Network Security: Threats, Mitigation Strategies, and Frameworks

Verified

Added on 2023/01/12

AI Summary

This assignment delves into the critical aspects of network security, focusing on the threats faced by organizations and the strategies to mitigate them. It begins by outlining various cyber threats, including targeted intrusions, external adversaries, and malicious insiders, and emphasizes the importance of awareness and proactive measures. The assignment then details the eight essential mitigation strategies recommended by the Australian Cyber Security Centre (ACSC), such as application whitelisting, daily backups, patching applications, multi-factor authentication, configuring Microsoft Office macro settings, patching operating systems, application hardening, and restricting administrative privileges. Furthermore, it discusses the three pillars of cybersecurity: people, process, and technology, highlighting the significance of staff training, secure processes, and the deployment of appropriate technologies and standards like ISO/IEC 27001. The assignment underscores the need for risk controls and frameworks to safeguard organizational resources, emphasizing the importance of regular audits and the implementation of robust mitigation strategies to avoid risks associated with cyber-attacks. Finally, it provides a comprehensive list of references to support the information presented.

Running Head: Networking 0
Networking
Individual task
Student name

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Networking 1
Network requirements and mitigation
The Australian Cyber Security Centre (ACSC) has provided different threats for network
and it is a serious consent about the cyber security. It is necessary to everyone to aware about
these threats and used proper controls to mitigate them (ACSC, Strategies to Mitigate Cyber
Security Incidents, 2019). Threats, which can make harm these cyber to data of organization:
1. Targeting cyber intrusions
2. External adversaries and ransomware who stop access of network or computer system
from malfunctions
3. Malicious insiders who steal data or destroy data using different functioning
There are different mitigation strategies to prevent the network from cyber-attacks of an
organisation. ACSC has recommended eight essential mitigation strategies to prevent the
organization from cyber-attacks as a baseline. However, implementation of those strategies van
is more cost-effective in terms of effort, money, and time (Von Solms & Van Niekerk, 2013).
These are the essential eight mitigation strategies:
 Application whitelisting: it is used to control the execution of unauthorized processes
and software
 Daily backups – to maintain the availability of critical data
 Patching applications: it is used to remediate known security vulnerabilities, such as
open ports, old operating systems, and many others.
 Multi-factor authentication: it is used to protect against risky activities, such
unauthorized access, and illegal way to access the system.
 Configuring Microsoft Office macro settings: it is used to block untrusted macros,
which can create many issues to security of system.
 patching operating systems – to remediate known security vulnerabilities
 Application hardening: it is used to protect against vulnerable functionality of the
operating system and application software.

Networking 2
 Restricting administrative privileges: it is used to limit powerful access to systems to
all the staff members.
All these strategies are helpful to prevent computer system and network of an
organization from different threats because of cyber-attacks and hackers. There are many
frameworks, which are used to provide security to the resources of an organization, such as
server, firewalls, network, and computer systems. Organization should have risk controls to
handle cyber-attacks.
Cyber security has three pillars, which are people, process, and technology. First pillar is
people, according to that staff should have a training and awareness about the cyber-attacks and
network security. They must have professional skills and qualification (NCSC, 2019). In
addition, employees should have competent resources to prevent network or computer systems,
such as antivirus, firewalls, and many others.
Source: (Dutton, 2017)
Second pillar is process; every process of organization must be secure from management
systems, such as CRM, ERP, and SAP. Organizations should follow governance frameworks.
Employees must have basic practice about the attacks and IT audit is compulsory to prevent
network and other resources (Dutton, 2017).

Networking 3
Third pillar is technology; every organization should deploy technology to secure
resources, such as data, computer system, and information systems. Many standards are used for
securing the organisation, such as ISO/IEC 27001, and many others. These standards are helping
in the securing information assists of an organization. It is a basic need of an organization to
secure their processes and resources from cyber-attacks. It is a best to audit of organization and
its resources.
Organization requires many strategies to prevent their business process secure and
management systems are backbone of most of the organizations. Therefore, it is necessary to
implement mitigation strategies to avoid risks from cyber-attacks (Dutton, 2017).
References
Beaver, K. (2013). Top 5 Common Network Security Vulnerabilities that Are Often Overlooked.
Retrieved from acunetix.com: https://www.acunetix.com/blog/articles/the-top-5-network-
security-vulnerabilities/
ACSC. (2017). Australian Cyber Security Centre. Retrieved December 12, 2018, from
https://www.acsc.gov.au/publications/ACSC_Threat_Report_2017.pdf
ACSC. (2019). Strategies to Mitigate Cyber Security Incidents. Retrieved from acsc.gov.au:
https://acsc.gov.au/infosec/mitigationstrategies.htm
Arlitsch, K., & Edelman, A. (2014). Staying safe: Cyber security for people and organizations.
Journal of Library Administration, 54(1), 46-56. Retrieved from
https://www.tandfonline.com/doi/abs/10.1080/01930826.2014.893116?
journalCode=wjla20
Dutton, J. (2017, September 26). three-pillars-of-cyber-security. Retrieved from
itgovernance.co.uk: https://www.itgovernance.co.uk/blog/three-pillars-of-cyber-security
NCSC. (2019). The National Cyber Security Centre. Retrieved March 14, 2019, from
https://www.ncsc.gov.uk/