Cyber Security Report: Analyzing Risks and Implementing Protections
VerifiedAdded on 2020/05/16
|13
|5221
|102
Report
AI Summary
This report, prepared for Gigantic Corporation, provides a comprehensive overview of cyber security risks and mitigation strategies. It begins with an executive summary highlighting the importance of securing online activities, particularly data stored in the cloud. The report then delves into a detailed risk assessment, identifying threats such as insider threats, phishing attacks, ransomware, and denial-of-service attacks. A risk register is presented, detailing the likelihood, impact, and priority of each threat. The report emphasizes the need for a robust intrusion detection system and antivirus programs to protect the organization's data and system. It also discusses various protection mechanisms, including employee training, access control, and the importance of a proper cybersecurity policy. The analysis emphasizes both passive and active attacks, highlighting the severity of insider threats and the dangers of phishing and ransomware. The report concludes with a call to action, urging Gigantic Corporation to implement the recommended security measures to safeguard its confidential data, financial information, and customer base. This report is available on Desklib, a platform providing AI-based study tools for students.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running head: CYBER SECURITY
Cyber Security
Name of the Student
Name of the University
Author Note
Cyber Security
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1
CYBER SECURITY
Table of Contents
Executive Summary.............................................................................................................2
Risk Assessment..................................................................................................................3
Risk Register....................................................................................................................3
Protection mechanism..........................................................................................................9
References..........................................................................................................................11
CYBER SECURITY
Table of Contents
Executive Summary.............................................................................................................2
Risk Assessment..................................................................................................................3
Risk Register....................................................................................................................3
Protection mechanism..........................................................................................................9
References..........................................................................................................................11
2
CYBER SECURITY
Executive Summary
Gigantic Corporation conducts several online activities, and it includes backing up of
data in the cloud. That is why they will have to consider the security and the privacy issues
associated with the business activities. Gigantic Corporation must assure security and privacy of
their existing system. The organization will have to take the responsibility to secure the
employees confidential data those who are working in the organization. The report explains the
appropriate project plan by which the security system can be implemented within the
organization. The project is quite difficult as it will have to identify all the threats residing within
the system also it will have to provide the solutions to mitigate those risks. The report illustrates
in details the possible threats that generally occur while Gigantic Corporation conducts the
business operations. The IT Risk Management report explains all the threats in details, the
report’s aim is to identify the threats first, then analyze the risks and lastly the mitigation of all
the risks. The project plan can only become successful if Gigantic Corporation deploys the
system applying appropriate intrusion detection system. Gigantic Corporation must have to
analyze threats and risks well in order to build an efficient intrusion detection system. It is quite
difficult and complicated to assure cybersecurity in an organization. Gigantic Corporation will
have to understand the tools, vectors and mechanism of security exploitation and will have to
predict the outcome of the system. The risks that are analyzed must be managed well, in this way
the project can become successful. Gigantic Corporation must establish a secured network within
the organization to ensure security of the organization. Gigantic Corporation must implement
appropriate project plan that is capable to mitigate the risks and threats. The project plan must
analyze the risks and the threats deeply taking considerable amount of time. Then they should
propose a plan by which Gigantic Corporation can conduct the online activities safely and
securely. Gigantic Corporation must be aware of the insider threat as this threat can prove to be
dangerous. These insider threats are quite difficult to predict beforehand as the employees of the
organization are involved. The employees of the organizations generally have access to all the
confidential data. Therefore, they can steal the data, they can modify the data and can even delete
the data. The report also explains external threat that can prove to be disastrous for Gigantic
Corporation. The intruders send emails to the employees and conduct the malicious activities.
The employees reply those emails and fall into the trap. The intruders get to know all the details
of the company through these malicious activities. Gigantic Corporation thus can face severe
loss, can lose money, can lose reputation, and can lose the customer base as well. The report
discusses about the various protection mechanisms following which Gigantic Corporation can
safeguard their system.
CYBER SECURITY
Executive Summary
Gigantic Corporation conducts several online activities, and it includes backing up of
data in the cloud. That is why they will have to consider the security and the privacy issues
associated with the business activities. Gigantic Corporation must assure security and privacy of
their existing system. The organization will have to take the responsibility to secure the
employees confidential data those who are working in the organization. The report explains the
appropriate project plan by which the security system can be implemented within the
organization. The project is quite difficult as it will have to identify all the threats residing within
the system also it will have to provide the solutions to mitigate those risks. The report illustrates
in details the possible threats that generally occur while Gigantic Corporation conducts the
business operations. The IT Risk Management report explains all the threats in details, the
report’s aim is to identify the threats first, then analyze the risks and lastly the mitigation of all
the risks. The project plan can only become successful if Gigantic Corporation deploys the
system applying appropriate intrusion detection system. Gigantic Corporation must have to
analyze threats and risks well in order to build an efficient intrusion detection system. It is quite
difficult and complicated to assure cybersecurity in an organization. Gigantic Corporation will
have to understand the tools, vectors and mechanism of security exploitation and will have to
predict the outcome of the system. The risks that are analyzed must be managed well, in this way
the project can become successful. Gigantic Corporation must establish a secured network within
the organization to ensure security of the organization. Gigantic Corporation must implement
appropriate project plan that is capable to mitigate the risks and threats. The project plan must
analyze the risks and the threats deeply taking considerable amount of time. Then they should
propose a plan by which Gigantic Corporation can conduct the online activities safely and
securely. Gigantic Corporation must be aware of the insider threat as this threat can prove to be
dangerous. These insider threats are quite difficult to predict beforehand as the employees of the
organization are involved. The employees of the organizations generally have access to all the
confidential data. Therefore, they can steal the data, they can modify the data and can even delete
the data. The report also explains external threat that can prove to be disastrous for Gigantic
Corporation. The intruders send emails to the employees and conduct the malicious activities.
The employees reply those emails and fall into the trap. The intruders get to know all the details
of the company through these malicious activities. Gigantic Corporation thus can face severe
loss, can lose money, can lose reputation, and can lose the customer base as well. The report
discusses about the various protection mechanisms following which Gigantic Corporation can
safeguard their system.
