Cyber Security Threat Management Report

Verified

Added on 2020/03/16

AI Summary

This report discusses various aspects of cyber security threat management, including types of hacking, compliance issues, the role of bots, and the risks associated with Bring Your Own Device (BYOD) policies. It emphasizes the importance of understanding cyber threats and implementing effective security measures to protect sensitive information and systems from potential attacks.

Cyber security 1
Cyber Security
Student’s Name
Professor
Institution Affiliation
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber security 2
Cybersecurity threat management
Cybersecurity are measures and activities which protect computers, computer
networks, computer hardware and software and other elements of cyberspace from disruption
and attacks. An individual should understand the different forms of attacks that they are
likely to encounter so as to put in the best level of security they can. There exist different
threats facing cyber security. These threats include hacking among others as discussed below.
Hacking
There are different types of hacking i.e. the hacktivist, the black hat and the white hat.
Most of the hackers follow a proper methodology in order to lessen the risk of being caught.
Hackers perform a preliminary survey that is the pre-attack step whereby the hackers collect,
identify and record details about the respective corporation or individual. Secondly, the
hacker undertakes a scanning and listing process. In this process the novice hackers utilize
powerless scanners to find holes in one’s network. The success of this process depends on the
security of the network that is being hacked (Wang and Lu, 2013 pg. 1366).
The hacker proceeds to the next step provided a weak spot has been identified in the
said network. In this step, the hacker tries to penetrate the network using the loop holes in the
network. The network intruder spreads damage from system to system by infiltrating the
weakness in one’s web server software. Their privilege escalates to a point where they get
access to more resources and is mostly not noticed by administrators or users (O’Connell,
2012 pg. 198). This is not due to the negligence of such users, but it is due to the manner in
which the hackers intrude their networks. In most cases, they use technical skills that are not
easily noticed by any normal user.
The hacker has to maintain control of the system once he/she has penetrated the
network. The hacker specialist hides their presence in the web server and remain in control.

Cyber security 3
At this stage one is helpless and is left with the option to rebuild one’s entire system all over
again. The hacker can do serious damage in this case where the hacker has access to the
network but the network owners are unawares. Hackers uses this opportunity to steal crucial
information from an organization which they can then use for monetary gains. At some point,
it may not be just for monetary gains but some just hack into systems with an aim of causing
disruptions.
Most hackers make their own backdoors in which case they gain full access to the
system or network. With these backdoors, they are capable of accessing the network just like
any other authorized personnel in the said network. All event logs are deleted and they install
their own files, which will then allow them to access the system without being noticed, and
can never be traced in any way possible. Remote Access Trojans can be used remotely, which
is a highly destructive malware which is commonly known as RAT. By this stage, can we
actually recover our system from the hacker who wants to sell it to the highest bidder on
underground networks?
Compliance with Cyber Security
The importance of rules in any civilization cannot be over emphasized. Among the
basic rules in the computer world, is the rule against installing third party software on
company systems (Javaid, Sun, Devabhaktuni and Alam, 2012 pg. 585) This rule is however,
broken by most employees and thus puts the company’s computer systems at risk. This is a
classic example of non-compliance with cyber security policies of a company. Employees
who violate this rule should be punished accordingly and take responsibility of the damage
caused by a cyber-attack caused by such behavior.
Non-compliance to this policy includes things employees term as trivial. For instance,
employees may log in to their social media accounts using the company’s computers. This

Cyber security 4
has the same effect with visiting some websites in the internet that put the computer at a risk
of cyber-attack (Jouini, Rabai and Aissa, 2014 pg. 492). Such actions put the computers at a
risk of IP spoofing. Additionally, emailing sensitive data from home to work puts the data in
risk. This owes to the fact that data in transit as to be encoded and such encoding can only be
achieved by a secure company network.
Hacking data in transit can be done by amateur hackers because the general
encryption of emails has been decoded time and again. In other cases, connecting company
devices to unsecure networks puts the company’s sensitive data at risk. Again, the unsecure
networks put data hat in transit at risk and again computers that are connected to such
networks can be hacked. This might seem like a simple rule, but employees have to be
reminded not to store passwords in word or text documents (Javaid et al. 2012 pg. 588). This
is because they can be easily accessed. In this case, the hacker does not need any hacking
skills whatsoever to access the company’s sensitive data.
Bots
These little programs are very intelligent in terms of their functionality and complete
a job or their intended purpose as quickly as possible. They usually developed by hackers,
where they utilize these programs to scan the system networks obtaining crucial data or
information in the process. The information obtained through unknown access points and
weak places in software patches which are new and then exploit them to their benefit (Benzel,
2012 pg. 142).
Given their ability to complete any singular task assigned to them very well, it is a
challenge to protect one’s organization against them. Bots are used to locate the simplest
method of access in the early stages of an attack. Thus, Bots are good to some extent, but if

