Cyber Security Applied Research Project: Financial Industry Analysis

Verified

Added on 2022/10/09

AI Summary

This project delves into the realm of cyber security within the financial industry, with a specific focus on Berkshire Hathaway. It meticulously examines data security, vulnerabilities, and potential threats, encompassing physical, administrative, and technical aspects. The project leverages resources like Gartner's Magic Quadrant and Verizon's Data Breach Investigations Report to identify weaknesses and analyze risks. Furthermore, it recommends security controls based on the Center for Internet Security's top 20 critical security controls and NIST publications. These recommendations include continuous vulnerability management, audit log monitoring, email and web browser protection, and secure network configuration. The project also addresses attack vectors, emphasizing the importance of proactive measures such as updated antivirus software, restricted server access, and qualified security personnel. The document concludes by highlighting the importance of proactive security measures, including updated antivirus software and employing qualified security personnel. The project aims to provide a comprehensive overview of cyber security challenges and mitigation strategies within the financial sector.

Running head: CYBER SECURITY APPLIED RESEARCH 1
Cyber Security Applied Research
Student's Name
Institution Affiliation
Date submission

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

CYBER SECURITY APPLIED RESEARCH 2
Phase 1: Project Identification and security Environment
Data security is a vital concept which should be taken into account to protect the
organization’s information resources from various forms of attack. The loopholes, which may
lead to security vulnerabilities, should be covered fully to mitigate the adverse effects which may
arise (Hils, Young & D'Hoinne, 2015). The present paper will take into account security
vulnerabilities within the financial industry, creating emphasis on the Berkshire Hathaway,
which is the most expensive stock market in the world. It encompasses numerous insurance
companies which offer various forms of indemnity. Based on the information availed by the
Garner’s Magic Quadrant documents on firewall, version data breach investigation report among
other types of reports, vulnerabilities of data assets will be discussed comprehensively.
Phase 2: Security vulnerabilities, Threats, the likelihood of an attack, and business
impact.
Vulnerabilities, threats, and risk are important terms in understanding the cybersecurity
concept. Vulnerability is the situation where system assurance is well reduced by the attacker.
Notably it involves three major steps a flaw, attacker access to flaw and the capability of the
attacker to exploit the accessed flaw(Fortinet.com, 2019). A threat, on the other hand, is the
danger that the system experiences either intentional or accidental that may cause vulnerability to
the system. Risk is the possibility of a system to have an attacker successfully conduct crime
towards a system that is in place.
The three aspects are directly related in that the threat is a danger that leads to the
possibility of vulnerability, whereas risk is the possibility of the two aspects to happen on a
network or data. The process involves a series of activities such as the change of the

CYBER SECURITY APPLIED RESEARCH 3
programming language of a system such that the attacker is ready to access it with much ease.
Presumably, the change of the Program interrupts the software and all the programs and
application run on the hardware of the attacker.
Based on the information contained in the Garner’s Magic Quadrant documents on a
firewall among other reports, there are multiple security weaknesses that Berkshire Hathaway
faces. Regarding the physical vulnerabilities which the firm is facing, a break-in by burglars and
unauthorized access to data asset are very critical vulnerabilities worthy of mention in the present
paper (Team, 2015). If such vulnerabilities are exploited, there may be huge data loss, which
may significantly affect the operation of Berkshire Hathaway Company. Such kind of
vulnerabilities may also lead to loss of confidential information which may affect the
competitive edge of the company (Medina-Smith et al., 2018).
Concerning administrative vulnerabilities, the company may face system hacking which
may involve cracking of administrative passwords as well as data leakages due to weak
encryptions. This kind of administrative vulnerabilities when exploited may lead to loss of
wealth of information which may drastically affect the organization (Hossain, Fotouhi & Hasan,
2015). Weak data encryption may as well lead to loss of information to the competitor, resulting
exposure of operation fallout. Based on the technical vulnerabilities, unauthorized logical access,
inadequate software configuration, as well as software error, may create loopholes, leading to
high danger on the data asset.
When the mentioned technical vulnerabilities are exploited, Berkshire Hathaway
Company may lose a lot of information relating to its stock operation to the competitors,
affecting its financial position. When software error occurs, the system may become quite

CYBER SECURITY APPLIED RESEARCH 4
vulnerable to attack, thus leading to the loss of confidential information to the third party (Le
Clair et al., 2017). Based on the information presented by the report, there are numerous more
significant risks that an organization faces if no action is taken. Such risks on loss of data asset
may substantially affect the organization resources.
The vulnerability assessment and security operation has led to the improvement of the
cybersecurity systems globally. The achievement is done by the maintained of effective audit,
risk analysis and assessments practices of vulnerability. Through the use of the proper network
protocols, the operational assessment can be said to be manageable. Effective audit of
cybersecurity is a program that provides the management of an organization with the assessment
of the effectiveness of the cybersecurity taking into account the processes that are performed
such as identifying, protecting, responding and recovery of data.
Phase 3: Security Control recommendation
Concerning the information presented by the center for internet security top 20 critical
security controls as well as NIST Special publications, there is significant security control threat
I would recommend Berkshire Hathaway Company. The first control measure is continuous
vulnerability management (Woods et al., 2017). This would provide high level of loophole which
may exist with the company systems, enabling the action of control measures. The second
security control is monitoring, maintenance, and analysis of audit logs. This measure would
identify weak logs and administrate passwords which the hackers may take advantage of, leading
to high level of security.
The third security feature is emails and web Brower protection. This would prevent loss
of confidential information to the third party through sniffing and spoofing (Mitre et al., 2018).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