3
CYBER SECURITY
Risk Assessment
Risk Assessment is a procedure by which the risks and threats associated with online
activities can be well analyzed. Risk Assessment consists of procedures by which Gigantic
Corporation can detect the issues beforehand. The procedures will help Gigantic Corporation to
know the various levels of risks. Proper risk management process is divided into several stages-
first of all, it includes the identification of risks, the detailed analysis of risks and the control
measures to mitigate all those risks (Burley, Eisenberg & Goodman, 2014). The identification of
risks involves the analysis of all the risks that can attack the system and the database. The
analysis of risks involves the harmful impact of all the risks to Gigantic Corporation system and
the database. After appropriate accessing of risks, the control measures can help Gigantic
Corporation to mitigate the risks. The control measures ensure that the data does not get lost
from the database. The control measures can help Gigantic Corporation to ensure that the
financial data and the confidential data of the clients remain safe (Glantz et al., 2016). The
organization can safeguard their system from potential virus and malware attack.
The online activities contain a large number of risks. The project analysis helps in
identifying, analyzing and evaluation of risks. The primary objective of the project is to design a
secure network for Gigantic Corporation that can help to ensure the security of the organization
(Manuel, Cordeiro & Silva, 2017). The project will make sure that the cybersecurity can protect
the existing system of Gigantic Corporation from several threats and risks. Gigantic Corporation
must have to take effective cybersecurity control measures so that Gigantic Corporation can
carry out business activities over the cloud platform effectively. IT Risk Management report
leads to the design of Risk Register, the risk register is helpful to provide details of the risks,
their likelihood, their impact and their priority (Miller, 2016). The Risk Register can help
Gigantic Corporation to find out the best solution.
Risk Register
Numbe
r
Cyber
threats
Explanation of the risks and the
threats
Possibilit
y
Impact Priorit
y
1. Threat
Insider
threats
Threat insider attack leads to loss
of confidential data (Keller,
2015)
High Severe High
2. Phishing
attack
The users are directed to a
malicious website which looks
like a real website, but in reality,
it is not. The attack is carried out
sending emails to users or victims
(McGettrick et al., 2014)
High Severe High
CYBER SECURITY
Risk Assessment
Risk Assessment is a procedure by which the risks and threats associated with online
activities can be well analyzed. Risk Assessment consists of procedures by which Gigantic
Corporation can detect the issues beforehand. The procedures will help Gigantic Corporation to
know the various levels of risks. Proper risk management process is divided into several stages-
first of all, it includes the identification of risks, the detailed analysis of risks and the control
measures to mitigate all those risks (Burley, Eisenberg & Goodman, 2014). The identification of
risks involves the analysis of all the risks that can attack the system and the database. The
analysis of risks involves the harmful impact of all the risks to Gigantic Corporation system and
the database. After appropriate accessing of risks, the control measures can help Gigantic
Corporation to mitigate the risks. The control measures ensure that the data does not get lost
from the database. The control measures can help Gigantic Corporation to ensure that the
financial data and the confidential data of the clients remain safe (Glantz et al., 2016). The
organization can safeguard their system from potential virus and malware attack.
The online activities contain a large number of risks. The project analysis helps in
identifying, analyzing and evaluation of risks. The primary objective of the project is to design a
secure network for Gigantic Corporation that can help to ensure the security of the organization
(Manuel, Cordeiro & Silva, 2017). The project will make sure that the cybersecurity can protect
the existing system of Gigantic Corporation from several threats and risks. Gigantic Corporation
must have to take effective cybersecurity control measures so that Gigantic Corporation can
carry out business activities over the cloud platform effectively. IT Risk Management report
leads to the design of Risk Register, the risk register is helpful to provide details of the risks,
their likelihood, their impact and their priority (Miller, 2016). The Risk Register can help
Gigantic Corporation to find out the best solution.
Risk Register
Numbe
r
Cyber
threats
Explanation of the risks and the
threats
Possibilit
y
Impact Priorit
y
1. Threat
Insider
threats
Threat insider attack leads to loss
of confidential data (Keller,
2015)
High Severe High
2. Phishing
attack
The users are directed to a
malicious website which looks
like a real website, but in reality,
it is not. The attack is carried out
sending emails to users or victims
(McGettrick et al., 2014)
High Severe High
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4
CYBER SECURITY
3. Ransomware
attack
Encrypt all the files of the
system, even it sabotage the
entire system as well (Pusey,
Gondree & Peterson, 2016)
High Severe High
4. BYOD
threats
Employees carry out business
activities over their mobile
phones. The mobile phones can
act as a source of vulnerability
Medium Severe High
5. Denial of
Service
attack
Blocks the entire network, restrict
the Admin of the computer
system to gain access to their own
system (Scott & Trimarchi,
2017)
Low Very
low
Low
6. Brute Force
attack
Hackers use specific software to
guess the password of the users’
system, however, this guessing
needs a lot of time (Shoemaker,
Kohnke & Sigler, 2016)
Medium Medium Mediu
m
7. Injection
attack
Hackers take control of the
database of any individuals or
any organisation (Van Vuuren,
2016)
Medium High High
8. Malware
attack
Malware attack involves
hijacking one’ system unethically
and stealing, modifying and
deleting confidential data of that
system (Sherman et al., 2017)
High Severe High
9. Lack of
Recovery
Planning
Permanent data loss can occur
due to lack of recovery planning
(Datta, 2017)
Low Medium Low
10. Lack of
proper
cybersecurity
policy
Chances of cyberattack increase
if organisations do not follow
security policies (Olesen, 2016)
Low Low Low
The risks that have illustrated above are some of the most common threat that Gigantic
Corporation is facing. The risk matrix will be helpful to assess the risks that Gigantic
CYBER SECURITY
3. Ransomware
attack
Encrypt all the files of the
system, even it sabotage the
entire system as well (Pusey,
Gondree & Peterson, 2016)
High Severe High
4. BYOD
threats
Employees carry out business
activities over their mobile
phones. The mobile phones can
act as a source of vulnerability
Medium Severe High
5. Denial of
Service
attack
Blocks the entire network, restrict
the Admin of the computer
system to gain access to their own
system (Scott & Trimarchi,
2017)
Low Very
low
Low
6. Brute Force
attack
Hackers use specific software to
guess the password of the users’
system, however, this guessing
needs a lot of time (Shoemaker,
Kohnke & Sigler, 2016)
Medium Medium Mediu
m
7. Injection
attack
Hackers take control of the
database of any individuals or
any organisation (Van Vuuren,
2016)
Medium High High
8. Malware
attack
Malware attack involves
hijacking one’ system unethically
and stealing, modifying and
deleting confidential data of that
system (Sherman et al., 2017)
High Severe High
9. Lack of
Recovery
Planning
Permanent data loss can occur
due to lack of recovery planning
(Datta, 2017)
Low Medium Low
10. Lack of
proper
cybersecurity
policy
Chances of cyberattack increase
if organisations do not follow
security policies (Olesen, 2016)
Low Low Low
The risks that have illustrated above are some of the most common threat that Gigantic
Corporation is facing. The risk matrix will be helpful to assess the risks that Gigantic
5
CYBER SECURITY
Corporation faces while conducting business activities over the cloud. The priority of risks is
explained and the risks that have high priority must be identified and Gigantic Corporation must
take immediate actions to mitigate that risk. The medium and low priority risks must be
identified and mitigated within the stipulated time. The report focuses on implementing a project
for Gigantic Corporation that is capable to detect the malicious activities of the intruders and
mitigate them (Redmiles, Malone & Mazurek, 2015). The risk mitigation strategies have been
illustrated in the report. The risk mitigation procedures will ensure that Gigantic Corporation can
conduct their business activities securely and effectively. The report illustrates the use of
intrusion detection system and antivirus program to safeguard the system and database of
Gigantic Corporation.
