be majorly known as the attack vector for the significant web
site of ABC Technologies, however these could be easily utilized for attacking the respective
SQL database. The identity could be easily spoofed and confidential data of ABCT could be
eventually tampered, hence causing issues of repudiation like rejecting of transactions and
modifying of balance or agreeing the entire disclosure of system data (Knowles, Prince,
Hutchison, Disso & Jones, 2015).
The availability of a comprehensive and robust set of security metrics is essential for
organizations to meet various business objectives. A challenge arises in the risk management
of industrial control systems because standards and methodologies for traditional
information technology systems cannot be applied directly. For traditional information
technology systems, the order of prioritized security goals on which these approaches are
based is typically confidentiality, integrity and then availability (CIA).
Moreover, the data could even be destroyed or made unavailable, which could be
extremely vulnerable for this particular organization.
iii) Denial of Service: The next important and noteworthy security vulnerability that
can be extremely vulnerable for the system of ABCT is DoS. The attack of DoS is a type of
cyber-attack, where the significant wrongdoer eventually seeks into a machine and network
for the core purpose of making this network resource or machine completely unavailable to
its respective intended users either by temporarily and indefinitely upsetting the service of the
company host linked to Internet (Fielder, Panaousis, Malacaria, Hankin & Smeraldi, 2016).
One of the biggest issues facing organisations today is how they are able to defend
themselves from potential cyber attacks. The range and scope of these unknown attacks
create the need for organisations to prioritise the manner in which they defend themselves.
With this each organisation needs to consider the threats that they are most at risk from and
act in such a way so as to reduce the vulnerability across as many relevant vulnerabilities as
possible.
This type of DoS attack is usually executed by flooding every specific targeted
resource or machine with all types of redundant requests within the major attempt of
overloading the systems and also preventing few or legal requests from getting fulfilled. The
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10
CYBER SECURITY
most common example of a DoS attack is the distributed denial of service or DDoS attacks,
in which the incoming traffic floods the victim that is being originated from several sources.
It makes it completely impossible for stopping such attacks after blocking a single source
(Luiijf, Besseling & De Graaf, 2013).
A wide array of action areas is elaborated on by the 19 NCSS, with often a considerable
overlap. All nations except Uganda explicitly address in their NCSS the protection of their
own CIs including the government’s own ICT. Some nations refer to already existing
activities rather than starting new ones. As cyber security deals with and addresses the same
global set of threats, common focal points and activities could be expected amongst the
NCSS, such as international comparable, or even harmonised, definitions and terminology.
Due to the global nature of cyberspace, international collaboration could be expected to be
one of the highest priorities of each of the NCSS.
This type of attack is completely analogous to the employees of an organization and
hence it is solely responsible for disrupting the services to a higher level. Since, the
organization of ABCT is providing VPN to every computer service and free wireless local
area network access to their visitors and guests, denial of service attack could be extremely
common for the organization and they should undertake some of the major and the most
significant issues regarding their safety and security.
Listing of 5 Different Kinds of Emerging Threat affecting Organization with Proper
Description regarding Damages caused by Attacks
The five different kinds of emerging vulnerabilities that cause major affect the
distinctive organization of ABC Technologies could be extremely vulnerable and problematic
for each and every security system or confidential data (Abomhara, 2015).
Security has been defined as a process to protect an object against physical damage,
unauthorized access, theft, or loss, by maintaining high confidentiality and integrity of
information about the object and making information about that object available whenever
needed. There is no thing as the secure state of any object, tangible or not, because no such
object can ever be in a perfectly secure state and still be useful. An object is secure if the
process can maintain its maximum intrinsic value under different conditions.
The cyber threat landscape mainly continue in evolving with the new threats emerging
on a regular basis. The core ability to track and prepare to face all of such issues so that the
organization could eventually improve their respective resilience and provide better support
CYBER SECURITY
most common example of a DoS attack is the distributed denial of service or DDoS attacks,
in which the incoming traffic floods the victim that is being originated from several sources.
It makes it completely impossible for stopping such attacks after blocking a single source
(Luiijf, Besseling & De Graaf, 2013).
A wide array of action areas is elaborated on by the 19 NCSS, with often a considerable
overlap. All nations except Uganda explicitly address in their NCSS the protection of their
own CIs including the government’s own ICT. Some nations refer to already existing
activities rather than starting new ones. As cyber security deals with and addresses the same
global set of threats, common focal points and activities could be expected amongst the
NCSS, such as international comparable, or even harmonised, definitions and terminology.
Due to the global nature of cyberspace, international collaboration could be expected to be
one of the highest priorities of each of the NCSS.
This type of attack is completely analogous to the employees of an organization and
hence it is solely responsible for disrupting the services to a higher level. Since, the
organization of ABCT is providing VPN to every computer service and free wireless local
area network access to their visitors and guests, denial of service attack could be extremely
common for the organization and they should undertake some of the major and the most
significant issues regarding their safety and security.