CYBER SECURITY APPLIED RESEARCH 5
The fourth measure secure configuration of network tools like firewalls routers as well as
switches. Such kind of security will ensure that data asset is safe from attack. Technological
threats are the most common and their known most attacks are the nation-state cyber-attack and
the ransomware.
Through the use of audit, there is control. Its effectiveness gives the auditors an easy time
as it is well managed. For instance, the auditors can use check box to see the number of websites
that have visited and from which computers by doing so using the firewall reduces the attack.
However, if the firewall is not properly configured, then the system that is installed is useless.
The assessment of cybersecurity is different from the cyber audit as it is a process that is
formalized. It is not particularly done by auditors, and it involves the check on the
documentation, network configuration and the overall effectiveness of the system. The
cybersecurity audit as a program is considered by time and the place. Audits have a lot of
loopholes that are overlooked, and there is a need for the recommendation of the cyber
assessment of the system to be assured of a good system to be in place.
Increasingly, the technological advancement conducted such as cyber security already in
use is a great risk if the protection is not updated. As technology advances, there is advancement
of the in the security. Lack of moving with the technology gives an attacker an upper hand to
known the operation of the system. The human factor is a risk as the person hired can be used by
outside attackers and therefore cannot be trusted. The leakage of information can cause the
manipulation of the system by the attacker. The human factor also is the developer of the
attacking system. High trained personnel can make a program corrupting and deleting files and
program from the organization's system. Therefore, there is need for a system where a process is
required before installation of any program in the system of an organization. Likewise, risks also

CYBER SECURITY APPLIED RESEARCH 6
can occur due to the policies enacted by organizations. When an organization enacts policies that
allow many people access of their servers it poses a threat from the outside also those policies
that are made to oppress the workers of a company can propagate a risk for the employees to
share critical information to say the competitor for an ideological advantage.
Identification of the attack vectors
An attack vector refers to a path by which the hackers gain access to a specified computer
or a targeted network server so as to deliver different consignment or through other malevolent
outcomes. Attack vectors, in many cases, appear as malicious computer programs, attachments,
and webpage or even pop-up windows. The attack may be barred by the use of a firewall system
or development of functional anti-virus software packages. However, it is not a total protection
proof from the vector attack. That is the attackers are constantly updating the attack vectors and
are manufacturing new ones, so as to gain authorized access to computers and servers. The attack
trajectories and flaws can be exploited through a number of ways such as installation of
operative hardware structures, software structures, operating systems as well as effective tele-
communication configurations. Several hardware attack vectors include the manufacturing
backdoors, for malware and other purposes. The backdoors are not limited to the software and
also through the hardware. Hardware modification which tampers with invasive operations is one
of the parts that are adversely affected. It mostly affects devices such as authentication tokens,
industrial control systems, and network appliances. Format string vulnerability is a current attack
that has emerged in the current technology changes.
Conclusion

CYBER SECURITY APPLIED RESEARCH 7
Companies should take more precautions to ensure more security of their information.
For example, they should start buying antiviruses from genuine companies. The reason is that
some antiviruses are being used by evil people to hack companies hence stealing from them. If
possible, companies should develop their antiviruses. Companies should also avoid sharing their
storage devices like flash disks with other people because these devices have high chances of
spreading malware software. Companies should even come up with regulations that only allow
specific workers to access their primary server databases. This will make sure that, no intruder
that will get access to the company's network system. Companies should have latest versions and
frequently updated antiviruses. These antiviruses will be responsible for updating the computer
users of any intruding malware software into the company's network system. Firms should also
employ more qualified security officers, who will be responsible for manning those firms.
Security officers will be responsible making sure that, no stranger who goes inside the company
without being identified.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

CYBER SECURITY APPLIED RESEARCH 8
References
Fortinet.com. (2019). [online] Available at: https://www.fortinet.com/solutions/gartner-network-
firewalls.html [Accessed 27 Sep. 2019].
Hils, A., Young, G., & D'Hoinne, J. (2015). Magic Quadrant for Enterprise Network
Firewalls. Gartner Inc, 22, 30.
Team, V. R. (2015). 2015 data breach investigations report.
Hossain, M. M., Fotouhi, M., & Hasan, R. (2015, June). Towards an analysis of security issues,
challenges, and open problems in the internet of things. In 2015 IEEE World Congress on
Services (pp. 21-28). IEEE.
Le Clair, C., Cullen, A., & King, M. (2017). The Forrester Wave™: Robotic Process
Automation, Q1 2017. Tilgjengelig fra: https://www. Forrester. Com/report/The+
Forrester+ Wave+ Robotic+ Process+ Automation Q, 1.
Mitre, M. L., Jablonski, D., Apl, J., Mitre, A. C., Mitre, W. F. Y., Nist, D. M., ... & MITRE, C.
K. H. (2018). Advanced Wireless Service 3 (AWS-3) Long-Term Evolution (LTE)
Impacts on Aeronautical Mobile Telemetry (AMT) Test and Metrology Test Plan.
Kobezak, P., Marchany, R., Raymond, D., & Tront, J. (2018, January). Host Inventory Controls
and Systems Survey: Evaluating the CIS Critical Security Control One in Higher
Education Networks. In Proceedings of the 51st Hawaii International Conference on
System Sciences.