Gigantic Corporation faces two kinds of attacks, one is passive and the other one is
active. The passive is pretty hard to identify as it denotes silent monitoring of the system. The
passive attack involves silent monitoring of computer system and database. The risk matrix
suggests that the risk is severe in case of passive attack. The attackers collect the confidential
data from the database of the organization (Scott & Trimarchi, 2017). The impact of the active
attack is less compared to the passive attack; however, both active and passive attack can prove
to be dangerous for Gigantic Corporation.
The threat insider attack is the security threat that takes place within the organization.
The employees of the organizations are responsible for this insider attack. The threat comes not
only comes from the current employees’ end but also comes from the former employees’ end.
The other stakeholder and other board members can be responsible for this attack (Malhotra,
2015). There are various types of an insider attack. The employees gain access to the financial
information and steal that financial information. The employees make ally with a rival company
and share information of the present company to that rival company. The organizations can be
affected by Logic Bombs. This malicious software is left running on the computer system and
this malicious activity is carried out generally by the former employees of the organizations. The
insider threat can be both intentional and intentional. The employees those who conduct insider
threats attack are not true employees. The insider threat can only be minimized by limited usage
of the confidential data of the organization. The employees should have access to only those
portions of data for which they have been given the responsibility (Hinds & Joinson, 2017). For
instance, the customer care team of Gigantic Corporation should have access to the customers or
the clients’ data and they should not have access to the database where the financial data is
stored.
Phishing is another kind of deadliest attack by which any organization can face severe
loss. The hackers design malicious website to gain confidential information about the clients and
the customers. A phishing attack is conducted mainly due to gain the login credentials. The
clients fall into the trap of the attackers by providing all the credentials (Pan, Mishra & Schwartz,
2017). The hackers direct customers to a malicious website which looks legitimate but actually it
is a fraud website. The customers try to access those website providing all the login details and
fall into the trap. Sometimes they send emails to the clients and customers posing as a
trustworthy company and gain all the confidential data. Gigantic Corporation by installing a
proper intrusion detection system can prevent the phishing attack. The organization should train
their employees about how to safeguard the organization’s data and system against the phishing
attack. Gigantic Corporation must be aware that the major tool used in case of phishing attack is
CYBER SECURITY
Corporation faces while conducting business activities over the cloud. The priority of risks is
explained and the risks that have high priority must be identified and Gigantic Corporation must
take immediate actions to mitigate that risk. The medium and low priority risks must be
identified and mitigated within the stipulated time. The report focuses on implementing a project
for Gigantic Corporation that is capable to detect the malicious activities of the intruders and
mitigate them (Redmiles, Malone & Mazurek, 2015). The risk mitigation strategies have been
illustrated in the report. The risk mitigation procedures will ensure that Gigantic Corporation can
conduct their business activities securely and effectively. The report illustrates the use of
intrusion detection system and antivirus program to safeguard the system and database of
Gigantic Corporation.
Gigantic Corporation faces two kinds of attacks, one is passive and the other one is
active. The passive is pretty hard to identify as it denotes silent monitoring of the system. The
passive attack involves silent monitoring of computer system and database. The risk matrix
suggests that the risk is severe in case of passive attack. The attackers collect the confidential
data from the database of the organization (Scott & Trimarchi, 2017). The impact of the active
attack is less compared to the passive attack; however, both active and passive attack can prove
to be dangerous for Gigantic Corporation.
The threat insider attack is the security threat that takes place within the organization.
The employees of the organizations are responsible for this insider attack. The threat comes not
only comes from the current employees’ end but also comes from the former employees’ end.
The other stakeholder and other board members can be responsible for this attack (Malhotra,
2015). There are various types of an insider attack. The employees gain access to the financial
information and steal that financial information. The employees make ally with a rival company
and share information of the present company to that rival company. The organizations can be
affected by Logic Bombs. This malicious software is left running on the computer system and
this malicious activity is carried out generally by the former employees of the organizations. The
insider threat can be both intentional and intentional. The employees those who conduct insider
threats attack are not true employees. The insider threat can only be minimized by limited usage
of the confidential data of the organization. The employees should have access to only those
portions of data for which they have been given the responsibility (Hinds & Joinson, 2017). For
instance, the customer care team of Gigantic Corporation should have access to the customers or
the clients’ data and they should not have access to the database where the financial data is
stored.