Listing of 5 Different Kinds of Emerging Threat affecting Organization with Proper
Description regarding Damages caused by Attacks
The five different kinds of emerging vulnerabilities that cause major affect the
distinctive organization of ABC Technologies could be extremely vulnerable and problematic
for each and every security system or confidential data (Abomhara, 2015).
Security has been defined as a process to protect an object against physical damage,
unauthorized access, theft, or loss, by maintaining high confidentiality and integrity of
information about the object and making information about that object available whenever
needed. There is no thing as the secure state of any object, tangible or not, because no such
object can ever be in a perfectly secure state and still be useful. An object is secure if the
process can maintain its maximum intrinsic value under different conditions.
The cyber threat landscape mainly continue in evolving with the new threats emerging
on a regular basis. The core ability to track and prepare to face all of such issues so that the
organization could eventually improve their respective resilience and provide better support
11
CYBER SECURITY
to the business goals. The total number of high profile breaches as well as attacks might bring
major issues and could even undertake cyber security on a priority basis (Sou, Sandberg &
Johansson, 2013).
This paper considers a smart grid cyber-security problem analyzing the vulnerabilities of
electric power networks to false data attacks. The analysis problem is related to a
constrained cardinality minimization problem. To perform the cyber-security analysis in a
timely manner, it is important to solve the data attack construction problem efficiently.
These five kinds of emerging risks, which may affect ABC Technologies are as
follows:
i) Cryptojacking: The first important and significant type of emerging threat, which
may eventually affect the organization of ABCT is crypto jacking. Ransom ware has always
been one of the most significant and chief threat that has a major impact on businesses within
last two years by simply misusing the most basic threats after inclusion of data back ups and
network segmentation (Bada, Sasse & Nurse, 2019).
Simple transfer of knowledge about good practices in security is far from enough. Knowledge
and awareness is a prerequisite to change behaviour but not necessarily sufficient, and this
is why it has to be implemented in conjunction with other influencing strategies. It is very
important to embed positive cyber security behaviours, which can result to thinking
becoming a habit, and a part of an organisation’s cyber security culture. One of the main
reasons why users do not behave optimally is that security systems and policies are poorly
designed – this has been presented time and time again throughout research.
Presently, the threat actors are eventually employing similar variants of ransom ware
attack that were previously utilized for encoding confidential data for obtaining ransom is
termed as cryptojacking. This rise of cryptoacking has referred to the fact that the systems
might get attacked and the users would not get any idea about the attack. This type of attack
can complete extract the information of systems and the users do not even realize it (Hong,
Liu & Govindarasu, 2014).
Cyber intrusions to substations of a power grid are a source of vulnerability since most
substations are unmanned and with limited protection of the physical security. In the worst
case, simultaneous intrusions into multiple substations can lead to severe cascading events,
causing catastrophic power outages. Cyber security of substations has been recognized as a
CYBER SECURITY
to the business goals. The total number of high profile breaches as well as attacks might bring
major issues and could even undertake cyber security on a priority basis (Sou, Sandberg &
Johansson, 2013).
This paper considers a smart grid cyber-security problem analyzing the vulnerabilities of
electric power networks to false data attacks. The analysis problem is related to a
constrained cardinality minimization problem. To perform the cyber-security analysis in a
timely manner, it is important to solve the data attack construction problem efficiently.
These five kinds of emerging risks, which may affect ABC Technologies are as
follows:
i) Cryptojacking: The first important and significant type of emerging threat, which
may eventually affect the organization of ABCT is crypto jacking. Ransom ware has always
been one of the most significant and chief threat that has a major impact on businesses within
last two years by simply misusing the most basic threats after inclusion of data back ups and
network segmentation (Bada, Sasse & Nurse, 2019).
Simple transfer of knowledge about good practices in security is far from enough. Knowledge
and awareness is a prerequisite to change behaviour but not necessarily sufficient, and this
is why it has to be implemented in conjunction with other influencing strategies. It is very
important to embed positive cyber security behaviours, which can result to thinking
becoming a habit, and a part of an organisation’s cyber security culture. One of the main
reasons why users do not behave optimally is that security systems and policies are poorly
designed – this has been presented time and time again throughout research.
Presently, the threat actors are eventually employing similar variants of ransom ware
attack that were previously utilized for encoding confidential data for obtaining ransom is
termed as cryptojacking. This rise of cryptoacking has referred to the fact that the systems
might get attacked and the users would not get any idea about the attack. This type of attack
can complete extract the information of systems and the users do not even realize it (Hong,
Liu & Govindarasu, 2014).
Cyber intrusions to substations of a power grid are a source of vulnerability since most
substations are unmanned and with limited protection of the physical security. In the worst
case, simultaneous intrusions into multiple substations can lead to severe cascading events,
causing catastrophic power outages. Cyber security of substations has been recognized as a
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 20
