Cybersecurity Project: Google Hacking and Security Program Outline

Verified

Added on 2022/08/12

AI Summary

This project is divided into two main parts. Part 1 focuses on Google hacking and open-source intelligence (OSINT), using Google Dorking techniques to gather information about a target organization (Facebook). The student experiments with various search queries to uncover potential vulnerabilities and information. Part 2 outlines a security program management tabletop exercise, covering configuration and patch management, incident response, email security awareness training, and disaster recovery planning. The outline includes documentation, change justification, testing, and communication protocols. The incident response plan details steps for handling security breaches, while the email security training emphasizes awareness of email-borne threats. Finally, the disaster recovery plan outlines steps for resuming operations after an unplanned incident. The project concludes by emphasizing the importance of a comprehensive information security plan in protecting organizational data and ensuring confidentiality, integrity, and availability.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

S O FT WA R E
F O U N DAT I O N S
F O R CY B E R
S E C U R I T Y
N A M E O F T H E S T U D E N T
N A M E O F T H E U N I V E R S I T Y

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

PART 1:
GOOGLE HACKS AND OPEN SOURCE
INTELLIGENCE

GOOGLE HACKING
TECHNIQUES:
The Google hacking techniques that is also
known as Google Dork is basically a vulnerable
resource for the security researchers. For normal
people, Google is only a search engine that is
used for finding images, texts, videos and many
more. But in the world of infosec, Google is a
much useful tool for hacking. The search engine
of Google is having their own query language
that is built in. It can help in finding information
about SEO backlinks, competitors, tacking

EXPERIMENTING GOOGLE
HACKING TECHNIQUES WITH
FACEBOOK.COM:
For the research with queries of Google hacking,
I have chosen facebook.com. Facebook is having
a huge database as it is having billions of
members. The organisation has been subject for
covering extensive media as well as many
controversies. They are often involving political
manipulation, privacy of the users, copyright
infringement etc. Various Google hacking
techniques will be experimented by using the

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

REFERENCES:
• Baloch, R. (2017). Ethical hacking and penetration testing guide. Auerbach
Publications.
• Amara, N., Zhiqui, H., & Ali, A. (2017, October). Cloud computing security
threats and attacks with their mitigation techniques. In 2017 International
Conference on Cyber-Enabled Distributed Computing and Knowledge
Discovery (CyberC) (pp. 244-251). IEEE.
• Nastase, R. (2018). Hacking with Kali Linux: A step by step guide for you to
learn the basics of cybersecurity and hacking. Independently published.
• Smith, L. (2016). Information Behaviors of Ethical Hackers.
• Ahmed, M., Mahmood, A. N., & Hu, J. (2016). A survey of network anomaly
detection techniques. Journal of Network and Computer Applications, 60,
19-31.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

PART 2.
OUTLINE FOR A SECURITY
PROGRAM MANAGEMENT
TABLETOP EXERCISE

METHOD FOR
CONFIGURATION AND PATCH
MANAGEMENT.The methods for configuration and patch management
are including:
• Documentation and identification of changes.
• Rationale or justification.
• Assessment if potential changes and impact that
include criticality and implications of security.
• Testing processes for ensuring the changes are
functioning as intended.
• Updating all of the system documentations those are
appropriate upon the completion of significant changes.

CONTD.:
• Communication of important changes as well as
the planned schedule of them to the
stakeholders by utilizing a standard template.
• Contingency or rollback plan.
• Documented review as well as approval by the
authority of designated change control.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

INCIDENT RESPONSE PLAN:
The incident response is basically a structured methodology that is
used for handling the security breaches, security incidents as well as
cyber threats. An incident response plan that is well defined allows
an organisation to minimize and identify the damage as well as it
helps in reducing the cost of a cyber attack. The phases of incident
response plan are as follows:
• Assembling a team.
• Detect and ascertain the source
• Contain and recover
• Assess the damage and severity
• Begin the notification process
• Start immediately for preventing the similar type of incident in
future.

EMAIL SECURITY
AWARENESS TRAINING:
The email security training is basically a program of security
awareness which helps the employees of an organisation to deal
with different types of attacks of email borne. The training should
include about links, attachments, scams and spear phishing.
• The threats can be sent as attachments, the employees have to
aware about the attacks.
• The attacks can also be done by sending vulnerable links. The
employees have to be ensure that the link is safe before opening.
• The employees need to be aware about any money related scams
or invitation sent via emails.
• The employees have to understand that the hackers can target
specially to their organisation.

DISASTER RECOVERY PLAN:
The disaster recovery plan is basically a structured and
documented approach which describe how the
organisation can resume their work quickly after an
unplanned incident. It is one of most essential part of
BCP (business continuity plan). The plan includes:
• Inventory hardware and software
• Define the tolerance for downtime and data loss
• Lay out the responsible person as well as identify
backup personnel
• Create a communication plan

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

CONCLUSION:
Thus, it can be concluded that the information
security plan is basically a documentation of a plan of
an organisation. The plan is used for protecting the
company data and information as well as the personal
information that are sensitive. The plan is having the
ability to mitigate the threats that are against an
organisation and it helps an organisation to protect
confidentiality, integrity as well as availability of data.

REFERENCES:
• Soomro, Z. A., Shah, M. H., & Ahmed, J. (2016). Information security management needs
more holistic approach: A literature review. International Journal of Information
Management, 36(2), 215-225.
• Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines
for effective information security management. Auerbach Publications.
• Ortmeier, P. J. (2017). Introduction to security. Pearson.
• Pereira, T., Barreto, L., & Amaral, A. (2017). Network and information security challenges
within Industry 4.0 paradigm. Procedia manufacturing, 13, 1253-1260.
• Safa, N. S., Maple, C., Watson, T., & Von Solms, R. (2018). Motivation and opportunity
based model to reduce information security insider threats in organisations. Journal of
information security and applications, 40, 247-257.