Phishing is another kind of deadliest attack by which any organization can face severe
loss. The hackers design malicious website to gain confidential information about the clients and
the customers. A phishing attack is conducted mainly due to gain the login credentials. The
clients fall into the trap of the attackers by providing all the credentials (Pan, Mishra & Schwartz,
2017). The hackers direct customers to a malicious website which looks legitimate but actually it
is a fraud website. The customers try to access those website providing all the login details and
fall into the trap. Sometimes they send emails to the clients and customers posing as a
trustworthy company and gain all the confidential data. Gigantic Corporation by installing a
proper intrusion detection system can prevent the phishing attack. The organization should train
their employees about how to safeguard the organization’s data and system against the phishing
attack. Gigantic Corporation must be aware that the major tool used in case of phishing attack is
6
CYBER SECURITY
email. If the employees click on the link, the virus gets spread into the entire system. Thus the
phishing attack can threaten one’s privacy or any organization’s privacy (Wood & Dandin,
2017). Gigantic Corporation must be aware of this attack that is why they must configure the
intrusion detection system on their premises.
Ransomware attack is one of the attacks that is carried out to encrypt the files. The
intruders keep a record of those encrypted files for a certain amount of time until the victim pays
to the intruders. Ransomware generally enters into the system when any individually
intentionally or unintentionally download the file into the system. Once the infected file gets
executed, the virus gets spread out. It encrypts all the file of the system leaving a message that
the files can only be recovered or decrypted if the victim is willing to pay money (Wu & Irwin,
2016). There are certain scenarios where the victim pays the money but they fail to recover back
their file. The victims have the opportunity to pay the money online only through Bitcoin.
Cryptolocker, Cryptowall, Locky are some of the ransomware viri that can prove to threat for
any organization and Gigantic Corporation is no exception. Again, the ransomware attack also
leads to sabotage of the entire system, ransomware shut down and disrupt the operating system
as well. Therefore, Gigantic Corporation can face severe loss due to this and they need to take
initiatives to mitigate the threat (Sohal et al., 2017). Gigantic Corporation must keep backup of
their files, in case of ransomware attack, they will not lose any data. If ransomware attack occurs
then they should take the initiative to restore the operating system. Gigantic Corporation must
update their system regularly. The ransomware is less effective in the updated system. They must
disable the autorun for all the mounted devices. The employees should be trained so that they do
not click any link and emails coming from unconfirmed sources. In this way, Gigantic
Corporation can stay safe from the ransomware attack. The attack can be mitigated installing
antivirus software.
Denial of Service attack is responsible to shut down one’s system and the network. The
organization generally suffers two types of DoS attacks; one is the flooding service while the
other one is the crashing services. The intruders send more and more data packets to a network
address; a network address has a certain capability to handle data packets if the limit exceeds the
buffer overflows lead to virus attack. The DoS attack can be minimized by limiting the rate of
traffic a network can actually withhold within a given time frame (Shoemaker, Kohnke & Sigler,
2016). The DoS attack is not responsible for data loss, so DoS attack can be mitigated. The brute
force attack can be minimized via a strong password that is quite difficult to guess.
There are several risks and threats associated with BYOD. The risks are local exposure,
data leakage, data loss, public exposure, insecure usage and malicious apps. The organization
data stored in the BYOD device can get hacked. The organizational data can get hacked due to
the unsecured BYOD device. Again, confidential data of the organization can get hacked due to
physical loss or theft from the BYOD device. The BYOD device can be used by any third party
thus there is a chance for data loss or leakage or data as well. The BYOD risks can be mitigated
by applying a password to the device. The password will save the data of the organization from
getting lost. Also, Gigantic Corporation can protect the BYOD device by installing an antivirus
program. The antivirus program will protect the Gigantic Corporation’s data stored in the BYOD
device (Sherman et al., 2017). Firewall protection can assist in detecting the malicious activities
conducted by intruders. The threat can be a threat of deliberate threat as threat insider that is why
the effect of the threat has been marked severe in the risk matrix.
CYBER SECURITY
email. If the employees click on the link, the virus gets spread into the entire system. Thus the
phishing attack can threaten one’s privacy or any organization’s privacy (Wood & Dandin,
2017). Gigantic Corporation must be aware of this attack that is why they must configure the
intrusion detection system on their premises.
Ransomware attack is one of the attacks that is carried out to encrypt the files. The
intruders keep a record of those encrypted files for a certain amount of time until the victim pays
to the intruders. Ransomware generally enters into the system when any individually
intentionally or unintentionally download the file into the system. Once the infected file gets
executed, the virus gets spread out. It encrypts all the file of the system leaving a message that
the files can only be recovered or decrypted if the victim is willing to pay money (Wu & Irwin,
2016). There are certain scenarios where the victim pays the money but they fail to recover back
their file. The victims have the opportunity to pay the money online only through Bitcoin.
Cryptolocker, Cryptowall, Locky are some of the ransomware viri that can prove to threat for
any organization and Gigantic Corporation is no exception. Again, the ransomware attack also
leads to sabotage of the entire system, ransomware shut down and disrupt the operating system
as well. Therefore, Gigantic Corporation can face severe loss due to this and they need to take
initiatives to mitigate the threat (Sohal et al., 2017). Gigantic Corporation must keep backup of
their files, in case of ransomware attack, they will not lose any data. If ransomware attack occurs
then they should take the initiative to restore the operating system. Gigantic Corporation must
update their system regularly. The ransomware is less effective in the updated system. They must
disable the autorun for all the mounted devices. The employees should be trained so that they do
not click any link and emails coming from unconfirmed sources. In this way, Gigantic
Corporation can stay safe from the ransomware attack. The attack can be mitigated installing
antivirus software.
Denial of Service attack is responsible to shut down one’s system and the network. The
organization generally suffers two types of DoS attacks; one is the flooding service while the
other one is the crashing services. The intruders send more and more data packets to a network
address; a network address has a certain capability to handle data packets if the limit exceeds the
buffer overflows lead to virus attack. The DoS attack can be minimized by limiting the rate of
traffic a network can actually withhold within a given time frame (Shoemaker, Kohnke & Sigler,
2016). The DoS attack is not responsible for data loss, so DoS attack can be mitigated. The brute
force attack can be minimized via a strong password that is quite difficult to guess.
