CST 610: Cyber Threats and Exploitation in Financial Systems Project

Verified

Added on 2022/08/24

AI Summary

This cybersecurity project addresses a simulated cyberattack against US financial systems, involving a team representing financial services, law enforcement, intelligence, and the Department of Homeland Security. The project analyzes various threats, including DDoS attacks, data exfiltration, and nation-state actors, examining network security, penetration testing, and incident response. It covers critical infrastructure components like perimeter routers, DMZ, DNS, and web servers, while also exploring the life cycle of cyber threats, from reconnaissance to exfiltration. The project emphasizes contingency planning for disaster recovery, including threat, vulnerability, and risk assessments, along with business impact and continuity plans. The student's response also references various academic sources and reports, providing a comprehensive overview of cybersecurity concepts and practices within the financial sector, and includes an overview of the project charter, teamwork stages, and division of responsibilities within the team.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

C S T 6 1 0 9 0 4 3
CY B E R S PA C E A N D
C Y B E R S E C U R I T Y
F O U N D AT I O N
N A M E O F T H E S T U D E N T
N A M E O F T H E U N I V E R S I T Y

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

NETWORK SECURITY:
• The network security stands for all of the
procedures and policies which is used by a
network administrator for mitigating the risks
that can come to a network. It includes policies
for recording and finding a possible breach and
policies that is needed to make response to the
events (Perlman, Kaufman & Speciner, 2016).

MISSION CRITICAL SYSTEMS:
• There are various mission critical components
that are included:
Perimeter router
DMZ
DNS server
Web server
Email server
Central switches.

PENETRATION TESTING:
• The pen testing can process automatically with the help of
software applications or it can be performed manually.
• The procedure involves in gathering data and information.
• The primary objective of the pen testing is actually to
identify the weakness of the security. The pen testing can
also utilized for testing the security policy of the
organisation

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

FINANCIAL SECTOR:
• The primary threats of cyber security in the finance
related sector are as follows:
– Unencrypted data
– New automation technology without Security
– Unprotected Third Party Services
– Unsecured Mobile banking
– A constantly changing threat landscape.

INDUSTRIAL CONTROL
SYSTEMS:
The ICS is one of the collective terms that is mainly
utilized for describing various types of associated
instrumentation and control systems that include the
systems, devices, controls and networks that are utilized
for operating as well as for automating the industry
related procedures. There are various types of industry
control systems. The types of them are as per following:
– Supervisory Control and Data Acquisition (SCADA)
– Distributed Control System (DCS)
– Actual ICS implementation

LAW ENFORCEMENT:
• The threats can include malicious codes, direct attacks
and internal threats. The network security is the
combination of multiple defence layers at the edge as
well as in the network. The DHS can work with the LAW
enforcement can combat the cyber crime by many ways
that includes various programs:
– The Homeland Security Information Network (HSIN)
– Project iGaurdian
– Stop. Think. Connect. ™ Campaign.
– Cyber awareness coalition.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

LIFE CYCLE OF A CYBER
THREAT
The life cycle of a cyber threats are as follows:
– Phase 1: Reconnaissance
– Phase 2: Initial compromise
– Phase 3: Command & control
– Phase 4: Lateral movement
– Phase 5: Target attainment
– Phase 6: Exfiltration, corruption, and disruption.

CONTINGENCY PLANNING
FOR THE DISASTER
RECOVERY:• There are a series of plans and documents which are related as
well as conducted usually in the order of the development that is
initial, are given below:
– Threat assessment
– Vulnerability assessment
– Risk assessment
– Risk management plan (RMP)
– Business impact assessment (BIA)
– Business continuity plan (BCP)
– Incident response plan (IRP)
– Disaster recovery plan (DRP)
– Devolution plan

REFERENCES:
• Backes, M., Hoffmann, J., Künnemann, R., Speicher, P., & Steinmetz, M. (2017). Simulated penetration testing and mitigation
analysis. arXiv preprint arXiv:1705.05088, 6.
• Baloch, R. (2017). Ethical hacking and penetration testing guide. Auerbach Publications.
• Luskind, Y., Zeng, G., & Dias, C. (2019). U.S. Patent No. 10,237,965. Washington, DC: U.S. Patent and Trademark Office.
• Macaulay, T., & Singer, B. L. (2016). Cybersecurity for industrial control systems: SCADA, DCS, PLC, HMI, and SIS. Auerbach
Publications.
• Perlman, R., Kaufman, C., & Speciner, M. (2016). Network security: private communication in a public world. Pearson
Education India.
• Pozzobon, E., Weiss, N., Renner, S., & Hackenberg, R. (2018). A Survey on Media Access Solutions for CAN Penetration Testing.
• Lewis, T. G. (2020). Critical infrastructure protection in homeland security: defending a networked nation . John Wiley & Sons.
• Liu, Z., & Wang, N. (2019, December). A New Experiment Teaching Mode for Network Security & Law Enforcement Major to
Meet the Need of New Engineering Talent Training. In 2019 3rd International Conference on Education, Economics and
Management Research (ICEEMR 2019) (pp. 214-217). Atlantis Press.
• Mena, J. (2016). Machine learning forensics for law enforcement, security, and intelligence. Auerbach Publications.