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber security 5
used by individuals with bad motives, then it delivers “good results” to them/. They can be
employed to scan one’s system integrity (Mo, et al. 2012 pg. 201).
Making your system networks less vulnerable to external attacks or any potential
intrusion keeps the hackers away, making them to proceed looking for their targets which are
vulnerable (Wang and Lu, 2013 pg. 1358). The advantage of employing bots to a system is that
they can be used repeatedly and are cheap as long as they are used correctly. The main
question to ask yourself when purchasing a bot is: are they most efficient as defenders or as
destroyers?
Bring Your Own Device
This case mostly applies to plugging in your USB Flash Drive from one computer to
another. For example, you want to share some files from your computer to another friend’s
computer or from your home computer to an organizations computer (Bonaci, et al. 2915).
You just have to plug in and begin your presentation, but then why is this considered to be a
not so good idea? A virus like Malware may not have been detected by your home computer
security software which has now infected your USB Flash Drive. As you connect it to any
other computer, you spread the virus to the enterprise network it belongs to (Aloul, et al.
2012 pg. 5). As a result, the virus gains access to the weakest points of the system and
propagates across any other computer connected to that enterprise network as long as files are
transferred from that computer to another of the same network.
According to Von Solms and Van Niekerk (2013 pg. 99), HP conducted a survey and
found that 96% of the personal devices such as computers and mobile phones had privacy
issues and over 70% having insufficient data encryption. This also means that wearable
technologies can lead to unforeseen damages, not only to the affected devices but also to the
users. This is the major underlying reason that has made most of the organizations to come up

Cyber security 6
with regulations and policies which give benefits such as the utilization of personal devices to
supplement the company’s gadgets. In this manner, the company reduces considerable in
terms of expenditure as well as the security concerns. In this case, if a third party
compromises the device, your software will be invaded thus allowing your files and
documents to be accessed (Dunn Cavelty, 2013 pg. 115).
The most frequent question is that can you use your phone or USB Flash Drive to take
some files from work to look at them at home? The best way to face this dilemma is through
installing some protection software in your phone. This makes it easier to detect any
unwanted virus, whether it is from your phone or the work computer (Yan, et al. 2012). It is
also the easiest way to protect the company operated software.
Individuals should always be informed on such matters as, the kind of data they and
information they possess in their various devices, and how they should safeguard them
against external threats. It is always advisable to have systems that are immune to external
attacks, and also, networks should be robust to avoid any malicious attack and keep away
hackers due to complexities involved.

Cyber security 7

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Cyber security 8
References
Aloul, F., Al-Ali, A.R., Al-Dalky, R., Al-Mardini, M. and El-Hajj, W., 2012. Smart grid
security: Threats, vulnerabilities and solutions. International Journal of Smart Grid
and Clean Energy, 1(1), pp.1-6.
Benzel, T., 2012. The science of cyber security experimentation: the DETER project. In
Proceedings of the 27th Annual Computer Security Applications Conference (pp. 137-
148). ACM.
Bonaci, T., Herron, J., Yusuf, T., Yan, J., Kohno, T. and Chizeck, H.J., 2015. To make a
robot secure: An experimental analysis of cyber security threats against teleoperated
surgical robots. arXiv preprint arXiv:1504.04339.
Dunn Cavelty, M., 2013. From cyber-bombs to political fallout: Threat representations with
an impact in the cyber-security discourse. International Studies Review, 15(1),
pp.105-122.
Javaid, A.Y., Sun, W., Devabhaktuni, V.K. and Alam, M., 2012, November. Cyber security
threat analysis and modeling of an unmanned aerial vehicle system. In Homeland
Security (HST), 2012 IEEE Conference on Technologies for (pp. 585-590). IEEE.
Jouini, M., Rabai, L.B.A. and Aissa, A.B., 2014. Classification of security threats in
information systems. Procedia Computer Science, 32, pp.489-496.
Mo, Y., Kim, T.H.J., Brancik, K., Dickinson, D., Lee, H., Perrig, A. and Sinopoli, B., 2012.
Cyber–physical security of a smart grid infrastructure. Proceedings of the IEEE,
100(1), pp.195-209.
O’Connell, M.E., 2012. Cyber security without cyber war. Journal of Conflict and Security
Law, 17(2), pp.187-209.

Cyber security 9
Rowe, D.C., Lunt, B.M. and Ekstrom, J.J., 2012, October. The role of cyber-security in
information technology education. In Proceedings of the 2012 conference on
Information technology education (pp. 113-122). ACM.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber security.
computers & security, 38, pp.97-102.
Wang, W. and Lu, Z., 2013. Cyber security in the Smart Grid: Survey and challenges.
Computer Networks, 57(5), pp.1344-1371
Yan, Y., Qian, Y., Sharif, H. and Tipper, D., 2012. A survey on cyber security for smart grid
communications. IEEE Communications Surveys & Tutorials.