There are several risks and threats associated with BYOD. The risks are local exposure,
data leakage, data loss, public exposure, insecure usage and malicious apps. The organization
data stored in the BYOD device can get hacked. The organizational data can get hacked due to
the unsecured BYOD device. Again, confidential data of the organization can get hacked due to
physical loss or theft from the BYOD device. The BYOD device can be used by any third party
thus there is a chance for data loss or leakage or data as well. The BYOD risks can be mitigated
by applying a password to the device. The password will save the data of the organization from
getting lost. Also, Gigantic Corporation can protect the BYOD device by installing an antivirus
program. The antivirus program will protect the Gigantic Corporation’s data stored in the BYOD
device (Sherman et al., 2017). Firewall protection can assist in detecting the malicious activities
conducted by intruders. The threat can be a threat of deliberate threat as threat insider that is why
the effect of the threat has been marked severe in the risk matrix.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
CYBER SECURITY
Injection attack is one of the attacks that have been marked severe in the risk matrix.
Gigantic Corporation will have to consider the threat very seriously and must take necessary
precautions. The injection attack is responsible to steal the sensitive information of the system.
However, the injection threat can be mitigated by appropriate usage of the dynamic SQL.
Gigantic Corporation can also mitigate the risk of injection attack with the appropriate usage of
the firewall (Dark et al., 2015). It is necessary for Gigantic Corporation to install antivirus
program in the system and they must update the antivirus regularly, this approach will ensure the
safety of the organization. Also, Gigantic Corporation must scan the system with the antivirus
program frequently as it will keep their system secure.
Malware or malicious software can be disastrous for any individuals or organizations.
The malware involves several malicious activities like stealing of confidential data, encryption
and deletion of the sensitive data. The organizations get seriously affected by the malware, as the
malware hijacks the financial data, clients' data and the other confidential data. The malware also
attacks the core computing functions and even sabotage the computer system. Thus due to
malware attack, the company's business operations get disrupted and the company faces huge
loss for this reason. The malware installed in the system monitors individuals' computer activity
without their permission. There are various types of malware, one is the virus, the virus is a type
of malware that has the capability to execute itself and virus spreads by infecting other files. A
worm is a type of malware that has the capability to replicate itself they do not require a host
program. The worms typically do not require any human intervention. The trojan horse looks a
legitimate program, after installation, it executes the malicious operations (Datta, 2017).
Spyware is a type of malware that accumulates data from the users and monitors users’ activities
without their permission. Ransomware attack is another type of malicious activity which
involves encryption of files of the computer system. Cybercriminals promise to decrypt those
files but in lieu of money. Remote Access Trojan (RAT) is one type of malware that takes
control of an entire system by a remote connection and it seems that the computer system has
been accessed physically. Gigantic Corporation has risks getting affected by all these malware
programs (Dua & Du, 2016). Gigantic Corporation can secure their system simply by installing
an antivirus program. The usage of the firewall is an absolute necessity for Gigantic Corporation
to mitigate the malware threats.
Gigantic Corporation must have a disaster plan ready. The disaster recovery plan can help
them to recover the confidential files. They must keep a backup of the important files if the cyber
attack occurs Gigantic Corporation will not have to worry about losing any files.
CYBER SECURITY
Injection attack is one of the attacks that have been marked severe in the risk matrix.
Gigantic Corporation will have to consider the threat very seriously and must take necessary
precautions. The injection attack is responsible to steal the sensitive information of the system.
However, the injection threat can be mitigated by appropriate usage of the dynamic SQL.
Gigantic Corporation can also mitigate the risk of injection attack with the appropriate usage of
the firewall (Dark et al., 2015). It is necessary for Gigantic Corporation to install antivirus
program in the system and they must update the antivirus regularly, this approach will ensure the
safety of the organization. Also, Gigantic Corporation must scan the system with the antivirus
program frequently as it will keep their system secure.
Malware or malicious software can be disastrous for any individuals or organizations.
The malware involves several malicious activities like stealing of confidential data, encryption
and deletion of the sensitive data. The organizations get seriously affected by the malware, as the
malware hijacks the financial data, clients' data and the other confidential data. The malware also
attacks the core computing functions and even sabotage the computer system. Thus due to
malware attack, the company's business operations get disrupted and the company faces huge
loss for this reason. The malware installed in the system monitors individuals' computer activity
without their permission. There are various types of malware, one is the virus, the virus is a type
of malware that has the capability to execute itself and virus spreads by infecting other files. A
worm is a type of malware that has the capability to replicate itself they do not require a host
program. The worms typically do not require any human intervention. The trojan horse looks a
legitimate program, after installation, it executes the malicious operations (Datta, 2017).
Spyware is a type of malware that accumulates data from the users and monitors users’ activities
without their permission. Ransomware attack is another type of malicious activity which
involves encryption of files of the computer system. Cybercriminals promise to decrypt those
files but in lieu of money. Remote Access Trojan (RAT) is one type of malware that takes
control of an entire system by a remote connection and it seems that the computer system has
been accessed physically. Gigantic Corporation has risks getting affected by all these malware
programs (Dua & Du, 2016). Gigantic Corporation can secure their system simply by installing
an antivirus program. The usage of the firewall is an absolute necessity for Gigantic Corporation
to mitigate the malware threats.
Gigantic Corporation must have a disaster plan ready. The disaster recovery plan can help
them to recover the confidential files. They must keep a backup of the important files if the cyber
attack occurs Gigantic Corporation will not have to worry about losing any files.
8
CYBER SECURITY
Protection mechanism
Several risks and threats are related to the online activities and online websites and they
must be properly mitigated. The mitigation of all those risks ensures that Gigantic Corporation
can carry out the business activities normally without any safety concern. The hacking, identity
theft and virus and malware attack are some forms of security threats which can disrupt the
business operations of Gigantic Corporation. Hacking is one such malicious activities by which
the intruders gain access to the website and attack the system and the database of the
organization to steal the private data and the confidential data (Gordon et al., 2015). The
confidential data involves the customers’ list of the company. The confidential data comprises of
the employees’ lists, clients’ lists, and password of the employees. The confidential data consists
of financial data of the organization as well. The hackers hack those confidential data for their
own benefits. They sell those data to the rival. The organization can face heavy loss due to the
intruders’ attack. Gigantic Corporation similarly can get affected due to the malware attack, they
can lose the customer base, they can lose reputation, and they can lose clients. The entire
business operations will get stopped due to the intruder attack.
Gigantic Corporation can get affected due to the malware and the virus attack. Virus
basically contains the code that can cause serious damage to the system and the database. The
intruders basically use the keyloggers and specific software to steal the confidential data of the
database of the organization. The attackers upload a virus to the cloud server with the help of
input forms. The hackers also use the backdoor to attack system and database of the
organization. Gigantic Corporation can get severely affected by the malware and the virus attack.
The business operations can get disrupted due to all these malicious activities. The organization
employees can surf the malicious website and can download the malicious file (Keller, 2015).
The downloaded files can help to gain access to the confidential data stored in the system and the
database. Gigantic Corporation is no exception. The insecure network and insecure database can
prove to be a threat for Gigantic Corporation. The virus also gets transmitted to the other system
connected to a single network. Due to the virus attack, Gigantic Corporation must adopt control
measures to secure the data of the website.
Identity theft is another risk associated with the website of the organization. In case of
identity theft, the users’ data can get compromised. The intruders use the users’ data for criminal
activities. Since, Gigantic Corporation conduct business activities over the cloud platform and
website, they can be the victim of the identity theft (McGettrick et al., 2014). Hackers use this
personal information for their own benefits and for this reason the clients, the employees of
Gigantic Corporation can get threatened due to identity theft.
The cybersecurity threats can be mitigated by adopting certain control measures. The
standards adherence, firewall and secure socket layer can be useful in mitigating the threats
residing within the system and the database.
Firewall application installed on the server is helpful in checking the data communication
and the data traffic that flows to and fro the server. The firewall blocks the malicious flow of
data into the system. Thus Gigantic Corporation can conduct business activities over the cloud
platform due to the configuration of the firewall into their system (Pan, Mishra & Schwartz,
2017). The firewall assures that only the legitimate packets access the system.
CYBER SECURITY
Protection mechanism
Several risks and threats are related to the online activities and online websites and they
must be properly mitigated. The mitigation of all those risks ensures that Gigantic Corporation
can carry out the business activities normally without any safety concern. The hacking, identity
theft and virus and malware attack are some forms of security threats which can disrupt the
business operations of Gigantic Corporation. Hacking is one such malicious activities by which
the intruders gain access to the website and attack the system and the database of the
organization to steal the private data and the confidential data (Gordon et al., 2015). The
confidential data involves the customers’ list of the company. The confidential data comprises of
the employees’ lists, clients’ lists, and password of the employees. The confidential data consists
of financial data of the organization as well. The hackers hack those confidential data for their
own benefits. They sell those data to the rival. The organization can face heavy loss due to the
intruders’ attack. Gigantic Corporation similarly can get affected due to the malware attack, they
can lose the customer base, they can lose reputation, and they can lose clients. The entire
business operations will get stopped due to the intruder attack.
Gigantic Corporation can get affected due to the malware and the virus attack. Virus
basically contains the code that can cause serious damage to the system and the database. The
intruders basically use the keyloggers and specific software to steal the confidential data of the
database of the organization. The attackers upload a virus to the cloud server with the help of
input forms. The hackers also use the backdoor to attack system and database of the
organization. Gigantic Corporation can get severely affected by the malware and the virus attack.
The business operations can get disrupted due to all these malicious activities. The organization
employees can surf the malicious website and can download the malicious file (Keller, 2015).
The downloaded files can help to gain access to the confidential data stored in the system and the
database. Gigantic Corporation is no exception. The insecure network and insecure database can
prove to be a threat for Gigantic Corporation. The virus also gets transmitted to the other system
connected to a single network. Due to the virus attack, Gigantic Corporation must adopt control
measures to secure the data of the website.
Identity theft is another risk associated with the website of the organization. In case of
identity theft, the users’ data can get compromised. The intruders use the users’ data for criminal
activities. Since, Gigantic Corporation conduct business activities over the cloud platform and
website, they can be the victim of the identity theft (McGettrick et al., 2014). Hackers use this
personal information for their own benefits and for this reason the clients, the employees of
Gigantic Corporation can get threatened due to identity theft.
The cybersecurity threats can be mitigated by adopting certain control measures. The
standards adherence, firewall and secure socket layer can be useful in mitigating the threats
residing within the system and the database.
Firewall application installed on the server is helpful in checking the data communication
and the data traffic that flows to and fro the server. The firewall blocks the malicious flow of
data into the system. Thus Gigantic Corporation can conduct business activities over the cloud
platform due to the configuration of the firewall into their system (Pan, Mishra & Schwartz,
2017). The firewall assures that only the legitimate packets access the system.
9
CYBER SECURITY
Secure socket layer has the capability to prevent the identity theft. The HTTPs usage
assures a secure connection between server and client (Olesen, 2016). An information must be
encrypted at first and then it should be transmitted between server and client in such a way that a
third party fails to decrypt the information.
The web server and the Website of Gigantic Corporation must follow the security
policies to prevent the virus and malware attack. The policies and the guidelines will help
Gigantic Corporation to conduct business activities over the cloud platform (Burley, Eisenberg &
Goodman, 2014). The employees and the clients of Gigantic Corporation must use a strong
username and password in the server, it will help them from being compromised.
CYBER SECURITY
Secure socket layer has the capability to prevent the identity theft. The HTTPs usage
assures a secure connection between server and client (Olesen, 2016). An information must be
encrypted at first and then it should be transmitted between server and client in such a way that a
third party fails to decrypt the information.
The web server and the Website of Gigantic Corporation must follow the security
policies to prevent the virus and malware attack. The policies and the guidelines will help
Gigantic Corporation to conduct business activities over the cloud platform (Burley, Eisenberg &
Goodman, 2014). The employees and the clients of Gigantic Corporation must use a strong
username and password in the server, it will help them from being compromised.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10
CYBER SECURITY
References
Burley, D. L., Eisenberg, J., & Goodman, S. E. (2014). Would cybersecurity professionalization
help address the cybersecurity crisis?. Communications of the ACM, 57(2), 24-27.
Dark, M., Bishop, M., Linger, R., & Goldrich, L. (2015, May). Realism in teaching cybersecurity
research: The agile research process. In IFIP World Conference on Information Security
Education (pp. 3-14). Springer, Cham.
Datta, S. P. A. (2017). Cybersecurity-Personal Security Agents for People, Process, Atoms &
Bits. Journal of Innovation Management, 5(1), 4-13.
Dua, S., & Du, X. (2016). Data mining and machine learning in cybersecurity. CRC press.
Glantz, C. S., McKinnon, A. D., Thorsen, D. E., Boyd, P. A., O'Neil, L. R., & Henderson, J. W.
(2016). Common Misconceptions Regarding Cybersecurity Requirements for Renewable
Energy Generation Facilities Associated with Army Installations (No. PNNL--25451).
Pacific Northwest National Lab.(PNNL), Richland, WA (United States).
Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Zhou, L. (2015). Increasing cybersecurity
investments in private sector firms. Journal of Cybersecurity, 1(1), 3-17.
Hinds, J., & Joinson, A. (2017, July). Radicalization, the Internet and Cybersecurity:
Opportunities and Challenges for HCI. In International Conference on Human Aspects of
Information Security, Privacy, and Trust (pp. 481-493). Springer, Cham.
Hogan, M. D., & Newton, E. M. (2015). Supplemental Information for the Interagency Report on
Strategic US Government Engagement in International Standardization to Achieve US
Objectives for Cybersecurity. NIST Interagency/Internal Report (NISTIR)-8074 Volume
2.
Keller, N. (2015). Cybersecurity Framework FAQs Relationship Between The Framework and
Other Approaches and Initiatives.
King, Z., Henshel, D., Flora, L., Cains, M. G., Hoffman, B., & Sample, C. (2018). Characterizing
and Measuring Maliciousness for Cybersecurity Risk Assessment. Frontiers in
Psychology, 9, 39.
Malhotra, Y. (2015). Cybersecurity & Cyber-Finance Risk Management: Strategies, Tactics,
Operations, &, Intelligence: Enterprise Risk Management to Model Risk Management:
Understanding Vulnerabilities, Threats, & Risk Mitigation (Presentation Slides).
Manuel, J., Cordeiro, R., & Silva, C. (2017, September). Between Data Mining and Predictive
Analytics Techniques to Cybersecurity Protection on eLearning Environments.
In Proceedings of the Computational Methods in Systems and Software (pp. 185-194).
Springer, Cham.
McGettrick, A., Cassel, L. N., Dark, M., Hawthorne, E. K., & Impagliazzo, J. (2014, March).
Toward curricular guidelines for cybersecurity. In Proceedings of the 45th ACM
technical symposium on Computer science education (pp. 81-82). ACM.
CYBER SECURITY
References
Burley, D. L., Eisenberg, J., & Goodman, S. E. (2014). Would cybersecurity professionalization
help address the cybersecurity crisis?. Communications of the ACM, 57(2), 24-27.
Dark, M., Bishop, M., Linger, R., & Goldrich, L. (2015, May). Realism in teaching cybersecurity
research: The agile research process. In IFIP World Conference on Information Security
Education (pp. 3-14). Springer, Cham.
Datta, S. P. A. (2017). Cybersecurity-Personal Security Agents for People, Process, Atoms &
Bits. Journal of Innovation Management, 5(1), 4-13.
Dua, S., & Du, X. (2016). Data mining and machine learning in cybersecurity. CRC press.
Glantz, C. S., McKinnon, A. D., Thorsen, D. E., Boyd, P. A., O'Neil, L. R., & Henderson, J. W.
(2016). Common Misconceptions Regarding Cybersecurity Requirements for Renewable
Energy Generation Facilities Associated with Army Installations (No. PNNL--25451).
Pacific Northwest National Lab.(PNNL), Richland, WA (United States).
Gordon, L. A., Loeb, M. P., Lucyshyn, W., & Zhou, L. (2015). Increasing cybersecurity
investments in private sector firms. Journal of Cybersecurity, 1(1), 3-17.
Hinds, J., & Joinson, A. (2017, July). Radicalization, the Internet and Cybersecurity:
Opportunities and Challenges for HCI. In International Conference on Human Aspects of
Information Security, Privacy, and Trust (pp. 481-493). Springer, Cham.
Hogan, M. D., & Newton, E. M. (2015). Supplemental Information for the Interagency Report on
Strategic US Government Engagement in International Standardization to Achieve US
Objectives for Cybersecurity. NIST Interagency/Internal Report (NISTIR)-8074 Volume
2.
Keller, N. (2015). Cybersecurity Framework FAQs Relationship Between The Framework and
Other Approaches and Initiatives.
King, Z., Henshel, D., Flora, L., Cains, M. G., Hoffman, B., & Sample, C. (2018). Characterizing
and Measuring Maliciousness for Cybersecurity Risk Assessment. Frontiers in
Psychology, 9, 39.
Malhotra, Y. (2015). Cybersecurity & Cyber-Finance Risk Management: Strategies, Tactics,
Operations, &, Intelligence: Enterprise Risk Management to Model Risk Management:
Understanding Vulnerabilities, Threats, & Risk Mitigation (Presentation Slides).
Manuel, J., Cordeiro, R., & Silva, C. (2017, September). Between Data Mining and Predictive
Analytics Techniques to Cybersecurity Protection on eLearning Environments.
In Proceedings of the Computational Methods in Systems and Software (pp. 185-194).
Springer, Cham.
McGettrick, A., Cassel, L. N., Dark, M., Hawthorne, E. K., & Impagliazzo, J. (2014, March).
Toward curricular guidelines for cybersecurity. In Proceedings of the 45th ACM
technical symposium on Computer science education (pp. 81-82). ACM.
11
CYBER SECURITY
Miller, K. L. (2016). What We Talk About When We Talk About “Reasonable Cybersecurity”:
A Proactive and Adaptive Approach. FLA. BJ, 90, 23-23.
Nagurney, A., Daniele, P., & Shukla, S. (2017). A supply chain network game theory model of
cybersecurity investments with nonlinear budget constraints. Annals of Operations
Research, 248(1-2), 405-427.
Olesen, N. (2016). European Public-Private Partnerships on Cybersecurity-An Instrument to
Support the Fight Against Cybercrime and Cyberterrorism. In Combatting Cybercrime
and Cyberterrorism (pp. 259-278). Springer International Publishing.
Pan, Y., Mishra, S., & Schwartz, D. I. (2017, June). Board# 133: Gamifying Cybersecurity
Course Content for Entry Level Students. In 2017 ASEE Annual Conference &
Exposition.
Pusey, P., Gondree, M., & Peterson, Z. (2016). The Outcomes of Cybersecurity Competitions
and Implications for Underrepresented Populations. IEEE Security & Privacy, 14(6), 90-
95.
Redmiles, E., Malone, A., & Mazurek, M. L. (2015). How I Learned To Be Secure: Advice
Sources and Personality Factors in Cybersecurity. In Symposium on Usable Privacy and
Security Poster.
Scott, B. I., & Trimarchi, A. (2017). The Digital Aviation Industry: A Balancing Act Between
Cybersecurity and European Consumer Protection. Air and Space Law, 42(4), 443-462.
Sherman, A. T., Oliva, L., DeLatte, D., Golaszewski, E., Neary, M., Patsourakos, K., ... &
Thompson, J. (2017). Creating a Cybersecurity Concept Inventory: A Status Report on
the CATS Project. arXiv preprint arXiv:1706.05092.
Shoemaker, D., Kohnke, A., & Sigler, K. (2016). A Guide to the National Initiative for
Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0): A Guide to
the National Initiative for Cybersecurity Education (NICE) Framework (2.0) (Vol. 3).
CRC Press.
Singer, P. W., & Friedman, A. (2014). Cybersecurity: What Everyone Needs to Know. Oxford
University Press.
Smith, E., Corzine, S., Racey, D., Dunne, P., Hassett, C., & Weiss, J. (2016). Going Beyond
Cybersecurity Compliance: What Power and Utility Companies Really Need To
Consider. IEEE Power and Energy Magazine, 14(5), 48-56.
Sohal, A. S., Sandhu, R., Sood, S. K., & Chang, V. (2017). A cybersecurity framework to
identify malicious edge device in fog computing and cloud-of-things
environments. Computers & Security.
Van Vuuren, J. C. J. (2016). Methodology and Model to Establish Cybersecurity for National
Security in Africa using South Africa as a Case Study (Doctoral dissertation).
CYBER SECURITY
Miller, K. L. (2016). What We Talk About When We Talk About “Reasonable Cybersecurity”:
A Proactive and Adaptive Approach. FLA. BJ, 90, 23-23.
Nagurney, A., Daniele, P., & Shukla, S. (2017). A supply chain network game theory model of
cybersecurity investments with nonlinear budget constraints. Annals of Operations
Research, 248(1-2), 405-427.
Olesen, N. (2016). European Public-Private Partnerships on Cybersecurity-An Instrument to
Support the Fight Against Cybercrime and Cyberterrorism. In Combatting Cybercrime
and Cyberterrorism (pp. 259-278). Springer International Publishing.
Pan, Y., Mishra, S., & Schwartz, D. I. (2017, June). Board# 133: Gamifying Cybersecurity
Course Content for Entry Level Students. In 2017 ASEE Annual Conference &
Exposition.
Pusey, P., Gondree, M., & Peterson, Z. (2016). The Outcomes of Cybersecurity Competitions
and Implications for Underrepresented Populations. IEEE Security & Privacy, 14(6), 90-
95.
Redmiles, E., Malone, A., & Mazurek, M. L. (2015). How I Learned To Be Secure: Advice
Sources and Personality Factors in Cybersecurity. In Symposium on Usable Privacy and
Security Poster.
Scott, B. I., & Trimarchi, A. (2017). The Digital Aviation Industry: A Balancing Act Between
Cybersecurity and European Consumer Protection. Air and Space Law, 42(4), 443-462.
Sherman, A. T., Oliva, L., DeLatte, D., Golaszewski, E., Neary, M., Patsourakos, K., ... &
Thompson, J. (2017). Creating a Cybersecurity Concept Inventory: A Status Report on
the CATS Project. arXiv preprint arXiv:1706.05092.
Shoemaker, D., Kohnke, A., & Sigler, K. (2016). A Guide to the National Initiative for
Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0): A Guide to
the National Initiative for Cybersecurity Education (NICE) Framework (2.0) (Vol. 3).
CRC Press.
Singer, P. W., & Friedman, A. (2014). Cybersecurity: What Everyone Needs to Know. Oxford
University Press.
Smith, E., Corzine, S., Racey, D., Dunne, P., Hassett, C., & Weiss, J. (2016). Going Beyond
Cybersecurity Compliance: What Power and Utility Companies Really Need To
Consider. IEEE Power and Energy Magazine, 14(5), 48-56.
Sohal, A. S., Sandhu, R., Sood, S. K., & Chang, V. (2017). A cybersecurity framework to
identify malicious edge device in fog computing and cloud-of-things
environments. Computers & Security.
Van Vuuren, J. C. J. (2016). Methodology and Model to Establish Cybersecurity for National
Security in Africa using South Africa as a Case Study (Doctoral dissertation).
12
CYBER SECURITY
Wood, T. A., & Dandin, M. (2017, May). Cybersecurity and the electric grid: Innovation and
intellectual property. In Circuits and Systems (ISCAS), 2017 IEEE International
Symposium on (pp. 1-1). IEEE.
Wu, C. H. J., & Irwin, J. D. (2016). Introduction to computer networks and cybersecurity. CRC
Press.
CYBER SECURITY
Wood, T. A., & Dandin, M. (2017, May). Cybersecurity and the electric grid: Innovation and
intellectual property. In Circuits and Systems (ISCAS), 2017 IEEE International
Symposium on (pp. 1-1). IEEE.
Wu, C. H. J., & Irwin, J. D. (2016). Introduction to computer networks and cybersecurity. CRC
Press.
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.